Skip to content

ci: add comprehensive CI pipeline with tests, lints, and security checks#119

Merged
CybotTM merged 3 commits intomasterfrom
feature/comprehensive-ci-pipeline
Sep 29, 2025
Merged

ci: add comprehensive CI pipeline with tests, lints, and security checks#119
CybotTM merged 3 commits intomasterfrom
feature/comprehensive-ci-pipeline

Conversation

@CybotTM
Copy link
Copy Markdown
Member

@CybotTM CybotTM commented Sep 29, 2025

Summary

Comprehensive GitHub Actions CI pipeline implementing automated testing, linting, security scanning, and cross-platform builds.

New CI Workflow

🔍 Lint Job

  • gofmt: Code formatting validation
  • go vet: Static analysis for common errors
  • golangci-lint: Comprehensive linting with latest version

🧪 Test Job

  • Matrix testing: Go 1.24 and 1.25
  • Race detector: Concurrent bug detection (-race)
  • Coverage reporting: Codecov integration with atomic mode
  • Dependency verification: go mod verify

🏗️ Build Job

  • Cross-platform: linux, darwin, windows
  • Architectures: amd64, arm64
  • Artifacts: 7-day retention for debugging
  • Matrix combinations: 5 total (excluding windows/arm64)

🔒 Security Job

  • Gosec scanner: Go security vulnerability detection
  • SARIF upload: GitHub Security tab integration
  • Non-blocking: Reports findings without failing build

✅ Type Check Job

  • Compilation verification: All packages compile
  • Early error detection: Catches type errors

✔️ Validate Job

  • Final gate: Requires all jobs to pass
  • Single status check: Simplifies branch protection rules

Workflow Triggers

  • Push to master: Continuous validation
  • Pull requests: Pre-merge validation
  • Manual dispatch: On-demand execution

Docker Workflow Improvements

  • Added explicit permissions: contents:read, packages:write
  • Maintains all existing functionality

README Updates

  • Added CI Status badge
  • Links to workflow runs for transparency

Testing

  • ✅ YAML syntax validated for all workflows
  • ✅ Workflow structure follows GitHub Actions best practices
  • ✅ Matrix strategies optimized for efficiency

Benefits

  • 🚀 Automated quality gates on every PR
  • 🐛 Early bug detection with race detector
  • 📊 Coverage tracking over time
  • 🔒 Security vulnerability scanning
  • 🏗️ Multi-platform build verification
  • 📦 Artifact preservation for debugging

@CybotTM
ci: add comprehensive CI pipeline with tests, lints, and security checks
e722abf 
Add new CI workflow (.github/workflows/ci.yml) with:
- Lint job: gofmt, go vet, golangci-lint
- Test job: Matrix testing on Go 1.24 and 1.25 with race detector and coverage
- Build job: Cross-platform builds (linux/darwin/windows × amd64/arm64)
- Security job: Gosec security scanner with SARIF upload
- Type check job: Verify all packages compile
- Validate job: Final gate requiring all checks to pass

Coverage reporting:
- Codecov integration for coverage tracking
- Race detector enabled for concurrent bug detection
- Atomic coverage mode for accuracy

Build artifacts:
- Binary artifacts for all platforms
- 7-day retention for debugging
- Uploaded to GitHub Actions artifacts

Docker workflow improvements:
- Add explicit permissions (contents:read, packages:write)
- Maintains existing functionality

README updates:
- Add CI Status badge linking to workflow runs
- Positioned after Go Report Card for logical grouping

All workflows validated for YAML syntax
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Sep 29, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@CybotTM
ci: update workflow to latest action versions and fix coverage
463c1dd 
Action version updates:
- actions/checkout: v4 → v5
- actions/setup-go: v5 → v6
- golangci/golangci-lint-action: v6 → v8
- codecov/codecov-action: v4 → v5

Coverage fixes:
- Change coverage file: coverage.out → coverage.txt (fixes covdata error)
- Update codecov-action parameter: file → files
- Add fail_ci_if_error: false to prevent blocking on upload issues

Security job improvements:
- Add explicit permissions for security-events:write (required for SARIF upload)

All action versions verified as latest stable releases for 2025
@CybotTM
ci: remove Go 1.24 from test matrix
af18baf 
We deliver binaries and Docker images, not a library.
Since go.mod requires Go 1.25.1, testing on Go 1.24 makes no sense.

Changes:
- Remove matrix strategy from test job
- Use go-version-file: 'go.mod' to test with required version
- Remove conditional for Codecov upload (always upload now)

This aligns testing with actual deployment requirements.
@CybotTM CybotTM merged commit 06e33af into master Sep 29, 2025
14 checks passed
@CybotTM CybotTM deleted the feature/comprehensive-ci-pipeline branch September 29, 2025 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CybotTM @github-advanced-security