feat(workflows): add shared Go lint, test, build, release, and e2e reusable workflows#65
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a set of reusable (workflow_call) GitHub Actions workflows intended to standardize Go CI (lint/test/build), releases, and KinD-based e2e execution across cloudoperators/* repositories as part of GHA streamlining.
Changes:
- Introduces reusable Go lint, test, and build workflows with configurable runner, Go version (or
go.mod), working directory, and targets. - Adds a reusable release workflow that bumps Makefile
VERSION, optionally updatesChart.yaml, creates a release PR, creates a GitHub release, and optionally dispatches an event tocloudoperators/greenhouse-extensions. - Adds a reusable e2e workflow that wraps the existing
workflows/e2ecomposite action and runs a caller-providedmakee2e target.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/shared-go-lint.yaml |
Reusable Go lint workflow (golangci-lint + optional govulncheck). |
.github/workflows/shared-go-test.yaml |
Reusable Go test workflow with configurable make target and optional coverage artifact upload. |
.github/workflows/shared-go-build.yaml |
Reusable Go build workflow with optional Docker multi-arch build/push via GHCR. |
.github/workflows/shared-release.yaml |
Reusable release automation workflow (version bump, optional chart update, PR, release, optional dispatch). |
.github/workflows/shared-e2e.yaml |
Reusable e2e wrapper around the existing KinD-based workflows/e2e composite action. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
3 tasks
…usable workflows Adds 5 new reusable workflows to support standardized CI/CD across cloudoperators repos (shoot-grafter, repo-guard, permission-manager, cloudctl, greenhouse-extensions): - shared-go-lint.yaml: golangci-lint + optional govulncheck - shared-go-test.yaml: parameterized make test target + optional coverage upload - shared-go-build.yaml: Go binary build + optional Docker multi-arch build/push - shared-release.yaml: semver bump, Chart.yaml update, release PR + GitHub release + optional greenhouse-extensions dispatch - shared-e2e.yaml: KinD-based e2e wrapping the existing workflows/e2e composite action Closes #2086 Signed-off-by: I313226 <onur.yilmaz@sap.com>
shared-release.yaml: - Replace non-POSIX \s with [[:space:]] in grep and sed expressions - Add -E flag to sed for portable extended regex - Add fail-fast VERSION parse validation (must match X.Y.Z) - Add environment input so callers can gate on protection rules - Fall back to release-token when dispatch-token is not provided shared-e2e.yaml: - Checkout calling repo into path: caller to avoid workspace collision with the greenhouse checkout in the e2e composite action - Run e2e make target in caller/<working-directory> - Remove unused with-remote-cluster input - Remove unused kubeconfig secret shared-go-build.yaml: - Add packages: write permission when push is true - Add early validation step when docker-build is true and image-name is empty Signed-off-by: I313226 <onur.yilmaz@sap.com>
onuryilmaz
force-pushed
the
feat/shared-go-workflows
branch
from
f2180c8 to
346f2b9
Compare
…-test job Signed-off-by: I313226 <onur.yilmaz@sap.com>
- Checkout default branch explicitly (ref: default_branch) so releases
are never cut from a feature branch
- Use github.event.repository.default_branch instead of hard-coded 'main'
for PR base and release --target, supporting non-main default branches
- Quote ${{ inputs.makefile-path }} in grep invocation
- Quote ${{ inputs.chart-path }} in both sed commands
- Create GitHub release targeting the default branch after fetching
latest, so the tag points at the correct merged commit
Signed-off-by: I313226 <onur.yilmaz@sap.com>
- shared-go-test: drop go-version input, always use go-version-file from go.mod - shared-release: add if condition to Update Makefile VERSION step (skip when makefile-path is empty) - shared-release: split Chart.yaml update into two steps with separate bump-chart-app-version input - shared-release: replace gh CLI release creation with actions/github-script@v7 - shared-release: replace dispatch-token with GitHub App token via actions/create-github-app-token@v3 and peter-evans/repository-dispatch@v4 Signed-off-by: I313226 <onur.yilmaz@sap.com>
…criptions Signed-off-by: I313226 <onur.yilmaz@sap.com>
… inputs.remote-k8s-version Signed-off-by: I313226 <onur.yilmaz@sap.com>
… is now truly optional Signed-off-by: I313226 <onur.yilmaz@sap.com>
…r with ERROR: - shared-go-lint: validate GOVULNCHECK_VERSION against semver/latest pattern before interpolating into go run command to prevent injection - shared-release: prefix invalid bump type message with ERROR: for consistency with other validation failures in the workflow Signed-off-by: I313226 <onur.yilmaz@sap.com>
…vulncheck step - shared-release: change makefile-path default from "Makefile" to "" so chart-only callers don't need to override it to avoid the file-existence check failing on a non-existent Makefile - shared-go-lint: add shell: bash to govulncheck step to ensure bash builtins and grep work correctly regardless of runner OS default shell Signed-off-by: I313226 <onur.yilmaz@sap.com>
…; fix e2e output path - shared-release: strip inline Makefile comments (e.g. '# comment') from the VERSION value before semver validation to avoid false parse failures - shared-release: preserve the original assignment operator (?=, :=, =) when rewriting VERSION in the Makefile instead of normalising to '=' - e2e/action: output E2E_REPORT_PATH (.json report) instead of CONTROLLER_LOGS_PATH (.txt logs) to match the declared output description Signed-off-by: I313226 <onur.yilmaz@sap.com>
abhijith-darshan
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 5 new reusable (
workflow_call) workflows tocloudoperators/commonas part of #2086 — GHA Streamlining across cloudoperators repos.shared-go-lint.yamlenable-govulncheck: true). Go version read fromgo.mod.shared-go-test.yamlmaketest target + optional coverage artifact upload. Go version read fromgo.mod.shared-go-build.yamlgo.mod.shared-release.yamlVERSIONfrom Makefile, updates Makefile + Chart.yaml, commits directly to the default branch, creates an annotated tag, creates a GitHub release viaactions/github-script@v7, and optionally dispatches togreenhouse-extensionsvia GitHub App token (actions/create-github-app-token@v3+peter-evans/repository-dispatch@v4).shared-e2e.yamlworkflows/e2ecomposite action for KinD-based Greenhouse e2e tests.Design notes
shared-release.yamlcommits directly to the default branch — no release branch, no PR. The version bump commit is tagged in-place and the GitHub release points at that exact commit.go-versioninput removed from all three Go workflows — version is always read fromgo.mod.dispatch-app-id+dispatch-app-private-key) replaces the olddispatch-tokenPAT for greenhouse-extensions dispatch.appVersionis controlled separately viabump-chart-app-versioninput (defaulttrue) to support chart-template-only bumps.shared-go-buildDocker push —image-namemust start withghcr.io/.cloudoperators/common) use@mainby convention.Consumer PRs (depend on this merging first)