bridgekeeper/.gitlab-ci.yml at main · devnw/bridgekeeper · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# GitLab CI/CD Configuration for BK Library

include:
  - component: gitlab.com/devnw/ci-catalog/go-build@v1.20.2
    inputs:
      stage: build
      go_version: "1.26"
      build_flags: '-v'
      goprivate: 'devnw.dev/*'

  - component: gitlab.com/devnw/ci-catalog/go-test@v1.20.2
    inputs:
      stage: validate
      go_version: "1.26"
      test_flags: '-race -coverprofile=coverage.out -covermode=atomic'
      coverage_report: true
      goprivate: 'devnw.dev/*'

  - component: gitlab.com/devnw/ci-catalog/go-lint@v1.20.2
    inputs:
      stage: validate
      golangci_version: 'v2.11.3'
      lint_flags: '--timeout 5m'
      allow_failure: false
      goprivate: 'devnw.dev/*'

  - component: gitlab.com/devnw/ci-catalog/gosec@v1.20.2
    inputs:
      go_version: "1.26"
      stage: validate
      allow_failure: false
      goprivate: 'devnw.dev/*'

  - component: gitlab.com/devnw/ci-catalog/govulncheck@v1.20.2
    inputs:
      go_version: "1.26"
      stage: validate
      allow_failure: false
      goprivate: 'devnw.dev/*'

workflow:
  rules:
    - if: $CI_MERGE_REQUEST_IID
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
    - if: $CI_COMMIT_TAG

stages:
  - validate
  - test
  - build

variables:
  CGO_ENABLED: "1"
  GOFLAGS: "-buildvcs=false"

default:
  image: golang:1.26
  before_script:
    - mkdir -p out

.go-cache:
  variables:
    GOPATH: $CI_PROJECT_DIR/.go
  cache:
    key: go-modules-${CI_COMMIT_REF_SLUG}
    paths:
      - .go/pkg/mod/
    policy: pull-push

build:
  stage: build
  extends: .go-cache
  script:
    - go build ./...
  needs:
    - go-lint
    - "go-test-1.26"

fuzz:
  stage: test
  extends: .go-cache
  script:
    - |
      FUZZ_FILES=$(grep -r "func Fuzz" --include="*_test.go" -l . || true)
      if [ -z "$FUZZ_FILES" ]; then
        echo "No fuzz targets found, skipping."
        exit 0
      fi
      for f in $FUZZ_FILES; do
        pkg=$(dirname "$f")
        for fn in $(grep -oP 'func \KFuzz\w+' "$f"); do
          echo "fuzzing ${pkg}::${fn} for 30s"
          go test -fuzz="$fn" -fuzztime=30s "$pkg"
        done
      done
  allow_failure: true
  needs:
    - "go-test-1.26"

bench:
  stage: test
  extends: .go-cache
  script:
    - go test -bench=. -benchmem -run=^$ ./... | tee out/bench-output.txt
  artifacts:
    paths:
      - out/bench-output.txt
    expire_in: 1 week
  allow_failure: true
  needs:
    - "go-test-1.26"