gilles/onvif-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
306c69ba89a973c752110e52b9f9a672245398bb
onvif-go/.github/workflows/README.md
T
0x524a 306c69ba89 chore: update CI workflows and SonarCloud configuration for improved analysis and coverage reporting 
- Unified CI workflow with fail-fast behavior, streamlining stages for formatting, linting, testing, and SonarCloud analysis.
- Enhanced SonarCloud configuration to exclude test files and improve security hotspot analysis.
- Removed outdated coverage and lint workflows, consolidating functionality into the main CI pipeline.
- Updated README to reflect changes in CI structure and added details on workflow stages and requirements.
2025-12-02 22:39:42 -05:00

166 lines
5.7 KiB
Markdown
Raw Blame History

# GitHub Actions Workflows
This directory contains all CI/CD workflows for the ONVIF Go library.
## Workflows
### 🔄 CI (`ci.yml`) - Main Pipeline
**Unified continuous integration workflow with fail-fast behavior.**
The CI pipeline runs sequentially - if any stage fails, subsequent stages are skipped:
```
fmt → lint → test → sonarcloud
↘ build
```
**Stages:**
| Stage | Description | Depends On |
|-------|-------------|------------|
| **fmt** | Format check using `gofmt -s` | - |
| **lint** | Static analysis with `go vet` and `golangci-lint` | fmt |
| **test** | Unit tests with race detector + coverage | lint |
| **sonarcloud** | Code quality & security analysis | test |
| **build** | Build verification for all packages | test |
| **ci-success** | Final status check | all |
**Features:**
- ✅ Fail-fast: stops immediately if any check fails
- ✅ Codecov integration for coverage reporting
- ✅ SonarCloud integration for code quality
- ✅ Go module caching for faster builds
- ✅ Concurrency control (cancels in-progress runs)
**Triggers:**
- Push to `master`, `main`, `develop`
- Pull requests to `master`, `main`, `develop`
---
### 🧪 Extended Tests (`test.yml`)
Extended testing workflow for comprehensive test coverage.
**Jobs:**
- **test-older-versions** - Test on older Go versions (1.19, 1.20)
- **benchmark** - Run benchmark tests
- **race-detector** - Extended race detector tests
**Triggers:**
- Manual dispatch
- Weekly schedule (Sunday 2 AM UTC)
- Push to `master`/`main` when Go files change
---
### 🚀 Release (`release.yml`)
Automated release workflow for creating GitHub releases.
**Jobs:**
- **build** - Build binaries for all platforms (Linux, Windows, macOS, multiple architectures)
- **release** - Create GitHub release with artifacts
- **docker** - Build and push Docker images to GHCR
**Triggers:**
- Push tags matching `v*.*.*`
- Manual dispatch with version input
---
### 🔒 Security (`security.yml`)
Security scanning workflow.
**Jobs:**
- **gosec** - Security scanner
- **govulncheck** - Vulnerability checker
**Triggers:**
- Push to `master`/`main`
- Pull requests
- Weekly schedule
---
### 📚 Documentation (`docs.yml`)
Documentation validation workflow.
**Triggers:**
- Push to `master`/`main` when docs change
- Manual dispatch
---
### 🔐 Dependency Review (`dependency-review.yml`)
Dependency vulnerability review.
**Triggers:**
- Pull requests
---
## CI Pipeline Flow
```
┌─────────────────────────────────────────────────────────────────┐
│ CI PIPELINE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────────────────────┐ │
│ │ FMT │────▶│ LINT │────▶│ TEST + COVERAGE │ │
│ └─────────┘ └─────────┘ └───────────┬─────────────┘ │
│ │ │
│ ┌─────────┴─────────┐ │
│ ▼ ▼ │
│ ┌────────────┐ ┌───────────┐ │
│ │ SONARCLOUD │ │ BUILD │ │
│ └────────────┘ └───────────┘ │
│ │ │ │
│ └─────────┬─────────┘ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ CI SUCCESS │ │
│ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
❌ If any stage fails, the pipeline stops immediately (fail-fast)
```
---
## SonarCloud Configuration
Security Hotspot analysis excludes:
- Test files (`**/*_test.go`)
- CI configuration (`**/.github/**`)
- Test utilities (`**/testing/**`, `**/testdata/**`)
- Example code (`**/examples/**`)
- CLI tools (`**/cmd/**`)
This ensures security analysis focuses on production library code.
---
## Required Secrets
| Secret | Required | Description |
|--------|----------|-------------|
| `CODECOV_TOKEN` | Yes | Coverage reporting to Codecov |
| `SONAR_TOKEN` | Yes | SonarCloud code analysis |
| `DOCKERHUB_USERNAME` | No | Docker Hub releases |
| `DOCKERHUB_TOKEN` | No | Docker Hub releases |
---
## Workflow Status
- ✅ Go 1.24 as primary version
- ✅ Unified fail-fast CI pipeline
- ✅ Go module caching for faster builds
- ✅ Artifact uploads for coverage and releases
- ✅ Concurrency control
---
*Last Updated: December 3, 2025*
Reference in New Issue View Git Blame Copy Permalink