gilles/onvif-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95626ffafc16cbb01d0cf920fa661a8abf6cdacd
onvif-go/.github/workflows/README.md
T
0x524a 2c0250d29a chore: update golangci-lint configuration and improve CI workflow documentation 
- Increased thresholds for funlen and lll linters to accommodate complex functions.
- Added exclusions for dupl linter in specific files and directories to reduce false positives.
- Updated CI workflow documentation to clarify triggers and requirements for SonarCloud analysis.
- Removed unnecessary linter directives in several files for improved readability.
2025-12-02 22:57:34 -05:00

181 lines
6.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# GitHub Actions Workflows
This directory contains all CI/CD workflows for the ONVIF Go library.
## Workflows
### 🔄 CI (`ci.yml`) - Main Pipeline
**Unified continuous integration workflow with fail-fast behavior.**
The CI pipeline runs sequentially - if any stage fails, subsequent stages are skipped:
```
fmt → lint → test → sonarcloud
↘ build
```
**Stages:**
| Stage | Description | Depends On |
|-------|-------------|------------|
| **fmt** | Format check using `gofmt -s` | - |
| **lint** | Static analysis with `go vet` and `golangci-lint` | fmt |
| **test** | Unit tests with race detector + coverage | lint |
| **sonarcloud** | Code quality & security analysis (push to master only) | test |
| **build** | Build verification for all packages | test |
| **ci-success** | Final status check | all |
**Features:**
- ✅ Fail-fast: stops immediately if any check fails
- ✅ Codecov integration for coverage reporting
- ✅ SonarCloud integration for code quality
- ✅ Go module caching for faster builds
- ✅ Concurrency control (cancels in-progress runs)
**Triggers:**
- Push to `master`, `main`
- All pull requests targeting `master`, `main`
**Required for PR Merge:**
All stages must pass before a PR can be merged. Configure branch protection rules in GitHub:
1. Go to **Settings → Branches → Branch protection rules**
2. Add rule for `master`
3. Enable **Require status checks to pass before merging**
4. Select these required checks:
- `Format Check`
- `Lint`
- `Test & Coverage`
- `SonarCloud Analysis`
- `Build Verification`
- `CI Success`
---
### 🧪 Extended Tests (`test.yml`)
Extended testing workflow for comprehensive test coverage.
**Jobs:**
- **test-older-versions** - Test on older Go versions (1.19, 1.20)
- **benchmark** - Run benchmark tests
- **race-detector** - Extended race detector tests
**Triggers:**
- Manual dispatch
- Weekly schedule (Sunday 2 AM UTC)
- Push to `master`/`main` when Go files change
---
### 🚀 Release (`release.yml`)
Automated release workflow for creating GitHub releases.
**Jobs:**
- **build** - Build binaries for all platforms (Linux, Windows, macOS, multiple architectures)
- **release** - Create GitHub release with artifacts
- **docker** - Build and push Docker images to GHCR
**Triggers:**
- Push tags matching `v*.*.*`
- Manual dispatch with version input
---
### 🔒 Security (`security.yml`)
Security scanning workflow.
**Jobs:**
- **gosec** - Security scanner
- **govulncheck** - Vulnerability checker
**Triggers:**
- Push to `master`/`main`
- Pull requests
- Weekly schedule
---
### 📚 Documentation (`docs.yml`)
Documentation validation workflow.
**Triggers:**
- Push to `master`/`main` when docs change
- Manual dispatch
---
### 🔐 Dependency Review (`dependency-review.yml`)
Dependency vulnerability review.
**Triggers:**
- Pull requests
---
## CI Pipeline Flow
```
┌─────────────────────────────────────────────────────────────────┐
│ CI PIPELINE │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────────────────────┐ │
│ │ FMT │────▶│ LINT │────▶│ TEST + COVERAGE │ │
│ └─────────┘ └─────────┘ └───────────┬─────────────┘ │
│ │ │
│ ┌─────────┴─────────┐ │
│ ▼ ▼ │
│ ┌────────────┐ ┌───────────┐ │
│ │ SONARCLOUD │ │ BUILD │ │
│ │ (push only)│ └───────────┘ │
│ └────────────┘ │ │
│ │ │ │
│ └─────────┬─────────┘ │
│ ▼ │
│ ┌─────────────────┐ │
│ │ CI SUCCESS │ │
│ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
❌ If any stage fails, the pipeline stops immediately (fail-fast)
️ SonarCloud only runs on push to master/main (skipped for PRs)
```
---
## SonarCloud Configuration
Security Hotspot analysis excludes:
- Test files (`**/*_test.go`)
- CI configuration (`**/.github/**`)
- Test utilities (`**/testing/**`, `**/testdata/**`)
- Example code (`**/examples/**`)
- CLI tools (`**/cmd/**`)
This ensures security analysis focuses on production library code.
---
## Required Secrets
| Secret | Required | Description |
|--------|----------|-------------|
| `CODECOV_TOKEN` | Yes | Coverage reporting to Codecov |
| `SONAR_TOKEN` | Yes | SonarCloud code analysis |
| `DOCKERHUB_USERNAME` | No | Docker Hub releases |
| `DOCKERHUB_TOKEN` | No | Docker Hub releases |
---
## Workflow Status
- ✅ Go 1.24 as primary version
- ✅ Unified fail-fast CI pipeline
- ✅ Go module caching for faster builds
- ✅ Artifact uploads for coverage and releases
- ✅ Concurrency control
---
*Last Updated: December 3, 2025*
Reference in New Issue View Git Blame Copy Permalink