variables: REPO_NAME: git.ucode.space/Phil/goshorly DOCKER_BUILDKIT: 1 stages: - test - build-binary - build-docker check-format: image: golang:latest stage: test before_script: - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME - cd $GOPATH/src/$REPO_NAME script: - go fmt $(go list ./... | grep -v /vendor/) - go vet $(go list ./... | grep -v /vendor/) - go test -race $(go list ./... | grep -v /vendor/) only: - merge_requests check-gosec: image: golang:latest before_script: - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME - cd $GOPATH/src/$REPO_NAME script: - go install github.com/securego/gosec/v2/cmd/gosec@latest - go get -v -d . - gosec ./... only: - merge_requests release-prod-linux-amd64: image: golang:alpine stage: build-binary variables: GOOS: "linux" GOARCH: "amd64" CGO_ENABLED: 0 before_script: - go get -d -v ./... - apk add curl script: - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-amd64 . - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release/${CI_COMMIT_TAG}/linux-amd64"' - rm linux-amd64 only: - tags except: - branches release-prod-linux-arm64: image: golang:alpine stage: build-binary variables: GOOS: "linux" GOARCH: "arm64" CGO_ENABLED: 0 before_script: - go get -d -v ./... script: - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-arm64 . - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release/${CI_COMMIT_TAG}/linux-arm64"' - rm linux-arm64 only: - tags except: - branches release-prod-darwin-amd64: image: golang:alpine stage: build-binary variables: GOOS: "darwin" GOARCH: "amd64" CGO_ENABLED: 0 before_script: - go get -d -v ./... script: - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-amd64 . - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release/${CI_COMMIT_TAG}/darwin-amd64"' - rm darwin-amd64 only: - tags except: - branches release-prod-darwin-arm64: image: golang:alpine stage: build-binary variables: GOOS: "darwin" GOARCH: "arm64" CGO_ENABLED: 0 before_script: - go get -d -v ./... script: - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-arm64 . - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release/${CI_COMMIT_TAG}/darwin-arm64"' - rm darwin-arm64 only: - tags except: - branches release-prod-windows-amd64: image: golang:alpine stage: build-binary variables: GOOS: "windows" GOARCH: "amd64" CGO_ENABLED: 0 before_script: - go get -d -v ./... script: - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o windows-amd64.exe . - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file windows-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release/${CI_COMMIT_TAG}/windows-amd64.exe"' - rm windows-amd64.exe only: - tags except: - branches docker-build-prod-latest: image: ezkrg/buildx stage: build-docker services: - docker:dind before_script: - docker buildx create --use - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY script: - | docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ --push \ --tag $CI_REGISTRY_IMAGE:latest \ . only: - main docker-build-prod-tagged: image: ezkrg/buildx stage: build-docker services: - docker:dind before_script: - docker buildx create --use - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY script: - | docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ --push \ --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \ . only: - tags except: - branches docker-build-dry-run: image: docker:latest stage: build-docker services: - docker:dind script: - | if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then tag="" echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" else tag=":$CI_COMMIT_REF_SLUG" echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" fi - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . only: - merge_requests include: - template: Security/SAST.gitlab-ci.yml - template: Security/SAST-IaC.latest.gitlab-ci.yml