fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24 #251
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Push Production Docker Image | |
on: | |
push: | |
branches: [ "*" ] | |
pull_request: | |
branches: [ "*" ] | |
jobs: | |
unit-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21.3' | |
- name: Install dependencies for go | |
run: go mod download | |
- name: Unit Testing | |
run: go test -v ./... | |
- name: Generate coverage report | |
run: go test -coverprofile=coverage.out ./... | |
- name: Upload coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-report | |
path: coverage.out | |
- name: Notify IRC Success | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Unit tests for https://github.com/${{ github.repository }} completed successfully with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 3}" https://convos.findlayis.me/wmb/message | |
if: success() | |
- name: Notify IRC Failure | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Unit tests for https://github.com/${{ github.repository }} failed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 4}" https://convos.findlayis.me/wmb/message | |
if: failure() | |
sonar: | |
needs: [unit-test] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Download coverage report | |
uses: actions/download-artifact@v4 | |
with: | |
name: coverage-report | |
- name: SonarCloud Scan | |
uses: sonarsource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
nancy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.22.3 | |
- name: Check for Go vulnerabilities | |
run: | | |
go list -json -m all | docker run --rm -i sonatypecommunity/nancy:latest sleuth | |
- name: Notify IRC Success | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Vulnerability scan for https://github.com/${{ github.repository }} completed successfully with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 3}" https://convos.findlayis.me/wmb/message | |
if: success() | |
- name: Notify IRC Failure | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Vulnerability scan for https://github.com/${{ github.repository }} failed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 4}" https://convos.findlayis.me/wmb/message | |
if: failure() | |
build-and-scan: | |
needs: [sonar, nancy, unit-test] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Repository | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.DOCKER_REGISTRY }} | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: Build and load amd64 Docker image for vuln scanning | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64 | |
load: true | |
tags: ${{ secrets.DOCKER_REPO }}:latest-scan | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: ${{ secrets.DOCKER_REPO }}:latest-scan | |
exit-code: '1' | |
severity: 'HIGH' | |
ignore-unfixed: true | |
- name: Notify IRC on Success | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Build and scan of ${{ secrets.DOCKER_REPO }}:latest completed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 3}" https://convos.findlayis.me/wmb/message | |
if: success() | |
- name: Notify IRC on Failure | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Build and scan of ${{ secrets.DOCKER_REPO }}:latest failed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 4}" https://convos.findlayis.me/wmb/message | |
if: failure() | |
build-and-push: | |
needs: build-and-scan | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Repository | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.DOCKER_REGISTRY }} | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Docker images for private repo | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ secrets.DOCKER_REPO }}:latest | |
- name: Build Docker images for ghcr.io | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ghcr.io/${{ github.repository }}:latest | |
- name: Notify IRC on Success | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Build and push of ${{ secrets.DOCKER_REPO }}:latest completed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 3}" https://convos.findlayis.me/wmb/message | |
if: success() | |
- name: Notify IRC on Failure | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Build and push of ${{ secrets.DOCKER_REPO }}:latest failed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 4}" https://convos.findlayis.me/wmb/message | |
if: failure() | |
deploy: | |
needs: [build-and-push] | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deploy image to production | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.SSH_HOST }} | |
username: ${{ secrets.SSH_USERNAME }} | |
key: ${{ secrets.SSH_SECRET }} | |
port: 22 | |
script: | | |
cd /srv/wmb | |
docker compose pull | |
docker compose up -d | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Notify IRC Success | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Prod deploy for https://github.com/${{ github.repository }} completed successfully with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 3}" https://convos.findlayis.me/wmb/message | |
if: success() | |
- name: Notify IRC Failure | |
run: | | |
export COMMIT_MSG=$(git log -1 --pretty=%B) | |
export MESSAGE="Prod deploy for https://github.com/${{ github.repository }} failed with commit message: $COMMIT_MSG. See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
curl -X POST -H "Content-Type: application/json" -d "{\"message\": \"$MESSAGE\", \"password\": \"${{ secrets.WMB_PASSWORD }}\", \"colourcode\": 4}" https://convos.findlayis.me/wmb/message | |
if: failure() |