docs: updated packages docs #191

Workflow file for this run

	name: CI

	on:
	push:
	branches: [ "main" ]

	env:
	DOCKER_REPO: docker.io/soders
	DOCKER_IMAGE: docker.io/soders/go-semver-release
	GIT_CI_USERNAME: go-semver-ci
	GIT_CI_EMAIL: go-semver@release.ci
	SBOM_FILE: sbom.spdx

	jobs:
	go-build:
	runs-on: ubuntu-latest
	outputs:
	release: ${{ steps.go-semver.outputs.NEW_RELEASE }}
	semver: ${{ steps.go-semver.outputs.SEMVER }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: 1.22

	- name: Go Build
	run: go build -v -o go-semver-release ./main.go

	- name: Go Test
	run: go test -race -v -covermode=atomic -coverprofile=coverage.out ./...

	- name: Upload coverage reports to Codecov
	uses: codecov/codecov-action@v4.0.1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}

	- name: Go Semver Release
	id: go-semver
	run: ./go-semver-release local . --release-branch main --tag-prefix v --verbose --json

	docker-build-and-scan:
	runs-on: ubuntu-latest
	needs: go-build
	if: ${{needs.go-build.outputs.release == 'true'}}
	env:
	PRERELEASE_TAG: '${{needs.go-build.outputs.semver}}-${{ github.sha }}'
	steps:
	- uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Docker build pre-release
	uses: docker/build-push-action@v5
	with:
	context: ./build/
	file: Dockerfile
	push: true
	build-args: \|
	APP_VERSION="${{ needs.go-build.outputs.semver }}"
	APP_BUILD_NUMBER="${{ github.run_id }}"
	APP_COMMIT_HASH="${{ github.sha }}"
	tags: soders/go-semver-release:${{ env.PRERELEASE_TAG }}

	- name: Trivy Scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ env.DOCKER_IMAGE }}:${{ env.PRERELEASE_TAG }}'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH,MEDIUM'

	sbom-sign-and-release-tag:
	runs-on: ubuntu-latest
	needs:
	- docker-build-and-scan
	- go-build
	if: ${{needs.go-build.outputs.release == 'true'}}
	env:
	PRERELEASE_TAG: '${{needs.go-build.outputs.semver}}-${{ github.sha }}'
	RELEASE_TAG: ${{needs.go-build.outputs.semver}}
	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Install Crane
	uses: imjasonh/setup-crane@v0.1

	- name: Crane Add Release Tags
	run: \|
	crane tag ${{ env.DOCKER_IMAGE }}:${{ env.PRERELEASE_TAG }} ${{ env.RELEASE_TAG }}
	crane tag ${{ env.DOCKER_IMAGE }}:${{ env.PRERELEASE_TAG }} latest


	- name: Generate SBOM
	uses: anchore/sbom-action@v0
	with:
	image: ${{ env.DOCKER_IMAGE }}
	artifact-name: ${{ env.SBOM_FILE }}

	- name: Git Configuration
	run: \|
	git config --global user.email "${{ env.GIT_CI_EMAIL }}"
	git config --global user.name "${{ env.GIT_CI_USERNAME }}
	git config --global commit.gpgsign true"

	- name: Tag and Push
	run: \|
	git tag -a ${{needs.go-build.outputs.semver}} -m "${{needs.go-build.outputs.semver}}"
	git push origin ${{needs.go-build.outputs.semver}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: updated packages docs #191

Workflow file

docs: updated packages docs #191

Jobs

Run details

Workflow file for this run