From f357fa72cab27bca0bfa3599cd1560a78a8c0edc Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 31 Jul 2022 18:58:16 +0300 Subject: [PATCH] Update from template --- .github/dependabot.yml | 4 +++ .github/workflows/gitleaks.yml | 14 +++------ .github/workflows/golangci-lint.yml | 12 +++---- .github/workflows/mkdocs.yml | 15 +++++---- .github/workflows/release.yml | 11 ++++--- .github/workflows/tests.yml | 14 +++++++++ .gitignore | 8 ++++- .pre-commit-config.yaml | 2 +- Dockerfile | 23 +++++++++----- Makefile | 4 ++- docs/continuous-integration/goreleaser.md | 31 +++++++++++++++++++ .../continuous-integration/mkdocs-material.md | 2 +- docs/continuous-integration/pre-commit.md | 12 ++++++- .../semantic-release.md | 6 ++-- 14 files changed, 117 insertions(+), 41 deletions(-) create mode 100644 .github/workflows/tests.yml create mode 100644 docs/continuous-integration/goreleaser.md diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a1f9d9d..d46260c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,3 +5,7 @@ updates: schedule: interval: weekly open-pull-requests-limit: 5 +- package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 57c1f2c..e0726e1 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -1,26 +1,22 @@ -name: Gitleaks - -on: [pull_request, push, workflow_dispatch] - +name: gitleaks +on: [push] jobs: gitleaks: - name: Secret Scan runs-on: ubuntu-latest steps: - - name: Check out the repo + - name: Checkout uses: actions/checkout@v2 - name: Run gitleaks run: docker run -v ${{ github.workspace }}:/path zricethezav/gitleaks:latest detect -v --source="/path" --redact - run-if-failed: - name: Github Security Report (if gitleaks job fails) + name: gen-report (if gitleaks fails) runs-on: ubuntu-latest needs: [gitleaks] if: always() && (needs.gitleaks.result == 'failure') permissions: security-events: write steps: - - name: Check out the repo + - name: Checkout uses: actions/checkout@v2 - name: Generate gitleaks SARIF file # Exit 0 so we can get the failed report results from this step. diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 287e924..bf24eea 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -1,21 +1,19 @@ name: golangci-lint -on: - push: - pull_request: +on: [push] permissions: contents: read # Optional: allow read access to pull request. Use with `only-new-issues` option. # pull-requests: read jobs: - golangci: - name: lint + lint: runs-on: ubuntu-latest steps: - uses: actions/setup-go@v3 with: go-version: 1.17 - - uses: actions/checkout@v3 - - name: golangci-lint + - name: Checkout + uses: actions/checkout@v3 + - name: Run linters uses: golangci/golangci-lint-action@v3 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 2b3f434..052bcec 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -1,16 +1,19 @@ -name: gen-docs +name: mkdocs on: push: branches: - - master - main jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Python + uses: actions/setup-python@v2 with: python-version: 3.x - - run: pip install mkdocs-material - - run: mkdocs gh-deploy --force + - name: Install mkdocs-material + run: pip install mkdocs-material + - name: Publish to gh-pages + run: mkdocs gh-deploy --force diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f230ad4..59f3f73 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,28 +1,29 @@ name: release - on: push: branches: - main jobs: - tag: + semantic-release: runs-on: ubuntu-latest strategy: matrix: node-version: - 16.x steps: - - name: Checkout + - + name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Release + - + name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: npx semantic-release goreleaser: runs-on: ubuntu-latest - needs: tag + needs: semantic-release steps: - name: Checkout diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..510ba34 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,14 @@ +name: tests +on: [push] +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: 1.18 + - name: Go Test + run: go test -v ./... diff --git a/.gitignore b/.gitignore index 99b794f..d31169f 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ *.dll *.so *.dylib +bin/ # Test binary, built with `go test -c` *.test @@ -14,4 +15,9 @@ # Dependency directories (remove the comment below to include it) # vendor/ -bin/ +# Code editor personal settings +.vscode/ +.idea/ + +# Other +.DS_Store diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 01ccc13..ffd139c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,7 +9,7 @@ repos: - id: check-yaml - id: check-added-large-files - repo: https://github.com/golangci/golangci-lint - rev: v1.47.0 + rev: v1.47.2 hooks: - id: golangci-lint - repo: https://github.com/zricethezav/gitleaks diff --git a/Dockerfile b/Dockerfile index e9eedac..6ab38eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,22 @@ -FROM golang:1.18 as build -WORKDIR /go/src/app +FROM golang:1.18-alpine as builder + +RUN apk update && apk upgrade && \ + apk add --no-cache make bash + +WORKDIR /src COPY . . -# Static build requires CGO_ENABLED=0 -RUN mkdir -p /go/bin && CGO_ENABLED=0 go build -ldflags="-w -s" -o /go/bin/app ./... + +# Build executable +RUN make build # Using a distroless image from https://github.com/GoogleContainerTools/distroless -# Image sourced from https://console.cloud.google.com/gcr/images/distroless/global/static FROM gcr.io/distroless/static:nonroot -COPY --from=build /go/bin/app / -# numeric version of user nonroot:nonroot provided in image + +# Copy executable from builder image +COPY --from=builder /src/bin/app / + +# Numeric version of user nonroot:nonroot provided in image USER 65532:65532 + +# Run the executable CMD ["/app"] diff --git a/Makefile b/Makefile index a2425f9..aea1299 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,7 @@ SHELL=/bin/bash -e -o pipefail PWD = $(shell pwd) +GO_BUILD= go build +GOFLAGS= CGO_ENABLED=0 ## help: Print this help message .PHONY: help @@ -37,4 +39,4 @@ fmt: ## build: Build binary into bin/ directory .PHONY: build build: - go build -ldflags="-w -s" -o bin/app ./... + $(GOFLAGS) $(GO_BUILD) -a -v -ldflags="-w -s" -o bin/app cmd/main.go diff --git a/docs/continuous-integration/goreleaser.md b/docs/continuous-integration/goreleaser.md new file mode 100644 index 0000000..4243b5f --- /dev/null +++ b/docs/continuous-integration/goreleaser.md @@ -0,0 +1,31 @@ +# GoReleaser + +## What + +[GoReleaser](https://goreleaser.com/) builds Go binaries for several platforms. The goal is to simplify the build, release and publish steps while providing variant customization options for all steps. + +## Why + +Simplifies the build and packing process of your app's Go binaries. + +## How + +The entire release process can be customized through a `.goreleaser.yml` file. Once you set it up, every time you want to create a new release, all you need to do is create a git tag that conforms to [semantic versioning](https://goreleaser.com/limitations/semver/) and run `goreleaser release`. + + +## CI setup + +!!! summary + + No configuration required. + +GoReleaser is configured to run on the `main` branch and is executed via the release Github workflow in `.github/workflows/release.yml`. + + +!!! info + + Binaries are only created if a tag exists. This is controlled via [semantic-release](semantic-release.md). + +## Local setup + +The [quickstart](https://goreleaser.com/quick-start/) provides detailed steps to run GoReleaser locally. diff --git a/docs/continuous-integration/mkdocs-material.md b/docs/continuous-integration/mkdocs-material.md index 6577f03..98c4212 100644 --- a/docs/continuous-integration/mkdocs-material.md +++ b/docs/continuous-integration/mkdocs-material.md @@ -21,7 +21,7 @@ The repository is preconfigured with a `./docs` directory and renders all markdo ### Github pages -A gen-docs workflow is configured to automatically run on the `main` branch however it requires github-pages to be enabled in the repository settings. +`mkdocs` is configured to automatically run on the `main` branch and is executed via the mkdocs Github workflow in `.github/workflows/mkdocs.yml`. However, it requires github-pages to be enabled in the repository settings. See the screenshot below: diff --git a/docs/continuous-integration/pre-commit.md b/docs/continuous-integration/pre-commit.md index dda3b28..00fa5dc 100644 --- a/docs/continuous-integration/pre-commit.md +++ b/docs/continuous-integration/pre-commit.md @@ -23,7 +23,17 @@ Any detected failures will abort the commit. No configuration required. -All hooks in `.pre-commit-config.yaml` will be executed via the pre-commit Github workflow in `.github/workflows/pre-commit.yml`. +All hooks in `.pre-commit-config.yaml` will be executed via the automatic integration provided from [pre-commit ci](https://pre-commit.ci/). + +`pre-commit ci` runs automatically on pull request commits. + +### Auto fixing pull requests + +If tools (configured in `.pre-commit-config.yaml`) make changes to files during a pull request, pre-commit.ci will automatically fix the pull request. + +pre-commit.ci will run on all pull request commits, but will not push for commits made by bots. + +The impact of this means developers will need to fetch the latest changes if further work must be done on the PR branch. ## Local setup diff --git a/docs/continuous-integration/semantic-release.md b/docs/continuous-integration/semantic-release.md index a998f42..4293497 100644 --- a/docs/continuous-integration/semantic-release.md +++ b/docs/continuous-integration/semantic-release.md @@ -4,7 +4,7 @@ [semantic-release](https://github.com/semantic-release/semantic-release) automates the whole package release workflow including determining the next version number, generating the release notes, and publishing the package. -semantic-release uses the commit messages to determine the consumer impact of changes in the codebase. Following formalized conventions for commit messages, `semantic-release` automatically determines the next semantic version number, generates a changelog and publishes the release. +`semantic-release` uses the commit messages to determine the consumer impact of changes in the codebase. Following formalized conventions for commit messages, `semantic-release` automatically determines the next semantic version number, generates a changelog and publishes the release. ## Why @@ -53,9 +53,11 @@ For a base version of `0.1.0`, the following will apply: This section covers important implications of setting up a base tag/release version (or lack of) in your repo before using `semantic-release`. + + ### Base release version -A semantic-release workflow is configured to run on the `main` branch and technically no further setup is required. However, the semantic-release initial version is set at `v1.0.0` (with pre-release options) instead of the generally accepted version `v0.1.0`. This may not be desirable for your project so a workaround is described below. +`semantic-release` is configured to run on the `main` branch and is executed via the release Github workflow in `.github/workflows/release.yml`. Technically, no further setup is required. However, the initial version is set at `v1.0.0` (with optional pre-release settings) instead of the generally accepted version `v0.1.0`. This may not be desirable for your project so a workaround is described below. !!! info