From a936310c97fd23e5c25c2efd97067132477f0865 Mon Sep 17 00:00:00 2001 From: Adam Chalkley Date: Sun, 25 Sep 2022 17:18:20 -0500 Subject: [PATCH] Refactor GitHub Actions workflows to import logic Rework workflows to reduce duplicated effort across projects that I maintain: - remove project-specific workflow content, import workflow logic from a new shared project resource repo - rename files to match "upstream" project files, rename workflows to better described bundled jobs --- .github/workflows/codeql-analysis.yml | 69 ------------ .github/workflows/lint-and-build-code.yml | 102 ------------------ .../workflows/lint-and-build-using-make.yml | 77 ------------- .github/workflows/lint-and-build.yml | 24 +++++ .github/workflows/lint-and-test-only.yml | 62 ----------- .github/workflows/lint-docs.yml | 49 --------- .github/workflows/project-analysis.yml | 39 +++++++ .github/workflows/push-validation.yml | 19 ++++ 8 files changed, 82 insertions(+), 359 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .github/workflows/lint-and-build-code.yml delete mode 100644 .github/workflows/lint-and-build-using-make.yml create mode 100644 .github/workflows/lint-and-build.yml delete mode 100644 .github/workflows/lint-and-test-only.yml delete mode 100644 .github/workflows/lint-docs.yml create mode 100644 .github/workflows/project-analysis.yml create mode 100644 .github/workflows/push-validation.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 5761277..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2020 Adam Chalkley -# -# https://github.com/atc0005/go-nagios -# -# Licensed under the MIT License. See LICENSE file in the project root for -# full license information. - -name: "CodeQL" - -on: - push: - branches: [master] - pull_request: - # The branches below must be a subset of the branches above - branches: [master] - schedule: - - cron: "19 2 * * 3" - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - # Default: 360 minutes - timeout-minutes: 10 - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["go"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2.1.25 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2.1.25 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2.1.25 diff --git a/.github/workflows/lint-and-build-code.yml b/.github/workflows/lint-and-build-code.yml deleted file mode 100644 index 10cd0c1..0000000 --- a/.github/workflows/lint-and-build-code.yml +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2020 Adam Chalkley -# -# https://github.com/atc0005/go-nagios -# -# Licensed under the MIT License. See LICENSE file in the project root for -# full license information. - -name: Validate Codebase - -# Run builds for Pull Requests (new, updated) -# `synchronized` seems to equate to pushing new commits to a linked branch -# (whether force-pushed or not) -on: - #push: - pull_request: - types: [opened, synchronize] - -jobs: - lint_code: - name: Lint codebase - runs-on: ubuntu-latest - timeout-minutes: 10 - # Don't flag the whole workflow as failed if "experimental" matrix jobs - # fail. This allows the unstable image linting tasks to fail without - # marking the oldstable and stable image linting jobs as failed. - continue-on-error: ${{ matrix.experimental }} - strategy: - # Don't stop all workflow jobs if the unstable image linting tasks fail. - fail-fast: false - matrix: - container-image: ["go-ci-oldstable", "go-ci-stable"] - experimental: [false] - include: - - container-image: "go-ci-unstable" - experimental: true - container: - image: "ghcr.io/atc0005/go-ci:${{ matrix.container-image}}" - - steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: Remove repo-provided golangci-lint config file - run: | - # Remove the copy of the config file bundled with the repo/code so - # that the configuration provided by the atc0005/go-ci project is - # used instead - rm -vf .golangci.yml - - - name: Run golangci-lint using container-provided config file settings - run: | - golangci-lint --version - golangci-lint run - - # This is the very latest stable version of staticcheck provided by the - # atc0005/go-ci container. The version included with golangci-lint often - # lags behind the official stable releases. - - name: Run staticcheck - run: | - staticcheck --version - staticcheck $(go list -mod=vendor ./... | grep -v /vendor/) - - test_code: - name: Run tests - runs-on: ubuntu-latest - timeout-minutes: 10 - strategy: - matrix: - container-image: ["go-ci-oldstable", "go-ci-stable", "go-ci-unstable"] - - container: - image: "ghcr.io/atc0005/go-ci:${{ matrix.container-image}}" - - steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: Run all tests - run: go test -mod=vendor -v ./... - - build_code: - name: Build codebase - runs-on: ubuntu-latest - # Default: 360 minutes - timeout-minutes: 10 - strategy: - matrix: - container-image: ["go-ci-oldstable", "go-ci-stable", "go-ci-unstable"] - - container: - image: "ghcr.io/atc0005/go-ci:${{ matrix.container-image}}" - - steps: - - name: Print go version - run: go version - - - name: Check out code - uses: actions/checkout@v3 - - - name: Build using vendored dependencies (if applicable) - run: | - go build -v -mod=vendor ./... diff --git a/.github/workflows/lint-and-build-using-make.yml b/.github/workflows/lint-and-build-using-make.yml deleted file mode 100644 index 51d19d2..0000000 --- a/.github/workflows/lint-and-build-using-make.yml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2020 Adam Chalkley -# -# https://github.com/atc0005/go-nagios -# -# Licensed under the MIT License. See LICENSE file in the project root for -# full license information. - -name: Lint and Build using Makefile - -# Run builds for Pull Requests (new, updated) -# `synchronized` seems to equate to pushing new commits to a linked branch -# (whether force-pushed or not) -on: - #push: - pull_request: - types: [opened, synchronize] - -jobs: - lint_code_with_makefile: - name: Lint codebase using Makefile - runs-on: ubuntu-latest - # Default: 360 minutes - timeout-minutes: 10 - container: - # Use (lightly touched) mirror of current "vanilla" upstream golang image - image: "ghcr.io/atc0005/go-ci:go-ci-stable-mirror-build" - - steps: - - name: Print go version - run: go version - - - name: Check out code into the Go module directory - uses: actions/checkout@v3 - - # bsdmainutils provides "column" which is used by the Makefile - - name: Install Ubuntu packages - run: apt-get update && apt-get install -y --no-install-recommends make gcc bsdmainutils - - - name: Install Go linting tools - run: make lintinstall - - # NOTE: We are intentionally *not* removing the repo-provided config - # file (per GH-281) as this workflow is intended to emulate running the - # Makefile via a local dev environment. - # - # - name: Remove repo-provided golangci-lint config file - # run: | - # # Remove the copy of the config file bundled with the repo/code so - # # that the configuration provided by the atc0005/go-ci project is - # # used instead - # rm -vf .golangci.yml - - - name: Run Go linting tools using project Makefile - run: make linting - - build_code_with_makefile: - name: Build codebase using Makefile - runs-on: ubuntu-latest - # Default: 360 minutes - timeout-minutes: 10 - container: - # Use (lightly touched) mirror of current "vanilla" upstream golang image - image: "ghcr.io/atc0005/go-ci:go-ci-stable-mirror-build" - - steps: - - name: Print go version - run: go version - - - name: Check out code into the Go module directory - uses: actions/checkout@v3 - - # bsdmainutils provides "column" which is used by the Makefile - - name: Install Ubuntu packages - run: apt-get update && apt-get install -y --no-install-recommends make gcc bsdmainutils - - - name: Build using project Makefile - run: make all diff --git a/.github/workflows/lint-and-build.yml b/.github/workflows/lint-and-build.yml new file mode 100644 index 0000000..2430942 --- /dev/null +++ b/.github/workflows/lint-and-build.yml @@ -0,0 +1,24 @@ +# Copyright 2022 Adam Chalkley +# +# https://github.com/atc0005/go-nagios +# +# Licensed under the MIT License. See LICENSE file in the project root for +# full license information. + +name: Lint and Build + +# Run builds for Pull Requests (new, updated) +# `synchronized` seems to equate to pushing new commits to a linked branch +# (whether force-pushed or not) +on: + pull_request: + types: [opened, synchronize] + +jobs: + lint_and_build_using_ci_matrix: + name: CI matrix + uses: atc0005/shared-project-resources/.github/workflows/lint-and-build-using-ci-matrix.yml@master + + lint_and_build_using_makefile: + name: Makefile + uses: atc0005/shared-project-resources/.github/workflows/lint-and-build-using-make.yml@master diff --git a/.github/workflows/lint-and-test-only.yml b/.github/workflows/lint-and-test-only.yml deleted file mode 100644 index 8ea34ee..0000000 --- a/.github/workflows/lint-and-test-only.yml +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright 2020 Adam Chalkley -# -# https://github.com/atc0005/go-nagios -# -# Licensed under the MIT License. See LICENSE file in the project root for -# full license information. - -name: Quick Validation - -# Run builds for Pull Requests (new, updated) -# `synchronized` seems to equate to pushing new commits to a linked branch -# (whether force-pushed or not) -on: - push: - -jobs: - lint_and_test_code: - name: Lint and test using latest stable container - runs-on: ubuntu-latest - timeout-minutes: 10 - container: - image: ghcr.io/atc0005/go-ci:go-ci-lint-only - - steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: Remove repo-provided golangci-lint config file - run: | - # Remove the copy of the config file bundled with the repo/code so - # that the configuration provided by the atc0005/go-ci project is - # used instead - rm -vf .golangci.yml - - - name: Run golangci-lint using container-provided config file settings - run: | - golangci-lint --version - golangci-lint run - - - name: Run all tests - run: go test -mod=vendor -v ./... - - go_mod_changes: - name: Look for uncommitted Go module changes - runs-on: ubuntu-latest - timeout-minutes: 10 - container: - image: ghcr.io/atc0005/go-ci:go-ci-lint-only - - steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: go mod tidy - run: | - go mod tidy - git diff --exit-code go.mod - - - name: go mod vendor - run: | - go mod vendor - git diff --exit-code diff --git a/.github/workflows/lint-docs.yml b/.github/workflows/lint-docs.yml deleted file mode 100644 index 9aafccc..0000000 --- a/.github/workflows/lint-docs.yml +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2020 Adam Chalkley -# -# https://github.com/atc0005/go-nagios -# -# Licensed under the MIT License. See LICENSE file in the project root for -# full license information. - -name: Validate Docs - -# Run Workflow for Pull Requests (new, updated) -# `synchronized` seems to equate to pushing new commits to a linked branch -# (whether force-pushed or not) -on: - pull_request: - types: [opened, synchronize] - -jobs: - lint_markdown: - name: Lint Markdown files - runs-on: "ubuntu-latest" - # Default: 360 minutes - timeout-minutes: 10 - - steps: - - name: Setup Node - # https://github.com/actions/setup-node - uses: actions/setup-node@v3 - with: - node-version: "lts/*" - - - name: Install Markdown linting tools - run: | - npm install markdownlint --save-dev - npm install -g markdownlint-cli - echo "markdownlint version: $(markdownlint --version)" - - - name: Check out code - uses: actions/checkout@v3 - - - name: Run Markdown linting tools - # The `.markdownlint.yml` file specifies config settings for this - # linter, including which linting rules to ignore. - # - # Note: Explicitly ignoring top-level vendor folder; we do not want - # potential linting issues in bundled documentation to fail linting CI - # runs for *our* documentation - run: | - echo "markdownlint version: $(markdownlint --version)" - markdownlint '**/*.md' --ignore node_modules --ignore vendor diff --git a/.github/workflows/project-analysis.yml b/.github/workflows/project-analysis.yml new file mode 100644 index 0000000..a7f5bdd --- /dev/null +++ b/.github/workflows/project-analysis.yml @@ -0,0 +1,39 @@ +# Copyright 2022 Adam Chalkley +# +# https://github.com/atc0005/go-nagios +# +# Licensed under the MIT License. See LICENSE file in the project root for +# full license information. + +name: Project Analysis + +on: + push: + branches: [master] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] + + # `synchronized` seems to equate to pushing new commits to a linked branch + # (whether force-pushed or not) + types: [opened, synchronize] + schedule: + # ┌───────────── minute (0 - 59) + # │ ┌───────────── hour (0 - 23) + # │ │ ┌───────────── day of the month (1 - 31) + # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) + # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) + # │ │ │ │ │ + # │ │ │ │ │ + # │ │ │ │ │ + # * * * * * + - cron: "19 2 * * 0" + +jobs: + lint: + name: Lint + uses: atc0005/shared-project-resources/.github/workflows/lint-project-files.yml@master + + vulnerability: + name: Vulnerability + uses: atc0005/shared-project-resources/.github/workflows/vulnerability-analysis.yml@master diff --git a/.github/workflows/push-validation.yml b/.github/workflows/push-validation.yml new file mode 100644 index 0000000..7d19df0 --- /dev/null +++ b/.github/workflows/push-validation.yml @@ -0,0 +1,19 @@ +# Copyright 2022 Adam Chalkley +# +# https://github.com/atc0005/go-nagios +# +# Licensed under the MIT License. See LICENSE file in the project root for +# full license information. + +name: Push Validation + +# Run jobs when someone pushes to a repository branch. This workflow is +# intended to provide quick validation of content changes for Pull Requests +# (new, updated). +on: + push: + +jobs: + quick_validation: + name: Quick + uses: atc0005/shared-project-resources/.github/workflows/quick-validation.yml@master