tw-stash/.github/workflows/ci.yaml at main · bytes-zone/tw-stash · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: CI

on:
  push:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: stable

      - name: Build optimized binary
        run: |
          CGO_ENABLED=0 go build -ldflags="-s -w" -o tw-stash

          file tw-stash
          if file tw-stash | grep "dynamically linked" > /dev/null; then
            echo "tw-stash is dynamically linked. This will break the container."
            exit 1
          fi

      - name: Save release
        uses: actions/upload-artifact@v4
        with:
          name: tw-stash
          path: tw-stash

  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: stable

      - name: Build optimized binary
        run: |
          go test

  lint:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: stable

      - name: golangci-lint
        uses: golangci/golangci-lint-action@v6
        with:
          version: v1.60

  typos:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: crate-ci/typos@master

  containerize:
    runs-on: "ubuntu-latest"

    needs: [build, test, lint, typos]

    permissions:
      contents: read
      packages: write
    outputs:
      tag: ${{ steps.containerize.outputs.tag }}
    env:
      IMAGE_NAME: "ghcr.io/bytes-zone/tw-stash"
      REGISTRY: "ghcr.io"
    steps:
      - uses: actions/checkout@v4

      - uses: actions/download-artifact@v4
        with:
          name: tw-stash
          path: artifact

      - id: containerize
        run: |
          TAG="$(sha256sum artifact/tw-stash | cut -f 1 -d ' ')"
          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
          docker build . --tag "${{ env.IMAGE_NAME }}:${TAG}"

          docker run --detach --rm --name tw-stash --env SECRET=test --publish 8080:8080 "${{ env.IMAGE_NAME }}:${TAG}"

          sleep 1

          curl --fail http://localhost:8080/healthz

      - name: Log into the container registry
        uses: docker/login-action@v3
        if: ${{ github.ref == 'refs/heads/main' }}
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Push
        if: ${{ github.ref == 'refs/heads/main' }}
        run: docker push "${{ env.IMAGE_NAME }}:${{ steps.containerize.outputs.tag }}"

  deploy:
    runs-on: ubuntu-latest
    needs: [containerize]

    if: ${{ github.ref == 'refs/heads/main' }}

    env:
      IMAGE_NAME: "ghcr.io/bytes-zone/tw-stash"
      REGISTRY: "ghcr.io"

    steps:
      - uses: actions/checkout@v4
        with:
          repository: bytes-zone/infrastructure.v3
          ref: main
          ssh-key: ${{ secrets.DEPLOY_KEY }}

      - name: update manifest
        run: |
          ./update-job-image-gha.sh stash "${{ env.IMAGE_NAME }}:${{ needs.containerize.outputs.tag }}"