ci lint fix #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| jobs: | |
| lint: | |
| name: Lint Go project | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/[email protected] | |
| - name: Set up Go | |
| uses: actions/[email protected] | |
| with: | |
| go-version: '1.22' | |
| cache: false | |
| - name: golangci-lint | |
| uses: golangci/[email protected] | |
| with: | |
| version: latest | |
| args: --timeout=10m | |
| test: | |
| name: Test Go project | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/[email protected] | |
| - name: Set up Go | |
| uses: actions/[email protected] | |
| with: | |
| go-version: '1.22' | |
| cache: false | |
| - name: Test | |
| run: go test -v ./... | |
| docker: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint | |
| - test | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/[email protected] | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Login to Docker Hub | |
| uses: docker/[email protected] | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Short SHA | |
| id: sha | |
| run: echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Build Docker image | |
| run: docker build -t ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.sha.outputs.sha_short }} . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.sha.outputs.sha_short }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Push Docker image | |
| run: docker push ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.sha.outputs.sha_short }} | |