From 38d80a309b73f2b30b62612eadf2f39fb0115309 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 18:34:09 +0100 Subject: [PATCH 01/10] ci: add devenv test to code checks --- .github/workflows/codeChecks.yml | 12 +++++++++++- devenv.nix | 10 +++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index 100f27b..f37e8b5 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go-version: ['1.24', '1.25'] + go-version: ['1.25'] steps: - name: Checkout @@ -40,3 +40,13 @@ jobs: go-version-input: ${{ matrix.go-version }} go-package: ./... work-dir: . + + - uses: cachix/install-nix-action@v31 + - uses: cachix/cachix-action@v16 + with: + name: devenv + - name: Install devenv.sh + run: nix profile install nixpkgs#devenv + + - name: Build the devenv shell and run any pre-commit hooks + run: devenv test diff --git a/devenv.nix b/devenv.nix index 72a46a9..2712c42 100644 --- a/devenv.nix +++ b/devenv.nix @@ -148,6 +148,14 @@ enable = true; }; + tasks."web:refreshCertsBeforeNginxStart" = { + exec = '' + test -d ${config.env.DEVENV_ROOT}/tests && rm -rf ${config.env.DEVENV_ROOT}/tests + create-certs + ''; + before = ["devenv:processes:nginx"]; + }; + scripts.hello.exec = '' gum format "# Devenv shell" ''; @@ -615,7 +623,7 @@ # update-go-deps build - run-go-tests + #run-go-tests test-cmd-root-version test-cmd-requests-version From c3203f2e0d72f997ac9bbd8c979c578fd49ba13f Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 18:39:41 +0100 Subject: [PATCH 02/10] ci: update codeChecks workflow --- .github/workflows/codeChecks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index f37e8b5..77466f8 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -3,6 +3,8 @@ name: code checks on: push: paths: + - ".github/workflows/codeChecks.yml" + - "devenv.*" - "cmd/**" - "internal/**" - "pkg/**" From 0b56d3e775aef1e6dc66df935c0c391b8a200eb7 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 18:45:56 +0100 Subject: [PATCH 03/10] ci(devenv): remove private net tesst --- devenv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devenv.nix b/devenv.nix index 2712c42..d2429a9 100644 --- a/devenv.nix +++ b/devenv.nix @@ -523,7 +523,7 @@ # test-requests-sample-config test-requests-show-sample-config - test-requests-k3s + #test-requests-k3s test-requests-methods test-requests-timeout test-requests-insecure From 5aeb47f2c409a530e8015bcfa6d573796c966976 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 18:55:06 +0100 Subject: [PATCH 04/10] ci(devenv): update devenv install command --- .github/workflows/codeChecks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index 77466f8..37a0537 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -48,7 +48,7 @@ jobs: with: name: devenv - name: Install devenv.sh - run: nix profile install nixpkgs#devenv + run: nix profile add nixpkgs#devenv - name: Build the devenv shell and run any pre-commit hooks run: devenv test From f833d37a82ef6d79ea89c8c7de9ff1c40f064a86 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 19:00:52 +0100 Subject: [PATCH 05/10] test: devenv workflow fail --- devenv.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/devenv.nix b/devenv.nix index d2429a9..3e760fe 100644 --- a/devenv.nix +++ b/devenv.nix @@ -578,6 +578,7 @@ test-certinfo-rsa-cert test-certinfo-ed25519-cert test-certinfo-ecdsa-cert + exit 1 ''; scripts.run-go-tests.exec = '' From 728b13517b4eba3a62019de74a934b6e2fdbd726 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 19:04:15 +0100 Subject: [PATCH 06/10] test: remove forced devenv fail --- devenv.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/devenv.nix b/devenv.nix index 3e760fe..d2429a9 100644 --- a/devenv.nix +++ b/devenv.nix @@ -578,7 +578,6 @@ test-certinfo-rsa-cert test-certinfo-ed25519-cert test-certinfo-ecdsa-cert - exit 1 ''; scripts.run-go-tests.exec = '' From ad86a53d59e06579bf8434301613c54665e320ad Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 19:18:44 +0100 Subject: [PATCH 07/10] ci: align go version in workflows and add job dependency --- .github/workflows/codeChecks.yml | 2 +- .github/workflows/release.yml | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index 37a0537..0e46b2a 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -11,7 +11,7 @@ on: - "*.go" - "go.*" jobs: - code_check_job: + code_checks: runs-on: ubuntu-latest strategy: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 579aa8e..157b4d8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,30 +7,44 @@ on: permissions: contents: write jobs: + goreleaser: + + needs: code_checks + runs-on: ubuntu-latest + strategy: + matrix: + go-version: ['1.25'] + env: DOCKER_CLI_EXPERIMENTAL: "enabled" + steps: - name: Checkout uses: actions/checkout@v5 with: fetch-depth: 0 + - uses: cachix/install-nix-action@v31 with: github_access_token: ${{ secrets.GH_GORELEASER_TOKEN }} + - name: Set up QEMU uses: docker/setup-qemu-action@v1 + - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GH_GORELEASER_TOKEN }} + - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.24.9' + go-version: ${{ matrix.go-version }} + - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 with: @@ -39,5 +53,6 @@ jobs: workdir: . env: GITHUB_TOKEN: ${{ secrets.GH_GORELEASER_TOKEN }} + - name: Refresh Go Report Card uses: creekorful/goreportcard-action@v1.0 From dbec28d71dcd0dd26fc792f16e8bf24e4dbc053e Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 19:47:31 +0100 Subject: [PATCH 08/10] test: workflow dependency --- .github/workflows/codeChecks.yml | 9 ++++++++- .github/workflows/release.yml | 11 ++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index 0e46b2a..572802b 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -1,5 +1,5 @@ --- -name: code checks +name: CodeChecks on: push: paths: @@ -10,7 +10,9 @@ on: - "pkg/**" - "*.go" - "go.*" + jobs: + code_checks: runs-on: ubuntu-latest @@ -44,11 +46,16 @@ jobs: work-dir: . - uses: cachix/install-nix-action@v31 + with: + github_access_token: ${{ secrets.GH_GORELEASER_TOKEN }} + - uses: cachix/cachix-action@v16 with: name: devenv + - name: Install devenv.sh run: nix profile add nixpkgs#devenv - name: Build the devenv shell and run any pre-commit hooks run: devenv test + timeout-minutes: 15 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 157b4d8..5850d08 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,17 +1,22 @@ --- -name: release +name: Release on: push: tags: - "*" + workflow_run: + workflows: [CodeChecks] + branches: [main] + types: + - completed + permissions: contents: write + jobs: goreleaser: - needs: code_checks - runs-on: ubuntu-latest strategy: matrix: From 9184802f597c57eae53b02f411f4ec149649a410 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 20:16:17 +0100 Subject: [PATCH 09/10] ci: remove workflow_run dependecy, update QEMU action version, restrict token permissions on code_checks job --- .github/workflows/codeChecks.yml | 2 +- .github/workflows/release.yml | 7 +------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index 572802b..946f15b 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -47,7 +47,7 @@ jobs: - uses: cachix/install-nix-action@v31 with: - github_access_token: ${{ secrets.GH_GORELEASER_TOKEN }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} - uses: cachix/cachix-action@v16 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5850d08..79ce424 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,11 +4,6 @@ on: push: tags: - "*" - workflow_run: - workflows: [CodeChecks] - branches: [main] - types: - - completed permissions: contents: write @@ -36,7 +31,7 @@ jobs: github_access_token: ${{ secrets.GH_GORELEASER_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 From 2d8848bcd1d02f0453d10b60e52c65a2440ba014 Mon Sep 17 00:00:00 2001 From: Zeno Belli Date: Thu, 18 Dec 2025 20:28:37 +0100 Subject: [PATCH 10/10] ci: run Go tests against 1.24 and 1.25 sequentially to avoind port binding conflicts --- .github/workflows/codeChecks.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml index 946f15b..e4c02f8 100644 --- a/.github/workflows/codeChecks.yml +++ b/.github/workflows/codeChecks.yml @@ -17,8 +17,9 @@ jobs: runs-on: ubuntu-latest strategy: + max-parallel: 1 matrix: - go-version: ['1.25'] + go-version: ['1.24', '1.25'] steps: - name: Checkout