From ea3858a2c49c616740020112618f6b8ef35b0467 Mon Sep 17 00:00:00 2001 From: Takenori Nakagawa Date: Sat, 25 Jan 2020 16:58:31 +0900 Subject: [PATCH] Add workflow --- .github/workflows/pr.yaml | 65 ++++++++++++++++++++++++++++ .github/workflows/push.yaml | 73 +++++++++++++++++++++++++++++++ .github/workflows/release.yaml | 79 ++++++++++++++++++++++++++++++++++ .gitignore | 1 + README.md | 3 ++ tools.go | 1 + 6 files changed, 222 insertions(+) create mode 100644 .github/workflows/pr.yaml create mode 100644 .github/workflows/push.yaml create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 0000000..cf701b6 --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,65 @@ +name: Test for PR + +on: pull_request + +env: + IMAGE_NAME: worker + IMAGE_TAG: latest + +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-go@v1 + with: + go-version: "1.13" + - name: setup env + run: | + echo "::set-env name=GOPATH::$(go env GOPATH)" + echo "::add-path::$(go env GOPATH)/bin" + shell: bash + - name: Install go tools + run: cat tools.go | grep _ | awk -F '"' '{print $2}' | xargs -tI {} go install {} + - name: go generate + run: go generate ./... + - name: Check uncommitted changes + run: | + if [ -n "$(git status --porcelain)" ]; then + echo "uncommitted changes" + git status + exit 1 + fi + - name: go lint + run: go list ./... | xargs golint -set_exit_status + - run: go vet ./... + - run: go test -v -race ./... + + docker: + name: Build docker image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Shellcheck + env: + SHELLCHECK_OPTS: -e SC2187 + run: find . -name "*.sh" | xargs shellcheck + - name: Lint + run: | + docker run -v $(pwd):/working --rm hadolint/hadolint \ + hadolint /working/Dockerfile \ + --ignore DL3018 + - name: Build docker image + run: docker build -t "docker.pkg.github.com/${GITHUB_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" . + - name: Install trivy + run: | + sudo apt-get install --no-install-recommends apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - + echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install --no-install-recommends trivy + - name: Vulnerability Scan + run: | + trivy -q --severity HIGH,CRITICAL --exit-code 1 \ + "docker.pkg.github.com/${GITHUB_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml new file mode 100644 index 0000000..f844da6 --- /dev/null +++ b/.github/workflows/push.yaml @@ -0,0 +1,73 @@ +name: Test on master + +on: + push: + branches: + - master + +env: + IMAGE_NAME: worker + IMAGE_TAG: latest + +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-go@v1 + with: + go-version: "1.13" + - name: setup env + run: | + echo "::set-env name=GOPATH::$(go env GOPATH)" + echo "::add-path::$(go env GOPATH)/bin" + shell: bash + - name: Install go tools + run: cat tools.go | grep _ | awk -F '"' '{print $2}' | xargs -tI {} go install {} + - name: go generate + run: go generate ./... + - name: Check uncommitted changes + run: | + if [ -n "$(git status --porcelain)" ]; then + echo "uncommitted changes" + git status + exit 1 + fi + - name: go lint + run: go list ./... | xargs golint -set_exit_status + - run: go vet ./... + - run: go test -v -race ./... + + docker: + needs: test + name: Build and push docker image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Shellcheck + env: + SHELLCHECK_OPTS: -e SC2187 + run: find . -name "*.sh" | xargs shellcheck + - name: Lint + run: | + docker run -v $(pwd):/working --rm hadolint/hadolint \ + hadolint /working/Dockerfile \ + --ignore DL3018 + - name: Build docker image + run: docker build -t "docker.pkg.github.com/${GITHUB_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" . + - name: Install trivy + run: | + sudo apt-get install --no-install-recommends apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - + echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install --no-install-recommends trivy + - name: Vulnerability Scan + run: | + trivy -q --severity HIGH,CRITICAL --exit-code 1 \ + "docker.pkg.github.com/${GITHUB_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" + - name: Push docker image + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u owner --password-stdin docker.pkg.github.com + docker push "docker.pkg.github.com/${GITHUB_REPOSITORY}/worker:${IMAGE_TAG}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..ee71d3b --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,79 @@ +name: Release + +on: + push: + tags: + - v[0-9]+.[0-9]+.[0-9]+ + +env: + IMAGE_NAME: worker + +jobs: + test: + name: Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-go@v1 + with: + go-version: "1.13" + - name: setup env + run: | + echo "::set-env name=GOPATH::$(go env GOPATH)" + echo "::add-path::$(go env GOPATH)/bin" + shell: bash + - name: Install go tools + run: cat tools.go | grep _ | awk -F '"' '{print $2}' | xargs -tI {} go install {} + - name: go generate + run: go generate ./... + - name: Check uncommitted changes + run: | + if [ -n "$(git status --porcelain)" ]; then + echo "uncommitted changes" + git status + exit 1 + fi + - name: go lint + run: go list ./... | xargs golint -set_exit_status + - run: go vet ./... + - run: go test -v -race ./... + + docker: + needs: test + name: Build and push docker image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Set image tag + run: | + tag=$(echo "${GITHUB_REF}" | sed "s/^refs\/tags\/v//") + if [ -z "$tag" ]; then + exit 1 + fi + echo "::set-env name=IMAGE_TAG::$tag" + - name: Shellcheck + env: + SHELLCHECK_OPTS: -e SC2187 + run: find . -name "*.sh" | xargs shellcheck + - name: Lint + run: | + docker run -v $(pwd):/working --rm hadolint/hadolint \ + hadolint /working/Dockerfile \ + --ignore DL3018 + - name: Build docker image + run: docker build -t "docker.pkg.github.com/${GITHUB_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" . + - name: Install trivy + run: | + sudo apt-get install --no-install-recommends apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - + echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install --no-install-recommends trivy + - name: Vulnerability Scan + run: | + trivy -q --severity HIGH,CRITICAL --exit-code 1 \ + "docker.pkg.github.com/${GITHUB_REPOSITORY}/${IMAGE_NAME}:${IMAGE_TAG}" + - name: Push docker image + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login -u owner --password-stdin docker.pkg.github.com + docker push "docker.pkg.github.com/${GITHUB_REPOSITORY}/worker:${IMAGE_TAG}" diff --git a/.gitignore b/.gitignore index 7fcc90a..8a96329 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .* +!.github !.gitignore !.dockerignore diff --git a/README.md b/README.md index e72d50f..227e2dd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ calendar-worker === +![](https://github.com/ww24/calendar-worker/workflows/Test%20on%20master/badge.svg) + Calendar Worker is Google Calendar event handler and actions. ## Features @@ -29,6 +31,7 @@ Calendar Worker is Google Calendar event handler and actions. ## Usage ### For the docker-compose + - Run `docker-compose up` ### For the docker diff --git a/tools.go b/tools.go index a40e95f..47efeae 100644 --- a/tools.go +++ b/tools.go @@ -3,5 +3,6 @@ package calendar import ( + _ "golang.org/x/lint/golint" _ "golang.org/x/tools/cmd/stringer" )