CI: generate codecov.yml before tests #5418
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# This workflow is actually running | |
# tests (with localstack) but the | |
# name is used for the badge in README.md | |
name: Build | |
on: | |
push: | |
branches: | |
- master | |
- releases/** | |
paths-ignore: | |
- 'README.md' | |
pull_request: | |
branches: | |
- master | |
- releases/** | |
paths-ignore: | |
- 'README.md' | |
# these env variables are for localstack, so we can emulate aws services | |
env: | |
RICHGO_FORCE_COLOR: 1 | |
AWS_HOST: localstack | |
# these are to mimic aws config | |
AWS_ACCESS_KEY_ID: test | |
AWS_SECRET_ACCESS_KEY: test | |
AWS_REGION: us-east-1 | |
CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF: true | |
jobs: | |
build: | |
name: "Build + tests" | |
runs-on: ubuntu-latest | |
services: | |
localstack: | |
image: localstack/localstack:3.0 | |
ports: | |
- 4566:4566 # Localstack exposes all services on the same port | |
env: | |
DEBUG: "" | |
LAMBDA_EXECUTOR: "" | |
KINESIS_ERROR_PROBABILITY: "" | |
DOCKER_HOST: unix:///var/run/docker.sock | |
KINESIS_INITIALIZE_STREAMS: ${{ env.KINESIS_INITIALIZE_STREAMS }} | |
LOCALSTACK_HOST: ${{ env.AWS_HOST }} # Required so that resource urls are provided properly | |
# e.g sqs url will get localhost if we don't set this env to map our service | |
options: >- | |
--name=localstack | |
--health-cmd="curl -sS 127.0.0.1:4566 || exit 1" | |
--health-interval=10s | |
--health-timeout=5s | |
--health-retries=3 | |
zoo1: | |
image: confluentinc/cp-zookeeper:7.4.3 | |
ports: | |
- "2181:2181" | |
env: | |
ZOOKEEPER_CLIENT_PORT: 2181 | |
ZOOKEEPER_SERVER_ID: 1 | |
ZOOKEEPER_SERVERS: zoo1:2888:3888 | |
options: >- | |
--name=zoo1 | |
--health-cmd "jps -l | grep zookeeper" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
kafka1: | |
image: crowdsecurity/kafka-ssl | |
ports: | |
- "9093:9093" | |
- "9092:9092" | |
- "9999:9999" | |
env: | |
KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://127.0.0.1:19092,LISTENER_DOCKER_EXTERNAL://127.0.0.1:9092,LISTENER_DOCKER_EXTERNAL_SSL://127.0.0.1:9093 | |
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL_SSL:SSL | |
KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_DOCKER_INTERNAL | |
KAFKA_ZOOKEEPER_CONNECT: "zoo1:2181" | |
KAFKA_BROKER_ID: 1 | |
KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO" | |
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 | |
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 | |
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 | |
KAFKA_JMX_PORT: 9999 | |
KAFKA_JMX_HOSTNAME: "127.0.0.1" | |
KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true" | |
KAFKA_SSL_KEYSTORE_FILENAME: kafka.kafka1.keystore.jks | |
KAFKA_SSL_KEYSTORE_CREDENTIALS: kafka1_keystore_creds | |
KAFKA_SSL_KEY_CREDENTIALS: kafka1_sslkey_creds | |
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.kafka1.truststore.jks | |
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: kafka1_truststore_creds | |
KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2 | |
KAFKA_SSL_PROTOCOL: TLSv1.2 | |
KAFKA_SSL_CLIENT_AUTH: none | |
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true" | |
options: >- | |
--name=kafka1 | |
--health-cmd "kafka-broker-api-versions --version" | |
--health-interval 10s | |
--health-timeout 10s | |
--health-retries 5 | |
loki: | |
image: grafana/loki:2.9.1 | |
ports: | |
- "3100:3100" | |
options: >- | |
--name=loki1 | |
--health-cmd "wget -q -O - http://localhost:3100/ready | grep 'ready'" | |
--health-interval 30s | |
--health-timeout 10s | |
--health-retries 5 | |
--health-start-period 30s | |
steps: | |
- name: Check out CrowdSec repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: false | |
- name: "Set up Go" | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
- name: Run "make generate" and check for changes | |
run: | | |
set -e | |
make generate 2>/dev/null | |
if [[ $(git status --porcelain) ]]; then | |
echo "Error: Uncommitted changes found after running 'make generate'. Please commit all generated code." | |
git diff | |
exit 1 | |
else | |
echo "No changes detected after running 'make generate'." | |
fi | |
- name: Create localstack streams | |
run: | | |
aws --endpoint-url=http://127.0.0.1:4566 --region us-east-1 kinesis create-stream --stream-name stream-1-shard --shard-count 1 | |
aws --endpoint-url=http://127.0.0.1:4566 --region us-east-1 kinesis create-stream --stream-name stream-2-shards --shard-count 2 | |
- name: Generate codecov configuration | |
run: | | |
.github/generate-codecov-yml.sh >> .github/codecov.yml | |
- name: Build and run tests, static | |
run: | | |
sudo apt -qq -y -o=Dpkg::Use-Pty=0 install build-essential libre2-dev | |
go install github.com/ory/go-acc@v0.2.8 | |
go install github.com/kyoh86/richgo@v0.3.10 | |
set -o pipefail | |
make build BUILD_STATIC=1 | |
make go-acc | sed 's/ *coverage:.*of statements in.*//' | richgo testfilter | |
# check if some component stubs are missing | |
- name: "Build profile: minimal" | |
run: | | |
make build BUILD_PROFILE=minimal | |
- name: Run tests again, dynamic | |
run: | | |
make clean build | |
set -o pipefail | |
make go-acc | sed 's/ *coverage:.*of statements in.*//' | richgo testfilter | |
- name: Generate codecov configuration | |
run: | | |
.github/generate-codecov-yml.sh >> .github/codecov.yml | |
- name: Upload unit coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
files: coverage.out | |
flags: unit-linux | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: v1.61 | |
args: --issues-exit-code=1 --timeout 10m | |
only-new-issues: false |