Skip to content

Commit a09ae7b

Browse files
committed
feat: add CI/CD pipeline workflows for build, integration testing, and security scanning
1 parent 0465369 commit a09ae7b

3 files changed

Lines changed: 133 additions & 0 deletions

File tree

.github/workflows/build.yml

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
name: Build
2+
3+
on:
4+
push:
5+
branches: [main]
6+
pull_request:
7+
branches: [main]
8+
9+
permissions:
10+
contents: read
11+
12+
jobs:
13+
lint:
14+
name: Lint
15+
runs-on: ubuntu-latest
16+
steps:
17+
- uses: actions/checkout@v4
18+
19+
- uses: actions/setup-go@v5
20+
with:
21+
go-version-file: go.mod
22+
cache: true
23+
24+
- name: golangci-lint
25+
uses: golangci/golangci-lint-action@v6
26+
with:
27+
version: latest
28+
29+
test:
30+
name: Test
31+
runs-on: ubuntu-latest
32+
steps:
33+
- uses: actions/checkout@v4
34+
35+
- uses: actions/setup-go@v5
36+
with:
37+
go-version-file: go.mod
38+
cache: true
39+
40+
- name: Unit tests
41+
run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
42+
43+
- name: Upload coverage
44+
uses: actions/upload-artifact@v4
45+
with:
46+
name: coverage
47+
path: coverage.out
48+
retention-days: 7
49+
50+
build:
51+
name: Build
52+
runs-on: ubuntu-latest
53+
needs: [lint, test]
54+
steps:
55+
- uses: actions/checkout@v4
56+
57+
- uses: actions/setup-go@v5
58+
with:
59+
go-version-file: go.mod
60+
cache: true
61+
62+
- name: Build all services
63+
run: go build ./cmd/...

.github/workflows/integration.yml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
name: Integration Tests
2+
3+
on:
4+
push:
5+
branches: [main]
6+
schedule:
7+
- cron: '0 4 * * 1' # Monday 04:00 UTC
8+
9+
permissions:
10+
contents: read
11+
12+
jobs:
13+
integration:
14+
name: Integration Tests
15+
runs-on: ubuntu-latest
16+
17+
services:
18+
nats:
19+
image: nats:2.10-alpine
20+
options: >-
21+
--health-cmd "wget -qO- http://localhost:8222/healthz || exit 1"
22+
--health-interval 5s
23+
--health-timeout 5s
24+
--health-retries 5
25+
ports:
26+
- 4222:4222
27+
- 8222:8222
28+
29+
env:
30+
NATS_URL: nats://localhost:4222
31+
TESTCONTAINERS_RYUK_DISABLED: "true"
32+
33+
steps:
34+
- uses: actions/checkout@v4
35+
36+
- uses: actions/setup-go@v5
37+
with:
38+
go-version-file: go.mod
39+
cache: true
40+
41+
- name: Integration tests
42+
run: go test -tags integration -timeout 120s -race ./...

.github/workflows/security.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
name: Security
2+
3+
on:
4+
push:
5+
branches: [main]
6+
schedule:
7+
- cron: '0 5 * * 1' # Monday 05:00 UTC
8+
9+
permissions:
10+
contents: read
11+
12+
jobs:
13+
govulncheck:
14+
name: Vulnerability Scan
15+
runs-on: ubuntu-latest
16+
steps:
17+
- uses: actions/checkout@v4
18+
19+
- uses: actions/setup-go@v5
20+
with:
21+
go-version-file: go.mod
22+
cache: true
23+
24+
- name: Install govulncheck
25+
run: go install golang.org/x/vuln/cmd/govulncheck@latest
26+
27+
- name: Run govulncheck
28+
run: govulncheck ./...

0 commit comments

Comments
 (0)