Update workflows and goreleaser

iotaledger · Aug 9, 2023 · 3ab3a6d · 3ab3a6d
1 parent 2aaab54
commit 3ab3a6d
Show file tree

Hide file tree

Showing 17 changed files with 244 additions and 211 deletions.
diff --git a/.github/workflows/build_HORNET.yml b/.github/workflows/build_HORNET.yml
@@ -1,27 +1,33 @@
 name: Build HORNET
+
 on:
   push:
     branches:
       - legacy
-      - develop-legacy
   pull_request:
+    paths-ignore:
+      - 'documentation/**'
+      - 'nfpm/**'
+      - 'private_tangle/**'
+      - 'scripts/**'
+      - 'tools/**'
 
 jobs:
   build:
     name: Build HORNET
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
         with:
-          go-version: '1.20'
+          go-version: "1.20"
         id: go
 
       - name: Print Go version
         run: go version
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build HORNET
         run: go build -v .
diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
@@ -1,9 +1,9 @@
 name: Build Docker
+
 on:
   push:
-    paths:
-      - "docker/Dockerfile"
-      - "docker-compose.yml"
+    branches:
+      - legacy
   pull_request:
     paths:
       - "docker/Dockerfile"
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build HORNET Docker image
         run: docker build . --file docker/Dockerfile --tag hornet:latest

diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml
@@ -1,32 +1,42 @@
+
 name: "CodeQL"
 
 on:
-  # Run this security check every day at 03:00 to find potential new vulnerabilities in the default branch
+  # Run this security check every day at 03:00 to find potential new vulnerabilities in the develop branch
   schedule:
     - cron: "0 3 * * *"
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
+          ref: legacy
 
+      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
-          languages: go
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -1,18 +1,33 @@
 name: GolangCIlint
 
-on: [pull_request]
+on:
+  push:
+    branches:
+      - legacy
+  pull_request:
+    paths-ignore:
+      - 'documentation/**'
+      - 'docker/**'
+      - 'nfpm/**'
+      - 'private_tangle/**'
+      - 'scripts/**'
+      - 'tools/**'
 
 jobs:
   golangci-lint:
     name: GolangCI-Lint
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: golangci-lint
-        uses: reviewdog/action-golangci-lint@v1
+        uses: reviewdog/action-golangci-lint@v2
         with:
+          go_version_file: go.mod
+          version: v1.53.3
           github_token: ${{ secrets.GITHUB_TOKEN }}
           golangci_lint_flags: "--timeout=10m"
-          reporter: "github-pr-review"
+          reporter: github-pr-check
+          filter_mode: nofilter
+          fail_on_error: true
diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
@@ -1,7 +1,17 @@
 name: Integration Tests
 
 on:
+  push:
+    branches:
+      - legacy
   pull_request:
+    paths-ignore:
+      - 'documentation/**'
+      - 'docker/**'
+      - 'nfpm/**'
+      - 'private_tangle/**'
+      - 'scripts/**'
+      - 'tools/**'
 
 jobs:
 
@@ -12,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build HORNET image
         run: docker build -f docker/Dockerfile.dev -t hornet:dev .
@@ -23,16 +33,17 @@ jobs:
           docker pull gaiadocker/iproute2:latest
 
       - name: Run integration tests
-        run: docker-compose -f integration-tests/tester/docker-compose.yml up --abort-on-container-exit --exit-code-from tester --build
+        run: docker compose -f integration-tests/tester/docker-compose.yml up --abort-on-container-exit --exit-code-from tester --build
 
       - name: Create logs from tester
         if: always()
         run: |
+          sudo chmod 777 integration-tests/logs
           docker logs tester &> integration-tests/logs/tester.log
 
       - name: Save logs as artifacts
         if: always()
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v2
         with:
           name: ${{ env.TEST_NAME }}
           path: integration-tests/logs
@@ -44,7 +55,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build HORNET image
         run: docker build -f docker/Dockerfile.dev -t hornet:dev .
@@ -55,16 +66,17 @@ jobs:
           docker pull gaiadocker/iproute2:latest
 
       - name: Run integration tests
-        run: docker-compose -f integration-tests/tester/docker-compose.yml up --abort-on-container-exit --exit-code-from tester --build
+        run: docker compose -f integration-tests/tester/docker-compose.yml up --abort-on-container-exit --exit-code-from tester --build
 
       - name: Create logs from tester
         if: always()
         run: |
+          sudo chmod 777 integration-tests/logs
           docker logs tester &> integration-tests/logs/tester.log
 
       - name: Save logs as artifacts
         if: always()
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v2
         with:
           name: ${{ env.TEST_NAME }}
-          path: integration-tests/logs
+          path: integration-tests/logs
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,22 +5,58 @@ on:
     types: [published]
 
 jobs:
-  Release:
-    name: Release
-    runs-on: [ubuntu-latest]
-    container:
-      image: iotaledger/goreleaser-cgo-cross-compiler:1.20.2
-      volumes: [/repo]
-
+  release-docker:
+    name: Release Docker
+    runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: iotaledger/hornet
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=match,pattern=v(\d+.\d+),suffix=-alpha,group=1,enable=${{ contains(github.ref, '-alpha') }}
+            type=match,pattern=v(\d+.\d+),suffix=-beta,group=1,enable=${{ contains(github.ref, '-beta') }}
+            type=match,pattern=v(\d+.\d+),suffix=-rc,group=1,enable=${{ contains(github.ref, '-rc') }}
+
       - name: Login to DockerHub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.IOTALEDGER_DOCKER_USERNAME }}
           password: ${{ secrets.IOTALEDGER_DOCKER_PASSWORD }}
+
+      - name: Build and push to Dockerhub
+        uses: docker/build-push-action@v3
+        with:
+          file: ./docker/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+  binaries:
+    name: Release Binaries
+    runs-on: ubuntu-latest
+    container:
+      image: iotaledger/goreleaser-cgo-cross-compiler:1.20.2
+      volumes: [/repo]
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+
       - name: Release HORNET
-        run: goreleaser --rm-dist
+        run: goreleaser --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/.github/workflows/snyk-monitor-golang.yml b/.github/workflows/snyk-monitor-golang.yml
diff --git a/.github/workflows/snyk-test-golang.yml b/.github/workflows/snyk-test-golang.yml
diff --git a/.github/workflows/snyk-test.yml b/.github/workflows/snyk-test.yml
@@ -0,0 +1,54 @@
+name: Test dependencies with Snyk
+
+on:
+  # Run this check every day at 03:00 to find potential new vulnerabilities in the develop branch
+  schedule:
+    - cron: "0 3 * * *"
+
+jobs:
+  snyk-test:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+        with:
+          ref: legacy
+
+      - name: Build HORNET Docker image
+        run: docker build . --file docker/Dockerfile --tag hornet:latest
+
+      - name: Run Snyk to check for Golang vulnerabilities
+        uses: snyk/actions/golang@0.3.0
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --org=gohornet --sarif-file-output=snyk-golang.sarif
+
+      - name: Run Snyk to check for Docker image vulnerabilities
+        uses: snyk/actions/docker@0.3.0
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: hornet:latest
+          # Exclude Go app vulns because those are picked up by the previous scan
+          # For Docker scans, the SARIF is created by default
+          args: --org=gohornet --file=Dockerfile --exclude-app-vulns
+
+      - name: Upload Golang results to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk-golang.sarif
+          category: snyk-golang
+
+      - name: Upload Docker results to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+          category: snyk-docker