onvif-go/.github/workflows/ci.yml

name: CI

on:
  push:
    branches: [ master, main, develop ]
  pull_request:
    branches: [ master, main, develop ]

permissions:
  contents: read
  checks: write
  pull-requests: write

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  # Quick validation - fail fast on obvious issues
  validate:
    name: Quick Validation
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
    
    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: '1.24'
    
    - name: Cache Go modules
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/go-build
          ~/go/pkg/mod
        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-
    
    - name: Download dependencies
      run: go mod download && go mod verify
    
    - name: Check formatting
      run: |
        if [ "$(gofmt -s -l . | grep -v vendor | wc -l)" -gt 0 ]; then
          echo "❌ Code formatting issues found:"
          gofmt -s -d . | grep -v vendor
          exit 1
        fi
        echo "✅ Code formatting is correct"
    
    - name: Run go vet
      run: go vet ./...
    
    - name: Lint with golangci-lint
      uses: golangci/golangci-lint-action@v6
      with:
        version: latest
        args: --timeout=5m

  # Test on primary Go version with coverage
  test:
    name: Test (Go 1.23)
    runs-on: ubuntu-latest
    needs: validate
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
    
    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: '1.24'
    
    - name: Cache Go modules
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/go-build
          ~/go/pkg/mod
        key: ${{ runner.os }}-go-1.24-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-1.24-
    
    - name: Download dependencies
      run: go mod download
    
    - name: Run tests with coverage
      run: go test -v -race -covermode=atomic -coverprofile=coverage.out ./...
    
    - name: Generate coverage report
      run: go tool cover -html=coverage.out -o coverage.html
    
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v4
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        files: ./coverage.out
        flags: unittests
        name: codecov-umbrella
        fail_ci_if_error: false
    
    - name: Archive coverage
      if: always()
      uses: actions/upload-artifact@v4
      with:
        name: coverage-report
        path: |
          coverage.out
          coverage.html
        retention-days: 30

  # Test on multiple Go versions and platforms
  test-matrix:
    name: Test (Go ${{ matrix.go-version }} on ${{ matrix.os }})
    runs-on: ${{ matrix.os }}
    needs: validate
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        go-version: ['1.24']
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
    
    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ matrix.go-version }}
    
    - name: Cache Go modules
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/go-build
          ~/go/pkg/mod
        key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-${{ matrix.go-version }}-
    
    - name: Download dependencies
      run: go mod download
    
    - name: Run tests
      run: go test -v -race ./...

  # Build verification
  build:
    name: Build Verification
    runs-on: ubuntu-latest
    needs: validate
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
    
    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: '1.24'
    
    - name: Cache Go modules
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/go-build
          ~/go/pkg/mod
        key: ${{ runner.os }}-go-1.24-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-1.24-
    
    - name: Download dependencies
      run: go mod download
    
    - name: Build main packages
      run: go build -v ./...
    
    - name: Build examples
      run: |
        for dir in examples/*/; do
          if [ -f "$dir/main.go" ] || [ -f "$dir/*.go" ]; then
            echo "Building $dir"
            (cd "$dir" && go build -v .) || echo "⚠️  Failed to build $dir"
          fi
        done
    
    - name: Build CLI tools
      run: |
        go build -v ./cmd/onvif-cli
        go build -v ./cmd/onvif-quick
        go build -v ./cmd/onvif-server
        go build -v ./cmd/onvif-diagnostics

  # Code quality - only run if tests pass
  sonarcloud:
    name: Code Quality (SonarCloud)
    runs-on: ubuntu-latest
    needs: test
    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') && secrets.SONAR_TOKEN != ''
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    
    - name: Download coverage from test job
      uses: actions/download-artifact@v4
      with:
        name: coverage-report
    
    - name: SonarCloud Scan
      uses: SonarSource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      with:
        args: >
          -Dsonar.projectKey=0x524a_onvif-go
          -Dsonar.organization=0x524a
          -Dsonar.go.coverage.reportPaths=coverage.out