name: CI on: push: branches: [ master, main, develop ] pull_request: branches: [ master, main, develop ] permissions: contents: read checks: write pull-requests: write concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: # Quick validation - fail fast on obvious issues validate: name: Quick Validation runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: '1.23' - name: Cache Go modules uses: actions/cache@v4 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: Download dependencies run: go mod download && go mod verify - name: Check formatting run: | if [ "$(gofmt -s -l . | grep -v vendor | wc -l)" -gt 0 ]; then echo "❌ Code formatting issues found:" gofmt -s -d . | grep -v vendor exit 1 fi echo "✅ Code formatting is correct" - name: Run go vet run: go vet ./... - name: Lint with golangci-lint uses: golangci/golangci-lint-action@v6 with: version: latest args: --timeout=5m # Test on primary Go version with coverage test: name: Test (Go 1.23) runs-on: ubuntu-latest needs: validate steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: '1.23' - name: Cache Go modules uses: actions/cache@v4 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-1.23-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-1.23- - name: Download dependencies run: go mod download - name: Run tests with coverage run: go test -v -race -covermode=atomic -coverprofile=coverage.out ./... - name: Generate coverage report run: go tool cover -html=coverage.out -o coverage.html - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.out flags: unittests name: codecov-umbrella fail_ci_if_error: false - name: Archive coverage if: always() uses: actions/upload-artifact@v4 with: name: coverage-report path: | coverage.out coverage.html retention-days: 30 # Test on multiple Go versions and platforms test-matrix: name: Test (Go ${{ matrix.go-version }} on ${{ matrix.os }}) runs-on: ${{ matrix.os }} needs: validate strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] go-version: ['1.21', '1.22', '1.23'] exclude: # Skip older Go versions on macOS and Windows to save CI time - os: macos-latest go-version: '1.21' - os: windows-latest go-version: '1.21' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} - name: Cache Go modules uses: actions/cache@v4 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ matrix.go-version }}- - name: Download dependencies run: go mod download - name: Run tests run: go test -v -race ./... # Build verification build: name: Build Verification runs-on: ubuntu-latest needs: validate steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: '1.23' - name: Cache Go modules uses: actions/cache@v4 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-1.23-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-1.23- - name: Download dependencies run: go mod download - name: Build main packages run: go build -v ./... - name: Build examples run: | for dir in examples/*/; do if [ -f "$dir/main.go" ] || [ -f "$dir/*.go" ]; then echo "Building $dir" (cd "$dir" && go build -v .) || echo "⚠️ Failed to build $dir" fi done - name: Build CLI tools run: | go build -v ./cmd/onvif-cli go build -v ./cmd/onvif-quick go build -v ./cmd/onvif-server go build -v ./cmd/onvif-diagnostics # Code quality - only run if tests pass sonarcloud: name: Code Quality (SonarCloud) runs-on: ubuntu-latest needs: test if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') && secrets.SONAR_TOKEN != '' steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Download coverage from test job uses: actions/download-artifact@v4 with: name: coverage-report - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} with: args: > -Dsonar.projectKey=0x524a_onvif-go -Dsonar.organization=0x524a -Dsonar.go.coverage.reportPaths=coverage.out