.github/workflows/build-test.yml

name: Build and Test

on:
  push:
  pull_request:

jobs:

  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: "1.20"

      - name: Check out code
        uses: actions/checkout@v4

      - name: Lint Go Code
        run: |
          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2
          make lint

  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: "1.20"

      - name: Check out code
        uses: actions/checkout@v2

      - name: Run Unit tests.
        run: |
          mkdir reports
          make test-coverage

      - name: Uploads reports
        if: ${{ !startsWith(github.ref_name, '1.') }}
        uses: actions/upload-artifact@v2
        with:
          path: |
            ./reports/cover.out
            ./reports/cover.html

  build:
    name: Build & push image
    runs-on: ubuntu-latest
    needs: [lint, test]
    steps:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: "1.20"

      - name: Check out code
        uses: actions/checkout@v2

      - name: Build
        run: make build

      - name: Login to Github Packages
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Build image and push GitHub Container Registry
        uses: docker/build-push-action@v5
        with:
          context: ./
          tags: |
            ghcr.io/solacedev/pubsubplus-prometheus-exporter:1.0.2-dev
          push: true
          platforms: linux/amd64,linux/arm64

      - name: Run Whitesource Action
        uses: SolaceDev/Mend-Scan-GHA@v1.0.0
        with:
          wssURL: https://saas.whitesourcesoftware.com/agent
          apiKey: ${{ secrets.WSS_API_KEY }}
          productName: 'pubsubplus-prometheus-exporter'
          projectName: 'pubsubplus-prometheus-exporter'
          configFile: 'ci/whitesource/whitesource-agent.config'

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ghcr.io/solacedev/pubsubplus-prometheus-exporter:1.0.2-dev
          format: 'sarif'
          severity: 'CRITICAL,HIGH'
          output: 'trivy-results.sarif'

      - name: Uploads Trivy Scan Reports
        if: ${{ !startsWith(github.ref_name, '1.') }}
        uses: actions/upload-artifact@v2
        with:
          path: |
            trivy-results.sarif