0x524a
306c69ba89
- Unified CI workflow with fail-fast behavior, streamlining stages for formatting, linting, testing, and SonarCloud analysis. - Enhanced SonarCloud configuration to exclude test files and improve security hotspot analysis. - Removed outdated coverage and lint workflows, consolidating functionality into the main CI pipeline. - Updated README to reflect changes in CI structure and added details on workflow stages and requirements.
5.7 KiB
5.7 KiB
GitHub Actions Workflows
This directory contains all CI/CD workflows for the ONVIF Go library.
Workflows
🔄 CI (ci.yml) - Main Pipeline
Unified continuous integration workflow with fail-fast behavior.
The CI pipeline runs sequentially - if any stage fails, subsequent stages are skipped:
fmt → lint → test → sonarcloud
↘ build
Stages:
| Stage | Description | Depends On |
|---|---|---|
| fmt | Format check using gofmt -s |
- |
| lint | Static analysis with go vet and golangci-lint |
fmt |
| test | Unit tests with race detector + coverage | lint |
| sonarcloud | Code quality & security analysis | test |
| build | Build verification for all packages | test |
| ci-success | Final status check | all |
Features:
- ✅ Fail-fast: stops immediately if any check fails
- ✅ Codecov integration for coverage reporting
- ✅ SonarCloud integration for code quality
- ✅ Go module caching for faster builds
- ✅ Concurrency control (cancels in-progress runs)
Triggers:
- Push to
master,main,develop - Pull requests to
master,main,develop
🧪 Extended Tests (test.yml)
Extended testing workflow for comprehensive test coverage.
Jobs:
- test-older-versions - Test on older Go versions (1.19, 1.20)
- benchmark - Run benchmark tests
- race-detector - Extended race detector tests
Triggers:
- Manual dispatch
- Weekly schedule (Sunday 2 AM UTC)
- Push to
master/mainwhen Go files change
🚀 Release (release.yml)
Automated release workflow for creating GitHub releases.
Jobs:
- build - Build binaries for all platforms (Linux, Windows, macOS, multiple architectures)
- release - Create GitHub release with artifacts
- docker - Build and push Docker images to GHCR
Triggers:
- Push tags matching
v*.*.* - Manual dispatch with version input
🔒 Security (security.yml)
Security scanning workflow.
Jobs:
- gosec - Security scanner
- govulncheck - Vulnerability checker
Triggers:
- Push to
master/main - Pull requests
- Weekly schedule
📚 Documentation (docs.yml)
Documentation validation workflow.
Triggers:
- Push to
master/mainwhen docs change - Manual dispatch
🔐 Dependency Review (dependency-review.yml)
Dependency vulnerability review.
Triggers:
- Pull requests
CI Pipeline Flow
┌─────────────────────────────────────────────────────────────────┐
│ CI PIPELINE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────────────────────┐ │
│ │ FMT │────▶│ LINT │────▶│ TEST + COVERAGE │ │
│ └─────────┘ └─────────┘ └───────────┬─────────────┘ │
│ │ │
│ ┌─────────┴─────────┐ │
│ ▼ ▼ │
│ ┌────────────┐ ┌───────────┐ │
│ │ SONARCLOUD │ │ BUILD │ │
│ └────────────┘ └───────────┘ │
│ │ │ │
│ └─────────┬─────────┘ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ CI SUCCESS │ │
│ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
❌ If any stage fails, the pipeline stops immediately (fail-fast)
SonarCloud Configuration
Security Hotspot analysis excludes:
- Test files (
**/*_test.go) - CI configuration (
**/.github/**) - Test utilities (
**/testing/**,**/testdata/**) - Example code (
**/examples/**) - CLI tools (
**/cmd/**)
This ensures security analysis focuses on production library code.
Required Secrets
| Secret | Required | Description |
|---|---|---|
CODECOV_TOKEN |
Yes | Coverage reporting to Codecov |
SONAR_TOKEN |
Yes | SonarCloud code analysis |
DOCKERHUB_USERNAME |
No | Docker Hub releases |
DOCKERHUB_TOKEN |
No | Docker Hub releases |
Workflow Status
- ✅ Go 1.24 as primary version
- ✅ Unified fail-fast CI pipeline
- ✅ Go module caching for faster builds
- ✅ Artifact uploads for coverage and releases
- ✅ Concurrency control
Last Updated: December 3, 2025