Merge pull request #4 from cognitive-glitch/main #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main, develop, dev] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| # Lint job - formatters and linters | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25.0' | |
| cache: true | |
| - name: Verify dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| - name: Run gofumpt | |
| run: | | |
| go install mvdan.cc/gofumpt@latest | |
| if [ -n "$(gofumpt -l .)" ]; then | |
| echo "Go code is not formatted with gofumpt:" | |
| gofumpt -d . | |
| exit 1 | |
| fi | |
| - name: Run goimports | |
| run: | | |
| go install golang.org/x/tools/cmd/goimports@latest | |
| if [ -n "$(goimports -local github.com/gosuda/relaydns -l .)" ]; then | |
| echo "Go imports are not formatted:" | |
| goimports -local github.com/gosuda/relaydns -d . | |
| exit 1 | |
| fi | |
| - name: Run go vet | |
| run: go vet ./... | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v8 | |
| with: | |
| version: v2.5.0 | |
| args: --timeout=5m | |
| - name: Check go.mod tidiness | |
| run: | | |
| go mod tidy | |
| if ! git diff --exit-code go.mod go.sum; then | |
| echo "go.mod or go.sum is not tidy" | |
| exit 1 | |
| fi | |
| # Build job - verify binaries compile | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| go-version: ['1.25.0'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ matrix.go-version }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| cache: true | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Build server binary | |
| run: go build -v -trimpath -o bin/relaydns-server ./cmd/server | |
| - name: Build example HTTP client | |
| run: go build -v -trimpath -o bin/relaydns-client ./sdk/go/examples/http-client | |
| - name: Build example chat client | |
| run: go build -v -trimpath -o bin/relaydns-chat ./sdk/go/examples/chat | |
| - name: Upload binaries | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.go-version == '1.25.0' | |
| with: | |
| name: binaries | |
| path: bin/* | |
| retention-days: 7 | |
| # # Test job - unit tests with race detection | |
| # test: | |
| # name: Test | |
| # runs-on: ubuntu-latest | |
| # strategy: | |
| # matrix: | |
| # go-version: ['1.25.0', '1.24.x'] | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v4 | |
| # - name: Set up Go ${{ matrix.go-version }} | |
| # uses: actions/setup-go@v5 | |
| # with: | |
| # go-version: ${{ matrix.go-version }} | |
| # cache: true | |
| # - name: Download dependencies | |
| # run: go mod download | |
| # - name: Run tests | |
| # run: go test -v -race -timeout=5m -coverprofile=coverage.out -covermode=atomic ./... | |
| # - name: Generate coverage report | |
| # if: matrix.go-version == '1.25.0' | |
| # run: go tool cover -html=coverage.out -o coverage.html | |
| # - name: Upload coverage report | |
| # uses: actions/upload-artifact@v4 | |
| # if: matrix.go-version == '1.25.0' | |
| # with: | |
| # name: coverage-report | |
| # path: coverage.html | |
| # retention-days: 7 | |
| # - name: Check test coverage | |
| # if: matrix.go-version == '1.25.0' | |
| # run: | | |
| # coverage=$(go tool cover -func=coverage.out | grep total | awk '{print substr($3, 1, length($3)-1)}') | |
| # echo "Total test coverage: ${coverage}%" | |
| # if (( $(echo "$coverage < 30" | bc -l) )); then | |
| # echo "Warning: Test coverage is below 30%" | |
| # fi | |
| # Sanitizers job - static analysis and security checks | |
| sanitizers: | |
| name: Sanitizers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25.0' | |
| cache: true | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Run staticcheck | |
| run: | | |
| go install honnef.co/go/tools/cmd/staticcheck@latest | |
| staticcheck ./... | |
| - name: Check for ineffective assignments | |
| run: | | |
| go install github.com/gordonklaus/ineffassign@latest | |
| ineffassign ./... | |
| - name: Check for unused code | |
| run: | | |
| go install honnef.co/go/tools/cmd/staticcheck@latest | |
| staticcheck -checks=U1000 ./... | |
| # - name: Run gosec (security scanner) | |
| # run: | | |
| # go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| # gosec -fmt=json -out=gosec-report.json ./... || true | |
| # gosec ./... | |
| # - name: Upload gosec report | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: gosec-report | |
| # path: gosec-report.json | |
| # retention-days: 7 | |
| # Docker build job | |
| docker: | |
| name: Docker Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: false | |
| tags: relaydns-server:ci | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Dependency check job | |
| dependencies: | |
| name: Check Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25.0' | |
| cache: true | |
| - name: Check for known vulnerabilities | |
| run: | | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck ./... | |
| - name: Check for outdated dependencies | |
| run: | | |
| go list -u -m -json all | jq -r 'select(.Update != null) | "\(.Path): \(.Version) -> \(.Update.Version)"' || true |