@@ -20,25 +20,145 @@ Common Continuous Integration (`CI`) workflows and setup for go-openapi repos.
2020
2121## Status
2222
23- Unreleased .
23+ Development is active. We are regularly adding more shared workflows to standardize CI across go-openapi repos .
2424
25- Initial setup. Content may evolve with breaking changes.
26-
27- > NOTE: at this moment, it is difficult to share the dependabot and golangci-lint configurations,
25+ > NOTE: at this moment, it is difficult to share the configurations for dependabot and golangci-lint,
2826> so these are not shared yet.
2927
3028## Basic usage
3129
30+ You reuse a workflow like so:
31+
32+ ``` yaml
33+ name : go test
34+
35+ permissions :
36+ pull-requests : read
37+ contents : read
38+
39+ on :
40+ push :
41+ branches :
42+ - master
43+
44+ pull_request :
45+
46+ jobs :
47+ test :
48+ uses : go-openapi/ci-workflow/.github/workflows/go-test.yml@master
49+ secrets : inherit
50+ ` ` `
51+
52+ It is recommended to pin the git ref ` master` with a commit sha, and let dependabot keep you up to date. Like so:
53+
54+ ` ` ` yaml
55+ uses: go-openapi/ci-workflow/.github/workflows/go-test.yml@b28a8b978a5ee5b7f4241ffafd6cc6163edb5dfd # v0.1.0
56+ ` ` `
57+
58+ # ## Permissions
59+
60+ Make sure your job permissions match the requirements of the called shared workflow.
61+
62+ Example :
63+ ` ` ` yaml
64+ name: "CodeQL"
65+
66+ on:
67+ push:
68+ branches: [ "master" ]
69+ pull_request:
70+ branches: [ "master" ]
71+ paths-ignore: # remove this clause if CodeQL is a required check
72+ - '**/*.md'
73+ schedule:
74+ - cron: '39 19 * * 5'
75+
76+ permissions:
77+ contents: read
78+
79+ jobs:
80+ codeql:
81+ permissions: # <- grant permissions at the job level that match the requirements of the called workflow
82+ contents: read
83+ security-events: write
84+ uses: ./.github/workflows/codeql.yml
85+ secrets: inherit
86+ ` ` `
87+
88+ # # Available workflows `[v0.1.0]`
89+
90+ # ## Dependencies automation
91+
92+ * auto-merge.yml:
93+ * auto-merge dependabot updates, with dependency group rules
94+ * auto-merge go-openapi bot updates
95+
96+ # ## Test automation
97+
98+ * go-test.yml: go unit tests **TODO** support for mono-repos
99+ * includes:
100+ * fuzz-test.yml: orchestrates fuzz testing with a cached corpus
101+ * collect-coverage.yml: (common) collect & publish test coverage (to codecov)
102+ * collect-reports.yml: (common) collect & publish test reports (to codecov and github)
103+
104+ # ## Security
105+
106+ * codeql.yml: CodeQL workflow for go and github actions
107+ * scanner.yml: trivy & govulncheck scans
108+
109+ # ## Release automation
110+
111+ * bump-release.yml: manually triggered workflow to cut a release
112+ * tag-release.yml: cut a release on push tag
113+ * release.yml: (common) release & release notes build
114+
115+ # ## Documentation quality
116+
117+ * contributors.yml: updates CONTRIBUTORS.md
118+
32119# # Motivation
33120
34- It took a while (well a something like 10 years...), but we eventually managed to align all checks, tests and
121+ It took a while (well something like 10 years...), but we eventually managed to align all checks, tests and
35122dependabot rules declared in the family of go-openapi repos.
36123
37124Now we'd like to be able to maintain, enrich and improve these checks without
38125worrying too much about the burden of replicating the stuff about a dozen times.
39126
127+ # # Change log
128+
129+ See <https://github.com/go-openapi/ci-workflows/releases>
130+
131+ # # Licensing
132+
133+ This content ships under the [SPDX-License-Identifier : Apache-2.0](./LICENSE).
134+
135+ <!--
136+ # # Limitations
137+ -->
138+
139+ # # Other documentation
140+
141+ * [All-time contributors](./CONTRIBUTORS.md)
142+ * [Contributing guidelines](.github/CONTRIBUTING.md)
143+ * [Maintainers documentation](docs/MAINTAINERS.md)
144+ * [Code style](docs/STYLE.md)
145+
146+ # # Cutting a new release
147+
148+ Maintainers can cut a new release by either :
149+
150+ * running [this workflow](https://github.com/go-openapi/gh-actions/actions/workflows/local-bump-release.yml)
151+ * or pushing a semver tag
152+ * signed tags are preferred
153+ * The tag message is prepended to release notes
154+
40155# # Contemplated enhancements
41156
157+ Most urgent :
158+
159+ * [ ] mono-repo test
160+ * [ ] mono-repo release
161+
42162In no particular order :
43163
44164* [x] ui: enrich github actions UI with a job summary
@@ -70,34 +190,6 @@ To be reworked:
70190* [ ] doc: add markdown linting for docs
71191* [ ] doc: add spellcheck for docs (and code?)
72192
73- ## Change log
74-
75- See < https://github.com/go-openapi/ci-workflows/releases >
76-
77- ## Licensing
78-
79- This content ships under the [ SPDX-License-Identifier: Apache-2.0] ( ./LICENSE ) .
80-
81- <!--
82- ## Limitations
83- -->
84-
85- ## Other documentation
86-
87- * [ All-time contributors] ( ./CONTRIBUTORS.md )
88- * [ Contributing guidelines] ( .github/CONTRIBUTING.md )
89- * [ Maintainers documentation] ( docs/MAINTAINERS.md )
90- * [ Code style] ( docs/STYLE.md )
91-
92- ## Cutting a new release
93-
94- Maintainers can cut a new release by either:
95-
96- * running [ this workflow] ( https://github.com/go-openapi/gh-actions/actions/workflows/local-bump-release.yml )
97- * or pushing a semver tag
98- * signed tags are preferred
99- * The tag message is prepended to release notes
100-
101193<!-- Badges : status -->
102194[test-badge] : https://github.com/go-openapi/ci-workflows/actions/workflows/go-test.yml/badge.svg
103195[test-url] : https://github.com/go-openapi/ci-workflows/actions/workflows/go-test.yml
0 commit comments