Skip to content

Feat/apigateway integration #1622

Feat/apigateway integration

Feat/apigateway integration #1622

Workflow file for this run

---
name: Test & Build
on:
# Trigger the workflow on push or pull request,
# but only for the main branch
push:
branches:
- "main"
tags:
- "v*"
pull_request:
branches:
- main
workflow_dispatch:
jobs:
test:
name: Test
runs-on: depot-ubuntu-22.04-8
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # also fetch tags and branches for `git describe`
- uses: actions/setup-go@v5
with:
go-version: 1.x
check-latest: true
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Go Generate
run: |
go generate ./...
- name: Validate Docs Data
run: |
if [ -z "$(git status --porcelain)" ]; then
echo "No pending docs changes"
else
echo "Pending docs changes found, please run 'go generate ./...' and commit the changes"
git status
exit 1
fi
- name: Vet
run: go vet ./...
# get .golangci.yml from github.com/overmindtech/golangci-lint_config
- name: Get .golangci.yml from github.com/overmindtech/golangci-lint_configs
run: |
curl -sfL https://raw.githubusercontent.com/overmindtech/golangci-lint_config/main/.golangci.yml -o .golangci.yml
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: v1.60.1
args: --timeout 3m
skip-cache: true # the linters require all code generation and dependecies to be present, but the cache implementation completely falls over when there is already existing content. See https://github.com/golangci/golangci-lint-action/issues/23, https://github.com/golangci/golangci-lint-action/issues/863, https://github.com/golangci/golangci-lint-action/issues/984
- name: Run tests
run: go test -race -v ./...
env:
# Environment variables so that AWS resources can be created
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: eu-west-2
scan-container:
name: Scan Container
runs-on:
depot-ubuntu-24.04
# this is for container scanning with aws inspector
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout@v2
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # also fetch tags and branches for `git describe`
- uses: depot/setup-action@v1
- name: Build Docker image
uses: depot/build-push-action@v1
with:
project: xnsnw3m20t
context: .
file: "build/package/Dockerfile"
push: false
tags: app:latest
load: true
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: "eu-west-2"
role-to-assume: "${{ secrets.AWS_INSPECTOR_ROLE }}"
- name: Invoke Amazon Inspector Scan
id: inspector
uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@main
with:
artifact_type: "container"
artifact_path: "app:latest"
display_vulnerability_findings: "enabled"
sbomgen_version: "latest"
build:
name: Build
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
needs:
- test
- scan-container
permissions:
contents: read # required for checkout
id-token: write # mint credentials through OIDC
packages: write
strategy:
fail-fast: false
matrix:
include:
- dockerfile: Dockerfile
image_name: aws-source
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # also fetch tags and branches for `git describe`
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/overmindtech/${{ matrix.image_name }}
docker.cloudsmith.io/overmind/service/${{ matrix.image_name }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Cloudsmith Container Registry
uses: docker/login-action@v3
with:
registry: docker.cloudsmith.io
username: ${{ secrets.CLOUDSMITH_SERVICE_USER }}
password: ${{ secrets.CLOUDSMITH_API_KEY }}
- uses: depot/setup-action@v1
- name: Build and push
id: push
uses: depot/build-push-action@v1
with:
project: xnsnw3m20t
file: build/package/${{ matrix.dockerfile }}
context: .
sbom: true
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Prepare Deployment
run: |
echo "ghcr.io/overmindtech/${{ matrix.image_name }}@${{ steps.push.outputs.digest }}" | tee ${{ matrix.image_name }}.imageref
- name: Upload Deployment File
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.image_name }}.imageref
path: ${{ matrix.image_name }}.imageref