deps(deps): bump github.com/prometheus/client_golang from 1.22.0 to 1.23.0 #143
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| env: | |
| # Go version is extracted dynamically from go.mod in setup-go step | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: nephoran-intent-operator | |
| jobs: | |
| # ============================================================================= | |
| # Setup and CRD Generation Job | |
| # ============================================================================= | |
| generate: | |
| name: Generate CRDs | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: false # We handle caching separately for better control | |
| - name: Cache Go modules and build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download and verify dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| env: | |
| GOPROXY: https://proxy.golang.org,direct | |
| GOSUMDB: sum.golang.org | |
| - name: Install controller-gen | |
| run: | | |
| # Use specific version for reproducibility | |
| go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.18.0 | |
| - name: Generate CRDs and code | |
| run: make gen | |
| - name: Verify no uncommitted changes | |
| run: | | |
| git diff --exit-code || (echo "❌ Generated files are not up to date. Run 'make gen' and commit the changes." && exit 1) | |
| - name: Upload CRD artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: generated-crds | |
| path: deployments/crds/ | |
| retention-days: 1 | |
| # ============================================================================= | |
| # Build Job | |
| # ============================================================================= | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: generate | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: false | |
| - name: Cache Go modules and build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download and verify dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| env: | |
| GOPROXY: https://proxy.golang.org,direct | |
| GOSUMDB: sum.golang.org | |
| - name: Download CRD artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: generated-crds | |
| path: deployments/crds/ | |
| - name: Build project | |
| run: make build | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: bin/ | |
| retention-days: 7 | |
| # ============================================================================= | |
| # Test Job (includes unit tests and envtest) | |
| # ============================================================================= | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: generate | |
| timeout-minutes: 30 | |
| services: | |
| # Redis service for tests that require it | |
| redis: | |
| image: redis:7-alpine | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: false | |
| - name: Cache Go modules and build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download and verify dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| env: | |
| GOPROXY: https://proxy.golang.org,direct | |
| GOSUMDB: sum.golang.org | |
| - name: Download CRD artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: generated-crds | |
| path: deployments/crds/ | |
| - name: Install envtest | |
| run: | | |
| go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20241217140305-686a30edeca5 | |
| - name: Setup envtest environment | |
| run: | | |
| setup-envtest use 1.29.0 --bin-dir ~/.local/bin | |
| echo "KUBEBUILDER_ASSETS=$(setup-envtest use 1.29.0 --bin-dir ~/.local/bin -p path)" >> $GITHUB_ENV | |
| - name: Run tests with coverage | |
| env: | |
| USE_EXISTING_CLUSTER: false | |
| ENVTEST_K8S_VERSION: 1.29.0 | |
| REDIS_URL: redis://localhost:6379 | |
| run: | | |
| make test | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results | |
| path: | | |
| .excellence-reports/coverage.out | |
| .excellence-reports/coverage.html | |
| retention-days: 7 | |
| # ============================================================================= | |
| # Linting Job (using golangci-lint-action for better performance) | |
| # ============================================================================= | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| needs: generate | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: false | |
| - name: Cache Go modules and build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download and verify dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| env: | |
| GOPROXY: https://proxy.golang.org,direct | |
| GOSUMDB: sum.golang.org | |
| - name: Download CRD artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: generated-crds | |
| path: deployments/crds/ | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: v1.61.0 | |
| only-new-issues: false | |
| args: --config .golangci.yml --timeout=10m --out-format=github-actions | |
| # ============================================================================= | |
| # Security/Vulnerability Scanning Job | |
| # ============================================================================= | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: generate | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: false | |
| - name: Cache Go modules and build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Cache govulncheck database | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/go-security-db | |
| key: ${{ runner.os }}-govulncheck-db-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-govulncheck-db- | |
| - name: Download and verify dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| env: | |
| GOPROXY: https://proxy.golang.org,direct | |
| GOSUMDB: sum.golang.org | |
| - name: Download CRD artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: generated-crds | |
| path: deployments/crds/ | |
| - name: Install govulncheck | |
| run: | | |
| go install golang.org/x/vuln/cmd/govulncheck@v1.1.4 | |
| - name: Run vulnerability check | |
| env: | |
| GOVULNCHECK_DB: ~/.cache/go-security-db | |
| run: | | |
| echo "🔍 Running govulncheck..." | |
| govulncheck ./... | |
| - name: Upload security scan results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-scan-results | |
| path: | | |
| ~/.cache/go-security-db/ | |
| retention-days: 7 | |
| # ============================================================================= | |
| # Final CI Status Check | |
| # ============================================================================= | |
| ci-status: | |
| name: CI Status Check | |
| runs-on: ubuntu-latest | |
| needs: [generate, build, test, lint, security] | |
| if: always() | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Check all job statuses | |
| run: | | |
| echo "=== CI Pipeline Status ===" | |
| echo "Generate CRDs: ${{ needs.generate.result }}" | |
| echo "Build: ${{ needs.build.result }}" | |
| echo "Test: ${{ needs.test.result }}" | |
| echo "Lint: ${{ needs.lint.result }}" | |
| echo "Security: ${{ needs.security.result }}" | |
| echo "" | |
| # Check if any critical jobs failed | |
| if [[ "${{ needs.generate.result }}" != "success" || \ | |
| "${{ needs.build.result }}" != "success" || \ | |
| "${{ needs.test.result }}" != "success" || \ | |
| "${{ needs.lint.result }}" != "success" || \ | |
| "${{ needs.security.result }}" != "success" ]]; then | |
| echo "❌ CI Pipeline Failed - One or more critical jobs failed" | |
| exit 1 | |
| else | |
| echo "✅ CI Pipeline Succeeded - All jobs completed successfully" | |
| fi | |
| - name: Generate CI summary | |
| if: always() | |
| run: | | |
| echo "## 🔄 CI Pipeline Results" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "| Job | Status | Description |" >> $GITHUB_STEP_SUMMARY | |
| echo "|-----|--------|-------------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| Generate CRDs | ${{ needs.generate.result == 'success' && '✅ PASSED' || '❌ FAILED' }} | CRD generation and code generation |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Build | ${{ needs.build.result == 'success' && '✅ PASSED' || '❌ FAILED' }} | Project compilation |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Test | ${{ needs.test.result == 'success' && '✅ PASSED' || '❌ FAILED' }} | Unit tests with envtest |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Lint | ${{ needs.lint.result == 'success' && '✅ PASSED' || '❌ FAILED' }} | Code linting with golangci-lint |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Security | ${{ needs.security.result == 'success' && '✅ PASSED' || '❌ FAILED' }} | Vulnerability scanning with govulncheck |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Go Version:** $(go version | cut -d' ' -f3)" >> $GITHUB_STEP_SUMMARY | |
| echo "**Commit:** \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "**Branch:** \`${{ github.ref_name }}\`" >> $GITHUB_STEP_SUMMARY | |
| # ============================================================================= | |
| # Container Build Job (runs after successful CI) | |
| # ============================================================================= | |
| container: | |
| name: Container Build | |
| runs-on: ubuntu-latest | |
| needs: [build, test, lint, security] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| timeout-minutes: 20 | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix={{branch}}- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: bin/ | |
| - name: Build and push container image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile.production | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| VERSION=${{ github.sha }} | |
| BUILD_DATE=${{ github.run_timestamp }} | |
| VCS_REF=${{ github.sha }} |