Merge pull request #213 from keyxmakerx/claude/chronicle-launch-fixes… #461
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ============================================================================ | |
| # Chronicle CI/CD Pipeline | |
| # ============================================================================ | |
| # Triggers on pushes to main and pull requests. | |
| # 1. Runs Go build, vet, and tests | |
| # 2. Builds Docker image and pushes to GitHub Container Registry (ghcr.io) | |
| # | |
| # Image URL: ghcr.io/<owner>/chronicle:latest | |
| # Pull with: docker pull ghcr.io/<owner>/chronicle:latest | |
| # ============================================================================ | |
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['v*'] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: # Manual trigger from Actions UI when auto-triggers fail. | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # --- Build & Test --- | |
| test: | |
| name: Build & Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24' | |
| - name: Install templ | |
| run: go install github.com/a-h/templ/cmd/templ@latest | |
| - name: Generate templ files | |
| run: templ generate | |
| - name: Build | |
| run: go build ./... | |
| - name: Vet | |
| run: go vet ./... | |
| - name: Test | |
| run: go test ./... -v -short | |
| # --- Lint --- | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24' | |
| - name: Install templ | |
| run: go install github.com/a-h/templ/cmd/templ@latest | |
| - name: Generate templ files | |
| run: templ generate | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v7 | |
| with: | |
| version: v2.5.0 | |
| # --- Security Scan --- | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.24' | |
| - name: Install govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@latest | |
| - name: Run govulncheck | |
| # Advisory: stdlib vulnerabilities require a Go toolchain upgrade. | |
| # Non-blocking so stdlib-only findings don't break CI. | |
| continue-on-error: true | |
| run: govulncheck ./... | |
| # --- Docker Build & Push to GHCR --- | |
| docker: | |
| name: Docker Image | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security] | |
| # Only push images on main branch pushes, tags, or manual dispatch — not PRs. | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| # Tag with "latest" on main branch pushes | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| # Tag with semver on version tags (v1.0.0 -> 1.0.0) | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| # Tag with short SHA for traceability | |
| type=sha,prefix= | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |