ci: update #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v*.*.*' # Trigger on semantic versioning tags | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| lint: | |
| name: Lint and Format Check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: stable | |
| - name: Run GolangCI-Lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: v1.60 | |
| security: | |
| name: Security Scanning | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| env: | |
| GO111MODULE: on | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v4 | |
| - name: Run Gosec Security Scanner | |
| uses: securego/gosec@master | |
| with: | |
| args: ./... -exclude=G301,G304,G306 | |
| build-and-publish: | |
| name: Build and Publish Binaries | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint | |
| - security | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: stable | |
| - name: Build for Linux x86_64 | |
| run: | | |
| GOOS=linux GOARCH=amd64 go build -o cli-tool-linux-amd64 | |
| - name: Build for Linux ARM | |
| run: | | |
| GOOS=linux GOARCH=arm64 go build -o cli-tool-linux-arm64 | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| release_name: Release ${{ github.ref_name }} | |
| draft: false | |
| prerelease: false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload x86_64 Binary | |
| uses: actions/upload-release-asset@v1 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./cli-tool-linux-amd64 | |
| asset_name: cli-tool-linux-amd64 | |
| asset_content_type: application/octet-stream | |
| - name: Upload ARM Binary | |
| uses: actions/upload-release-asset@v1 | |
| with: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./cli-tool-linux-arm64 | |
| asset_name: cli-tool-linux-arm64 | |
| asset_content_type: application/octet-stream |