Initial Commit #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| env: | |
| GO_VERSION: '1.24' | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Checkout ai-provider-kit for local development | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cecil-the-coder/ai-provider-kit | |
| path: /tmp/ai-provider-kit | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Enable local dependency replacement | |
| run: | | |
| sed -i 's|// replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|' go.mod | |
| - name: Cache go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Run tests with race detection | |
| run: go test -v -race -coverprofile=coverage.out ./... | |
| - name: Run integration tests | |
| run: go test -v -race -tags=integration ./tests/... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Checkout ai-provider-kit for local development | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cecil-the-coder/ai-provider-kit | |
| path: /tmp/ai-provider-kit | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Enable local dependency replacement | |
| run: | | |
| sed -i 's|// replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|' go.mod | |
| - name: Install golangci-lint | |
| uses: golangci/golangci-lint-action@v4 | |
| with: | |
| version: latest | |
| args: --timeout=5m | |
| - name: Run gofmt check | |
| run: | | |
| if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then | |
| echo "The following files are not formatted:" | |
| gofmt -s -l . | |
| exit 1 | |
| fi | |
| - name: Run go vet | |
| run: go vet ./... | |
| security: | |
| name: Security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install Gosec Security Scanner | |
| uses: securecodewarrior/github-action-gosec@master | |
| with: | |
| args: '-no-fail -fmt sarif -out results.sarif ./...' | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: results.sarif | |
| - name: Run GOSASS | |
| uses: zricethezav/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Cache go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Build binary | |
| run: | | |
| CGO_ENABLED=0 go build -a -installsuffix cgo -ldflags="-w -s" -o cortex ./cmd/router | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cortex-linux-amd64 | |
| path: cortex | |
| retention-days: 7 | |
| - name: Check binary size | |
| run: | | |
| size=$(stat -c%s cortex) | |
| echo "Binary size: $size bytes" | |
| # Warn if binary is larger than 50MB | |
| if [ $size -gt 52428800 ]; then | |
| echo "::warning::Binary size is larger than 50MB" | |
| fi | |
| code-quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Checkout ai-provider-kit for local development | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cecil-the-coder/ai-provider-kit | |
| path: /tmp/ai-provider-kit | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Enable local dependency replacement | |
| run: | | |
| sed -i 's|// replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|' go.mod | |
| - name: Go mod tidy check | |
| run: | | |
| cp go.mod go.mod.bak | |
| cp go.sum go.sum.bak | |
| go mod tidy | |
| diff go.mod go.mod.bak || (echo "go.mod is not tidy" && exit 1) | |
| diff go.sum go.sum.bak || (echo "go.sum is not tidy" && exit 1) | |
| - name: Check for TODO/FIXME comments | |
| run: | | |
| if grep -r "TODO\|FIXME" --include="*.go" . | grep -v "_test.go"; then | |
| echo "::warning::Found TODO/FIXME comments in production code" | |
| fi | |
| - name: Run ineffassign | |
| run: | | |
| go install github.com/gordonklaus/ineffassign@latest | |
| ineffassign ./... | |
| deps: | |
| name: Dependency Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Checkout ai-provider-kit for local development | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cecil-the-coder/ai-provider-kit | |
| path: /tmp/ai-provider-kit | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Enable local dependency replacement | |
| run: | | |
| sed -i 's|// replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|replace github.com/cecil-the-coder/ai-provider-kit => /tmp/ai-provider-kit|' go.mod | |
| - name: Run go list to check for module issues | |
| run: go list -json -m all | jq . > deps.json | |
| - name: Check for direct dependencies with no license | |
| run: | | |
| go mod download | |
| # Check main dependencies | |
| go list -m all | grep -v indirect | while read module version; do | |
| echo "Checking $module@$version" | |
| # This is a simple check - in production you might want to use a more sophisticated license checker | |
| if ! go mod download -json "$module@$version" 2>/dev/null; then | |
| echo "::warning::Could not download $module@$version" | |
| fi | |
| done |