Merge pull request #99 from wxianfeng/main #105
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Format Check | |
| run: | | |
| unformatted="$(find cmd internal test -name '*.go' -print0 | xargs -0r gofmt -l)" | |
| test -z "$unformatted" || (printf '%s\n' "$unformatted" && exit 1) | |
| - name: Go Vet | |
| run: go vet ./... | |
| # golangci-lint temporarily disabled: v1.64.8 built with Go 1.24 is incompatible with Go 1.25 | |
| # - name: golangci-lint | |
| # uses: golangci/golangci-lint-action@v6 | |
| # with: | |
| # version: v1.64.8 | |
| # args: ./... | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install archive tooling | |
| run: sudo apt-get update && sudo apt-get install -y zip unzip | |
| - name: Build | |
| run: make build | |
| - name: Test with Race Detection | |
| run: go test -v -race -count=1 -timeout=5m ./cmd/... ./internal/... | |
| coverage: | |
| name: Coverage | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install archive tooling | |
| run: sudo apt-get update && sudo apt-get install -y zip unzip | |
| - name: Build | |
| run: make build | |
| - name: Run tests with coverage | |
| run: | | |
| go test -coverprofile=coverage.txt -covermode=atomic ./cmd/... ./internal/... | |
| go tool cover -func=coverage.txt | |
| - name: Generate coverage report | |
| run: go tool cover -html=coverage.txt -o coverage.html | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report | |
| path: | | |
| coverage.txt | |
| coverage.html | |
| - name: Update coverage badge | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| COVERAGE=$(go tool cover -func=coverage.txt | grep total | awk '{print $3}' | sed 's/%//') | |
| echo "Coverage: ${COVERAGE}%" | |
| if (( $(echo "$COVERAGE >= 80" | bc -l) )); then | |
| COLOR="brightgreen" | |
| elif (( $(echo "$COVERAGE >= 60" | bc -l) )); then | |
| COLOR="yellow" | |
| else | |
| COLOR="red" | |
| fi | |
| mkdir -p .github/badges | |
| curl -s "https://img.shields.io/badge/coverage-${COVERAGE}%25-${COLOR}" > .github/badges/coverage.svg | |
| - name: Commit badge | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git add .github/badges/coverage.svg || true | |
| git diff --staged --quiet || git commit -m "chore: update coverage badge [skip ci]" | |
| git push || true | |
| policy: | |
| name: Policy Check | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Build | |
| run: make build | |
| - name: Policy | |
| run: make policy | |
| - name: Generated Drift | |
| run: ./scripts/policy/check-generated-drift.sh | |
| edition-tests: | |
| name: Edition Contract Tests | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.mod | |
| - name: Run edition contract tests | |
| run: go test -v -count=1 ./pkg/editiontest/... | |
| notify-downstream: | |
| name: Notify Wukong Overlay | |
| needs: [test, policy, edition-tests] | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - name: Trigger downstream CI | |
| run: | | |
| # Trigger internal GitLab CI pipeline via webhook. | |
| # WUKONG_TRIGGER_TOKEN is a repository secret. | |
| if [ -n "${{ secrets.WUKONG_TRIGGER_TOKEN }}" ]; then | |
| curl --fail --silent --show-error \ | |
| -X POST \ | |
| -F "token=${{ secrets.WUKONG_TRIGGER_TOKEN }}" \ | |
| -F "ref=main" \ | |
| -F "variables[UPSTREAM_SHA]=${{ github.sha }}" \ | |
| "${{ secrets.WUKONG_TRIGGER_URL }}" | |
| echo "Downstream CI triggered." | |
| else | |
| echo "No WUKONG_TRIGGER_TOKEN configured, skipping downstream notification." | |
| fi |