Skip to content
Commits on Source (13)
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
View file @ 20a138f2
include:
- project: 'to-be-continuous/tools/gitlab-ci'
ref: 'master'
file: '/templates/extract.yml'
- project: 'to-be-continuous/tools/gitlab-ci'
ref: 'master'
file: '/templates/validation.yml'
- project: 'to-be-continuous/kicker'
ref: 'master'
file: '/templates/validation.yml'
- project: 'to-be-continuous/bash'
ref: '3.4'
file: '/templates/gitlab-ci-bash.yml'
- project: 'to-be-continuous/semantic-release'
ref: '3.11'
file: '/templates/gitlab-ci-semrel.yml'
# variables in the GitLab CI/CD variables:
# GITLAB_TOKEN to support the semantic-release
# DOCKER_AUTH_CONFIG to support the usage of private docker images as job docker image
# TMPL_RELEASE_ENABLED to enable the semantic-release job
# TBC_NAMESPACE: smartdatalab/public/ci-cd-components
stages:
- build
- publish
include:
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/extract@master
inputs:
extract-script-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitlab-ci/validation@master
inputs:
check-links-job-tags: ["docker"]
tbc-check-job-tags: ["docker"]
tbc-check-image: cicd-docker-dev.artifact.tecnalia.com/tbc-check:master
gitlab-ci-lint-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/kicker/validation@master
inputs:
kicker-validation-job-tags: ["docker"]
schema-base-url: "https://git.code.tecnalia.com/api/v4/projects/smartdatalab%2Fpublic%2Fci-cd-components%2Fkicker/repository/files"
yajsv-image: "cicd-docker-dev.artifact.tecnalia.com/yajsv:latest"
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/bash/gitlab-ci-bash@master
inputs:
bash-shellcheck-job-tags: ["docker"]
shellcheck-files: "*.sh"
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/semantic-release/gitlab-ci-semrel@master
inputs:
semantic-release-job-tags: ["docker"]
- component: $CI_SERVER_FQDN/$TBC_NAMESPACE/gitleaks/gitlab-ci-gitleaks@master
inputs:
gitleaks-job-tags: ["docker"]
variables:
GITLAB_CI_FILES: "templates/gitlab-ci-golang.yml"
BASH_SHELLCHECK_FILES: "*.sh"
GIT_STRATEGY: clone
semantic-release:
rules:
......
CHANGELOG.md
View file @ 20a138f2
# [4.10.0](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/golang/compare/4.9.2...4.10.0) (2024-08-29)
### Features
* optional installation of Go tools ([5a78d9d](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/golang/commit/5a78d9d8000b45edf165940eba35b6f196e97bf5))
## [4.9.2](https://gitlab.com/to-be-continuous/golang/compare/4.9.1...4.9.2) (2024-07-02)
......
README.md
View file @ 20a138f2
......@@ -4,17 +4,17 @@ This project implements a GitLab CI/CD template to build, test and analyse your
## Usage
This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration)
This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component)
or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
### Use as a CI/CD component
Add the following to your `gitlab-ci.yml`:
Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- component: gitlab.com/to-be-continuous/golang/gitlab-ci-golang@4.9.2
- component: $CI_SERVER_FQDN/to-be-continuous/golang/gitlab-ci-golang@4.10.0
# 2: set/override component inputs
inputs:
image: "registry.hub.docker.com/library/golang:buster" # ⚠ this is only an example
......@@ -22,13 +22,13 @@ include:
### Use as a CI/CD template (legacy)
Add the following to your `gitlab-ci.yml`:
Add the following to your `.gitlab-ci.yml`:
```yaml
include:
# 1: include the template
- project: 'to-be-continuous/golang'
ref: '4.9.2'
ref: '4.10.0'
file: '/templates/gitlab-ci-golang.yml'
variables:
......@@ -57,6 +57,7 @@ It is disable by default and can be enabled by setting the `GO_GENERATE_MODULES`
| Input / Variable | Description | Default value |
|------------------|------------------------------------------------------------------------------------------------------------|-----------------|
| `generate-modules` / `GO_GENERATE_MODULES` | Space separated list of Go code generator modules (ex: `stringer mockery`) | _none_ (disabled) |
| `go-generate-job-tags` / `GO_GENERATE_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
#### Capture generated files as job artifacts
......@@ -144,6 +145,9 @@ These jobs use the following variable:
| `target-os` / `GO_TARGET_OS` | The `GOOS` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63) | _none_ (fallback to go docker image `GOOS`) |
| `target-arch` / `GO_TARGET_ARCH` | The `GOARCH` target [see available values](https://gist.github.com/asukakenji/f15ba7e588ac42795f421b48b8aede63) | _none_ (fallback to go docker image `GOARCH`) |
| `cobertura-flags` / `GO_COBERTURA_FLAGS` | The `GOFLAGS` to use with `gocover-cobertura` if needed | _none_ |
| `go-build-job-tags` / `GO_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
| `go-test-job-tags` / `GO_TEST_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
| `go-build-test-job-tags` / `GO_BUILD_TEST_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In addition to a textual report in the console, the test jobs produce the following reports, kept for one day:
......@@ -166,6 +170,7 @@ It is bound to the `build` stage, and uses the following variables:
| `ci-lint-image` / `GO_CI_LINT_IMAGE` | The Docker image used to run `golangci-lint` | `registry.hub.docker.com/golangci/golangci-lint:latest-alpine` |
| `ci-lint-args` / `GO_CI_LINT_ARGS` | `golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options) | `-E gosec,goimports ./...` |
| `ci-lint-disabled` / `GO_CI_LINT_DISABLED` | Set to `true` to disable this job | _none_ (enabled) |
| `go-ci-lint-job-tags` / `GO_CI_LINT_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In addition to a textual report in the console, this job produces the following reports, kept for one day:
......@@ -183,6 +188,7 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default value |
|------------------------|-----------------------------------------------------------------------------------------------|-------------------|
| `mod-outdated-args` / `GO_MOD_OUTDATED_ARGS` | `god-mod-outdated` [command line arguments](https://github.com/psampaz/go-mod-outdated#usage) | `-update -direct` |
| `go-mod-outdated-job-tags` / `GO_MOD_OUTDATED_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
Checking outdated modules can be a long operation and therefore the job is configured to be ran **manually** by default (overridable).
......@@ -230,6 +236,7 @@ It is bound to the `test` stage, and uses the following variables:
| `sbom-disabled` / `GO_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `sbom-image` / `GO_SBOM_IMAGE` | Image of cyclonedx-gomod used for SBOM analysis | `registry.hub.docker.com/cyclonedx/cyclonedx-gomod:latest` |
| `sbom-opts` / `GO_SBOM_OPTS` | [@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis | `-main .` |
| `go-sbom-job-tags` / `GO_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
:warning: if you don't have your main class located at the root of your `GO_PROJECT_DIR`, then you will need to override the `-main` option in `GO_SBOM_OPTS` and define your real main class location.
......@@ -249,4 +256,5 @@ It is bound to the `test` stage, and uses the following variables:
| Input / Variable | Description | Default value |
| --------------------- | -------------------------------------- | ----------------- |
| `vulncheck-disabled` / `GO_VULNCHECK_DISABLED` | Set to `true` to disable this job | _none_
| `vulncheck-args` / `GO_VULNCHECK_ARGS` | `govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags) | `./...` |
\ No newline at end of file
| `vulncheck-args` / `GO_VULNCHECK_ARGS` | `govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags) | `./...` |
| `go-govulncheck-job-tags` / `GO_GOVULNCHECK_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
\ No newline at end of file
kicker.json
View file @ 20a138f2
......@@ -87,6 +87,27 @@
"name": "GO_COBERTURA_FLAGS",
"description": "Build flags to add to use gocover-cobertura, leave blank if not needed",
"advanced": true
},
{
"name": "GO_GO_BUILD_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
},
{
"name": "GO_GO_TEST_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
},
{
"name": "GO_GO_BUILD_TEST_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
],
"features": [
......@@ -99,6 +120,13 @@
"name": "GO_GENERATE_MODULES",
"description": "Space separated list of Go code generator modules (ex: `stringer mockery`)",
"mandatory": true
},
{
"name": "GO_GO_GENERATE_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -118,6 +146,13 @@
"description": "`golangci-lint` [command line arguments](https://github.com/golangci/golangci-lint#command-line-options)",
"default": "-E gosec,goimports ./...",
"advanced": true
},
{
"name": "GO_GO_CI_LINT_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -131,6 +166,13 @@
"description": "`god-mod-outdated` [command line arguments](https://github.com/psampaz/go-mod-outdated#usage",
"default": "-update -direct",
"advanced": true
},
{
"name": "GO_GO_MOD_OUTDATED_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -149,6 +191,13 @@
"description": "[@cyclonedx/cyclonedx-gomod options](https://github.com/CycloneDX/cyclonedx-gomod#usage) used for SBOM analysis",
"default": "-main .",
"advanced": true
},
{
"name": "GO_GO_SBOM_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
},
......@@ -163,6 +212,13 @@
"description": "`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)",
"default": "./...",
"advanced": true
},
{
"name": "GO_GO_GOVULNCHECK_JOB_TAGS",
"description": "Tags to be used for selecting runners for the job",
"type": "array",
"default": [],
"advanced": true
}
]
}
......
templates/gitlab-ci-golang.yml
View file @ 20a138f2
......@@ -100,6 +100,39 @@ spec:
vulncheck-args:
description: '`govulncheck` [command line arguments](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Flags)'
default: ./...
go-generate-job-tags:
description: tags to filter applicable runners for go-generate job
type: array
default: []
go-build-job-tags:
description: tags to filter applicable runners for go-build job
type: array
default: []
go-test-job-tags:
description: tags to filter applicable runners for go-test job
type: array
default: []
go-build-test-job-tags:
description: tags to filter applicable runners for go-build-test job
type: array
default: []
go-ci-lint-job-tags:
description: tags to filter applicable runners for go-ci-lint job
type: array
default: []
go-mod-outdated-job-tags:
description: tags to filter applicable runners for go-mod-outdated job
type: array
default: []
go-sbom-job-tags:
description: tags to filter applicable runners for go-sbom job
type: array
default: []
go-govulncheck-job-tags:
description: tags to filter applicable runners for go-govulncheck job
type: array
default: []
---
workflow:
rules:
......@@ -342,9 +375,12 @@ stages:
log_info "--- \\e[32mCoverage report(s) found\\e[0m (\\e[33;1m${coverage_out}\\e[0m): output"
percent=$(go tool cover -func="$coverage_out" | tail -1 | awk -F" " '{print $NF}')
echo "${percent} covered"
go get github.com/boumenot/gocover-cobertura
GOFLAGS="$GO_COBERTURA_FLAGS" go run github.com/boumenot/gocover-cobertura < "$coverage_out" > reports/go-coverage.cobertura.xml
if ! command -v gocover-cobertura > /dev/null
then
log_info "Installing gocover-cobertura.."
go install github.com/boumenot/gocover-cobertura@latest
fi
GOFLAGS="$GO_COBERTURA_FLAGS" gocover-cobertura < "$coverage_out" > reports/go-coverage.cobertura.xml
else
log_info "--- \\e[32mCoverage report(s) not found\\e[0m: skip"
fi
......@@ -419,7 +455,7 @@ stages:
# produce JUnit report (for GitLab)
install_go_junit_report
"$GOBIN/go-junit-report" < "$go_text_report" > reports/go-test.xunit.xml
go-junit-report < "$go_text_report" > reports/go-test.xunit.xml
# produce JSON report (for SonarQube)
go tool test2json < "$go_text_report" > reports/go-test.native.json
......@@ -429,17 +465,25 @@ stages:
}
function install_go_junit_report() {
cd "$(mktemp -d)"
go mod init go-junit-report
go install github.com/jstemmer/go-junit-report@latest
cd -
if ! command -v go-junit-report > /dev/null
then
cd "$(mktemp -d)"
go mod init go-junit-report
log_info "Installing go-junit-report.."
go install github.com/jstemmer/go-junit-report@latest
cd -
fi
}
function install_go_mod_outdated() {
cd "$(mktemp -d)"
go mod init go-mod-outdated
go install github.com/psampaz/go-mod-outdated@latest
cd -
if ! command -v go-mod-outdated > /dev/null
then
cd "$(mktemp -d)"
go mod init go-mod-outdated
log_info "Installing go-mod-outdated.."
go install github.com/psampaz/go-mod-outdated@latest
cd -
fi
}
function install_go_govulncheck() {
......@@ -462,7 +506,7 @@ stages:
image: $GO_IMAGE
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "golang", "4.9.2"]
command: ["--service", "golang", "4.10.0"]
variables:
# The directory where 'go install' will install a command.
GOBIN: "$CI_PROJECT_DIR/$GO_PROJECT_DIR/bin"
......@@ -483,6 +527,7 @@ stages:
fi
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- cd ${GO_PROJECT_DIR}
- export PATH=$GOBIN:$PATH
go-generate:
extends: .go-base
......@@ -501,6 +546,7 @@ go-generate:
- "${GO_PROJECT_DIR}/**/mock/"
- "${GO_PROJECT_DIR}/**/mocks/"
- "${GO_PROJECT_DIR}/**/*mock*.go"
tags: $[[ inputs.go-generate-job-tags ]]
go-build:
extends: .go-base
......@@ -514,7 +560,8 @@ go-build:
- $GO_PROJECT_DIR/bin/
rules:
# if $GO_TEST_IMAGE set
- if: '$GO_TEST_IMAGE != ""'
- if: '$GO_TEST_IMAGE'
tags: $[[ inputs.go-build-job-tags ]]
go-test:
extends: .go-base
......@@ -541,6 +588,7 @@ go-test:
- if: '$GO_TEST_IMAGE == ""'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-test-job-tags ]]
go-build-test:
extends: .go-base
......@@ -567,6 +615,7 @@ go-build-test:
rules:
# if $GO_TEST_IMAGE not set
- if: '$GO_TEST_IMAGE == ""'
tags: $[[ inputs.go-build-test-job-tags ]]
go-ci-lint:
extends: .go-base
......@@ -590,6 +639,7 @@ go-ci-lint:
- if: '$GO_CI_LINT_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-ci-lint-job-tags ]]
go-mod-outdated:
extends: .go-base
......@@ -601,9 +651,9 @@ go-mod-outdated:
- go $GO_LIST_ARGS > reports/go-list.native.json
- install_go_mod_outdated
# console output (no fail)
- $GOBIN/go-mod-outdated $GO_MOD_OUTDATED_ARGS < reports/go-list.native.json
- go-mod-outdated $GO_MOD_OUTDATED_ARGS < reports/go-list.native.json
# text report (-ci fails)
- $GOBIN/go-mod-outdated $GO_MOD_OUTDATED_ARGS -ci < reports/go-list.native.json > reports/go-mod-outdated.native.txt
- go-mod-outdated $GO_MOD_OUTDATED_ARGS -ci < reports/go-list.native.json > reports/go-mod-outdated.native.txt
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
......@@ -618,6 +668,7 @@ go-mod-outdated:
# else manual & non-blocking
- when: manual
allow_failure: true
tags: $[[ inputs.go-mod-outdated-job-tags ]]
go-sbom:
extends: .go-base
......@@ -654,6 +705,7 @@ go-sbom:
- if: '$GO_SBOM_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-sbom-job-tags ]]
go-govulncheck:
extends: .go-base
......@@ -662,9 +714,10 @@ go-govulncheck:
script:
- mkdir -p -m 777 reports
- install_go_govulncheck
- $GOBIN/govulncheck ${GO_VULNCHECK_ARGS}
- govulncheck ${GO_VULNCHECK_ARGS}
rules:
# exclude if GO_CI_LINT_DISABLED set
- if: '$GO_VULNCHECK_DISABLED == "true"'
when: never
- !reference [.test-policy, rules]
tags: $[[ inputs.go-govulncheck-job-tags ]]