Rene Nochebuena
4cdb49bc38
Replaced hardcoded environment and secret-based credentials with input parameters for registry authentication. This change improves flexibility and allows credentials to be supplied dynamically when the action is executed.
108 lines
3.4 KiB
YAML
108 lines
3.4 KiB
YAML
name: 'Go CI/CD Pipeline'
|
|
description: 'Standardized workflow for Go projects (protected branches, tags, minimal CI)'
|
|
|
|
inputs:
|
|
workflow-type:
|
|
description: 'Workflow type (protected, minimal, tag), default: protected'
|
|
required: true
|
|
default: 'protected'
|
|
go-version:
|
|
description: 'Go version'
|
|
required: false
|
|
default: '1.24'
|
|
build-type:
|
|
description: 'Build type (library/application), default: application'
|
|
required: false
|
|
default: 'application'
|
|
container-registry:
|
|
description: 'Container registry url'
|
|
required: true
|
|
registry-username:
|
|
description: 'The registry username'
|
|
required: true
|
|
registry-token:
|
|
description: 'The registry authentication token'
|
|
required: true
|
|
publish-docker:
|
|
description: 'Publish Docker image (true/false)'
|
|
required: false
|
|
default: 'true'
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ inputs.go-version }}
|
|
|
|
- name: Download dependencies
|
|
shell: bash
|
|
run: |
|
|
go mod tidy -x
|
|
|
|
- name: Run tests
|
|
shell: bash
|
|
run: |
|
|
go test -json > test-report.out
|
|
go test -coverprofile=coverage.out
|
|
|
|
- name: Build library
|
|
if: inputs.build-type == 'library'
|
|
shell: bash
|
|
run: |
|
|
go build ./...
|
|
|
|
- name: Build application
|
|
if: inputs.build-type == 'application'
|
|
shell: bash
|
|
run: |
|
|
go build -o ./bin/app main.go
|
|
|
|
- name: Generate container image tag
|
|
if: inputs.publish-docker == 'true' && inputs.build-type == 'application' && (inputs.workflow-type == 'protected' || inputs.workflow-type == 'tag')
|
|
id: generate-tag
|
|
shell: bash
|
|
run: |
|
|
repository="${{ github.repository }}"
|
|
ref="${{ github.ref }}"
|
|
|
|
if [[ "$ref" == "refs/heads/develop" ]]; then
|
|
tag="$(git rev-parse --short HEAD)"
|
|
elif [[ "$ref" == "refs/heads/main" ]]; then
|
|
tag="latest"
|
|
elif [[ "$ref" == refs/heads/release/* ]]; then
|
|
version="${ref#refs/heads/release/}"
|
|
tag="${version}-release"
|
|
elif [[ "$ref" == refs/tags/* ]]; then
|
|
tag="${ref#refs/tags/}"
|
|
else
|
|
echo "Unsupported ref: $ref"
|
|
exit 1
|
|
fi
|
|
|
|
echo "container-tag=${repository}:${tag}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Login to Registry
|
|
if: inputs.publish-docker == 'true' && inputs.build-type == 'application' && (inputs.workflow-type == 'protected' || inputs.workflow-type == 'tag')
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ inputs.container-registry }}
|
|
username: ${{ inputs.registry-username }}
|
|
password: ${{ inputs.registry-token }}
|
|
|
|
- name: Set up Docker Buildx
|
|
if: inputs.publish-docker == 'true' && inputs.build-type == 'application' && (inputs.workflow-type == 'protected' || inputs.workflow-type == 'tag')
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build and push container image
|
|
if: inputs.publish-docker == 'true' && inputs.build-type == 'application' && (inputs.workflow-type == 'protected' || inputs.workflow-type == 'tag')
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
push: true
|
|
tags: "${{ inputs.container-registry }}/${{ steps.generate-tag.outputs.container-tag }}" |