golang HTTP API #588
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: vaas-golang-ci | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- "golang/vaas/**" | |
- ".github/workflows/ci-golang.yaml" | |
tags: | |
- "golang/vaas/v*.*.*" | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "golang/vaas/**" | |
- ".github/workflows/ci-golang.yaml" | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: choice | |
description: "Test environment" | |
options: | |
- production | |
- staging | |
- develop | |
default: "production" | |
env: | |
CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
CLIENT_SECRET: ${{secrets.CLIENT_SECRET}} | |
VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de" | |
TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token" | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }} | |
VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }} | |
VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}} | |
jobs: | |
extract-major-version: | |
runs-on: ubuntu-latest | |
outputs: | |
major_version: ${{ steps.extract_major_version.outputs.major_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Extract major version | |
id: extract_major_version | |
if: startsWith(github.ref, 'refs/tags') | |
run: echo "major_version=$(echo ${GITHUB_REF#refs/tags/golang/vaas/} | cut -d '.' -f 1)" >> "$GITHUB_OUTPUT" | |
virus-scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Scan for Viruses | |
uses: ./.github/actions/vaas-scan-action | |
with: | |
VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }} | |
VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }} | |
build-golang: | |
runs-on: ubuntu-latest | |
container: | |
image: golang:latest | |
strategy: | |
matrix: | |
version-directory: ["./", "v2/", "v3/"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: set legacy vaas gateway for production | |
run: | | |
if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then | |
echo "VAAS_URL=wss://gateway.production.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
else | |
echo "VAAS_URL=https://gateway.production.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
fi | |
- name: set staging environment | |
if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-beta'))) | |
run: | | |
echo "Beta version: Testing against staging" | |
echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV | |
if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then | |
echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
else | |
echo "VAAS_URL=https://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
fi | |
echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: set develop environment | |
if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-alpha'))) | |
run: | | |
echo "Alpha version: Testing against develop" | |
echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV | |
echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV | |
if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then | |
echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
else | |
echo "VAAS_URL=https://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
fi | |
echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
- name: run tests | |
run: go test -race ./... | |
working-directory: golang/vaas/${{ matrix.version-directory }} | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} | |
codeql: | |
runs-on: ubuntu-latest | |
timeout-minutes: 360 | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: go | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
category: "/language:go" | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed codeql on for VaaS-SDK ${GITHUB_WORKFLOW}`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} | |
vulncheck: | |
runs-on: ubuntu-latest | |
container: | |
image: golang:latest | |
strategy: | |
matrix: | |
version-directory: [".", "v2", "v3"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install govulncheck | |
run: go install golang.org/x/vuln/cmd/govulncheck@latest | |
shell: bash | |
- name: Run govulncheck | |
run: govulncheck ./${{ matrix.version-directory }}... | |
working-directory: golang/vaas/ | |
shell: bash | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} | |
deploy: | |
runs-on: ubuntu-latest | |
needs: | |
- extract-major-version | |
- virus-scan | |
- build-golang | |
- codeql | |
- vulncheck | |
steps: | |
- name: publish module | |
env: | |
MAJOR_VERSION: ${{ needs.extract-major-version.outputs.major_version }} | |
if: startsWith(github.ref, 'refs/tags') | |
run: | | |
if [ "$MAJOR_VERSION" = "v1" ]; then | |
GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas@${GITHUB_REF#refs/tags/golang/vaas/} | |
else | |
GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas/${MAJOR_VERSION}@${GITHUB_REF#refs/tags/golang/vaas/} | |
fi | |
- name: Microsoft Teams Notification | |
uses: skitionek/notify-microsoft-teams@master | |
if: failure() | |
with: | |
webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`" | |
job: ${{ toJson(job) }} | |
steps: ${{ toJson(steps) }} |