Skip to content

ci: add unified quality gates workflow#717

Open
osvaldoandrade wants to merge 1 commit into
mainfrom
ci/quality-gates
Open

ci: add unified quality gates workflow#717
osvaldoandrade wants to merge 1 commit into
mainfrom
ci/quality-gates

Conversation

@osvaldoandrade

Copy link
Copy Markdown
Owner

Summary

Adds a unified CI workflow that consolidates build, test, lint, coverage, vulnerability and security scanning into a single pipeline. Only build is required; the rest run warn-only until the coverage and lint debt tracked in epics #645 and #654 is paid down.

Jobs

Job Status Purpose
build required go vet ./... + go build ./...
test warn-only -race -shuffle=on -count=1, uploads coverage.out artifact
lint warn-only golangci-lint v1.61.0 with repository .golangci.yml
coverage warn-only go-test-coverage enforces .testcoverage.yml thresholds
vulncheck warn-only govulncheck ./...
gosec warn-only gosec v2.21.4 at medium severity/confidence

Notes

  • Concurrency group cancels in-progress runs on the same ref.
  • Permissions scoped to contents: read.
  • Go toolchain pinned via go-version-file: go.mod; module cache enabled.
  • Coverage artifact handed off from test to coverage job to avoid retests.

Refs

Closes #661. Part of #645.

Adds a single CI workflow with build, test, lint, coverage, vulncheck
and gosec jobs. Build is the only required job; remaining jobs run
warn-only until coverage and lint debt is paid down per epics #654
and #645.

- build: go vet + go build (required)
- test: race detector + shuffled tests, uploads coverage profile
- lint: golangci-lint v1.61.0 with repository .golangci.yml
- coverage: go-test-coverage enforces .testcoverage.yml thresholds
- vulncheck: govulncheck against module graph
- gosec: gosec v2.21.4 at medium severity/confidence

Refs #645, #661.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update GitHub Actions CI workflow

1 participant