Skip to content

Commit 13f86da

Browse files
alexei-ledalexei-led
committed
modernize GitHub workflows
1 parent 184cf82 commit 13f86da

File tree

3 files changed

+121
-83
lines changed

3 files changed

+121
-83
lines changed

.github/workflows/build.yaml

+31-30
Original file line numberDiff line numberDiff line change
@@ -1,72 +1,73 @@
11
name: "Build and Test"
2-
32
on:
43
pull_request:
54
paths-ignore:
65
- 'docs/**'
76
- 'deploy/**'
87
- 'examples/**'
98
- '*.md'
10-
119
jobs:
12-
1310
test:
1411
name: "lint and test"
1512
runs-on: ubuntu-latest
1613
permissions:
1714
checks: write
1815
pull-requests: write
19-
16+
contents: read
2017
steps:
21-
- name: checkout
22-
uses: actions/checkout@v3
23-
24-
- name: setup Go
25-
uses: actions/setup-go@v3
18+
- name: Checkout
19+
uses: actions/checkout@v4
20+
- name: Setup Go
21+
uses: actions/setup-go@v5
2622
with:
27-
go-version: 1.21
28-
29-
- name: lint and test
30-
shell: sh
23+
go-version: '1.21'
24+
cache: true
25+
- name: Lint and Test
26+
shell: bash
3127
run: |
3228
make lint
3329
make test-coverage
34-
35-
- name: publish test results
30+
- name: Publish Test Results
3631
uses: EnricoMi/publish-unit-test-result-action@v2
3732
if: always()
3833
with:
3934
junit_files: ".cover/tests.xml"
40-
41-
- name: upload coverage
42-
uses: codecov/codecov-action@v3
35+
- name: Upload Coverage to Codecov
36+
uses: codecov/codecov-action@v4
4337
with:
4438
files: ".cover/coverage.xml"
45-
39+
token: ${{ secrets.CODECOV_TOKEN }}
40+
fail_ci_if_error: false
41+
- name: Upload Coverage Report
42+
uses: actions/upload-artifact@v4
43+
with:
44+
name: coverage-report
45+
path: .cover/
46+
retention-days: 7
4647
integration:
4748
name: "integration tests"
4849
runs-on: ubuntu-latest
49-
50+
permissions:
51+
contents: read
5052
steps:
51-
- name: checkout
52-
uses: actions/checkout@v3
53-
54-
- name: setup buildx
55-
uses: docker/setup-buildx-action@v2
53+
- name: Checkout
54+
uses: actions/checkout@v4
55+
- name: Set up Docker Buildx
56+
uses: docker/setup-buildx-action@v3
5657
with:
5758
driver-opts: network=host
58-
59-
- name: build image
60-
uses: docker/build-push-action@v3
59+
- name: Build and Export Docker Image
60+
uses: docker/build-push-action@v5
6161
with:
6262
build-args: SKIP_TESTS=true
6363
file: docker/Dockerfile
6464
context: .
6565
tags: pumba:test
6666
target: integration-tests
6767
outputs: type=docker,dest=/tmp/image.tar
68-
69-
- name: integration tests
68+
cache-from: type=gha
69+
cache-to: type=gha,mode=max
70+
- name: Run Integration Tests
7071
run: |
7172
docker load -i /tmp/image.tar
7273
docker run -i --rm --name integration-tests -v /var/run/docker.sock:/var/run/docker.sock pumba:test

.github/workflows/codeql-analysis.yml

+23-17
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,7 @@ name: "Code Scan"
22

33
on:
44
pull_request:
5-
# The branches below must be a subset of the branches above
6-
branches: [ master ]
5+
branches: [ master, main ]
76
schedule:
87
# ┌───────────── minute (0 - 59)
98
# │ ┌───────────── hour (0 - 23)
@@ -23,41 +22,48 @@ jobs:
2322
permissions:
2423
# required for all workflows
2524
security-events: write
25+
# required for checkout
26+
contents: read
27+
# required for PR scans
28+
pull-requests: read
2629

2730
steps:
2831
- name: Checkout repository
29-
uses: actions/checkout@v3
32+
uses: actions/checkout@v4
3033
with:
3134
# We must fetch at least the immediate parents so that if this is
3235
# a pull request then we can checkout the head.
3336
fetch-depth: 2
3437

35-
# If this run was triggered by a pull request event, then checkout
36-
# the head of the pull request instead of the merge commit.
37-
- run: git checkout HEAD^2
38-
if: ${{ github.event_name == 'pull_request' }}
38+
# Set up Go for better analysis
39+
- name: Setup Go
40+
uses: actions/setup-go@v5
41+
with:
42+
go-version: '1.21'
3943

4044
# Initializes the CodeQL tools for scanning.
4145
- name: Initialize CodeQL
42-
uses: github/codeql-action/init@v2
46+
uses: github/codeql-action/init@v3
4347
with:
4448
languages: go
49+
# Enable dependency scanning
50+
queries: +security-extended,security-and-quality
4551

46-
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
47-
# If this step fails, then you should remove it and run the build manually (see below)
52+
# Autobuild attempts to build any compiled languages
4853
- name: Autobuild
49-
uses: github/codeql-action/autobuild@v2
54+
uses: github/codeql-action/autobuild@v3
5055

5156
# ℹ️ Command-line programs to run using the OS shell.
52-
# 📚 https://git.io/JvXDl
53-
54-
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
55-
# and modify them (or add more) to build your code if your project
57+
# 📚 If the Autobuild fails, uncomment the following three lines
58+
# and modify them to build your code if your project
5659
# uses a compiled language
5760

58-
#- run: |
61+
#- name: Manual Build
62+
# run: |
5963
# make bootstrap
6064
# make release
6165

6266
- name: Perform CodeQL Analysis
63-
uses: github/codeql-action/analyze@v2
67+
uses: github/codeql-action/analyze@v3
68+
with:
69+
category: "/language:go"

.github/workflows/release.yaml

+67-36
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ on:
44
push:
55
branches:
66
- master
7+
- main
78
tags:
89
- '[0-9]+.[0-9]+.[0-9]+'
910
paths-ignore:
@@ -15,99 +16,129 @@ on:
1516
- '*.yaml'
1617

1718
jobs:
18-
1919
build:
2020
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
2121
runs-on: ubuntu-latest
22-
container: golang:1.21-alpine
22+
permissions:
23+
contents: read
2324

2425
steps:
25-
- name: checkout
26-
uses: actions/checkout@v3
26+
- name: Checkout code
27+
uses: actions/checkout@v4
28+
with:
29+
fetch-depth: 0
30+
31+
- name: Set up Go
32+
uses: actions/setup-go@v5
33+
with:
34+
go-version: '1.21'
35+
cache: true
2736

28-
- name: build
29-
shell: sh
37+
- name: Build release binaries
3038
env:
3139
GOPROXY: https://proxy.golang.org
3240
CGO_ENABLED: 0
3341
run: |
34-
apk --update add ca-certificates tzdata make git bash
3542
make release
3643
37-
- uses: actions/upload-artifact@v3
44+
- name: Upload build artifacts
45+
uses: actions/upload-artifact@v4
3846
with:
3947
name: 'pumba-binaries'
4048
path: .bin/**
41-
49+
retention-days: 7
4250

4351
create-release:
4452
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
45-
name: release
53+
name: Create GitHub Release
4654
needs: [ build ]
4755
runs-on: ubuntu-latest
56+
permissions:
57+
contents: write # Required for creating releases
4858

4959
steps:
50-
- name: checkout
51-
uses: actions/checkout@v3
60+
- name: Checkout code
61+
uses: actions/checkout@v4
5262

53-
- name: tag
63+
- name: Get tag name
5464
id: get_tag
55-
run: echo ::set-output name=git_tag::${GITHUB_REF/refs\/tags\//}
65+
run: echo "git_tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
5666

57-
- uses: actions/download-artifact@v3
58-
id: download
67+
- name: Download artifacts
68+
uses: actions/download-artifact@v4
5969
with:
6070
name: 'pumba-binaries'
6171
path: ${{ github.workspace }}/.bin/
6272

63-
- name: release
64-
uses: softprops/action-gh-release@v1
73+
- name: Create GitHub Release
74+
uses: softprops/action-gh-release@v2
6575
with:
6676
name: ${{ steps.get_tag.outputs.git_tag }}
6777
tag_name: ${{ steps.get_tag.outputs.git_tag }}
6878
prerelease: true
6979
generate_release_notes: true
7080
files: |
7181
${{ github.workspace }}/.bin/**
72-
push:
82+
83+
push-docker:
7384
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
74-
name: push
85+
name: Push Docker Image
7586
runs-on: ubuntu-latest
87+
permissions:
88+
contents: read
89+
packages: write # Required if pushing to GHCR
7690

7791
steps:
78-
- name: checkout
79-
uses: actions/checkout@v3
92+
- name: Checkout code
93+
uses: actions/checkout@v4
8094

81-
- name: get tag
95+
- name: Get tag name
8296
id: get_tag
83-
run: echo ::set-output name=git_tag::${GITHUB_REF/refs\/tags\//}
97+
run: echo "git_tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
8498

85-
- uses: benjlevesque/short[email protected]
99+
- name: Get short SHA
86100
id: short-sha
101+
run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
87102

88-
- name: setup buildx
89-
uses: docker/setup-buildx-action@v2
103+
- name: Set up Docker Buildx
104+
uses: docker/setup-buildx-action@v3
105+
with:
106+
platforms: linux/amd64,linux/arm64
107+
108+
- name: Set up QEMU
109+
uses: docker/setup-qemu-action@v3
90110

91-
- name: login to registry
92-
uses: docker/login-action@v2
111+
- name: Login to Docker registry
112+
uses: docker/login-action@v3
93113
with:
94114
username: ${{ secrets.DOCKER_ACCOUNT }}
95115
password: ${{ secrets.DOCKER_TOKEN }}
96116

97-
- name: build and push
98-
uses: docker/build-push-action@v4
117+
- name: Build metadata
118+
id: meta
119+
uses: docker/metadata-action@v5
120+
with:
121+
images: ${{ secrets.DOCKER_ORG }}/pumba
122+
tags: |
123+
type=semver,pattern={{version}}
124+
type=raw,value=latest
125+
126+
- name: Build and push
127+
uses: docker/build-push-action@v5
99128
with:
100129
file: docker/Dockerfile
101130
context: .
102-
# skip tests since emulator fails on multi-arch build due to buildx open issue https://github.com/docker/buildx/issues/1986
103131
build-args: |
104-
BRANCH=${{ github.ref-name }}
132+
BRANCH=${{ github.ref_name }}
105133
COMMIT=${{ steps.short-sha.outputs.sha }}
106134
SKIP_TESTS=true
107135
platforms: |
108136
linux/amd64
109137
linux/arm64
110138
push: true
111-
tags: |
112-
${{ secrets.DOCKER_ORG }}/pumba:${{ steps.get_tag.outputs.git_tag }}
113-
${{ secrets.DOCKER_ORG }}/pumba:latest
139+
tags: ${{ steps.meta.outputs.tags }}
140+
labels: ${{ steps.meta.outputs.labels }}
141+
cache-from: type=gha
142+
cache-to: type=gha,mode=max
143+
provenance: true
144+
sbom: true

0 commit comments

Comments
 (0)