Skip to content
CI Pipeline

Fix ci #20

Sign in to view logs

Fix ci

Fix ci #20

Workflow file for this run

.github/workflows/ci.yml at 1969551
name: CI Pipeline
on:
push:
branches: ["*"]
pull_request:
branches: ["*"]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install dependencies
run: go mod download
- name: Run unit tests
run: go test -v -race -coverprofile=coverage.out ./...
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.out
flags: unittests
name: codecov-umbrella
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3
with:
version: latest
args: --timeout=5m
# Security vulnerability scanning
security-scan:
runs-on: ubuntu-latest
name: Security Vulnerability Scan
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install dependencies
run: go mod download
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
run: govulncheck ./...
- name: Install gosec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run gosec security scanner
run: |
gosec -fmt sarif -out gosec-results.sarif ./...
continue-on-error: true
- name: Upload gosec results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: gosec-results.sarif
category: gosec
# CodeQL Analysis
codeql-analysis:
name: CodeQL Analysis
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ['go']
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install dependencies
run: go mod download
- name: Build for CodeQL
run: |
go build -v ./cmd/mpcium
go build -v ./cmd/mpcium-cli
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
# SBOM Generation
sbom:
runs-on: ubuntu-latest
name: Generate SBOM
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install dependencies
run: go mod download
- name: Build binaries
run: |
go build -o mpcium ./cmd/mpcium
go build -o mpcium-cli ./cmd/mpcium-cli
- name: Install Syft
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Generate SBOM with Syft (SPDX-JSON)
run: |
syft . -o spdx-json=sbom.spdx.json
- name: Generate SBOM with Syft (CycloneDX)
run: |
syft . -o cyclonedx-json=sbom.cyclonedx.json
- name: Generate SBOM with Syft (Syft JSON)
run: |
syft . -o syft-json=sbom.syft.json
- name: Upload SBOM artifacts
uses: actions/upload-artifact@v4
with:
name: sbom-files
path: |
sbom.spdx.json
sbom.cyclonedx.json
sbom.syft.json
retention-days: 30
- name: Scan SBOM with Grype
uses: anchore/scan-action@v3
with:
path: sbom.spdx.json
fail-build: false
output-format: sarif
output-file: grype-results.sarif
continue-on-error: true
- name: Upload Grype results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: grype-results.sarif
category: grype
- name: Display SBOM summary
run: |
echo "📦 SBOM Generation Summary"
echo "========================="
echo "Generated SBOM files:"
ls -la sbom.*
echo ""
echo "SBOM package count:"
echo "SPDX: $(jq '.packages | length' sbom.spdx.json)"
echo "CycloneDX: $(jq '.components | length' sbom.cyclonedx.json)"
echo "Syft: $(jq '.artifacts | length' sbom.syft.json)"
build:
runs-on: ubuntu-latest
needs: [test, lint, security-scan, codeql-analysis, sbom]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.23"
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Build mpcium
run: go build -v ./cmd/mpcium
- name: Build mpcium-cli
run: go build -v ./cmd/mpcium-cli