name: Publish on: pull_request: workflow_dispatch: push: tags: - 'v0.*' env: GO_VERSION: "1.25" CODE_COVERAGE_FILE_NAME: "coverage.out" # must be the same as in Makefile CODE_COVERAGE_ARTIFACT_NAME: "code-coverage" jobs: main: name: prepare runs-on: ubuntu-latest permissions: actions: read # Required to identify workflow run. checks: write # Required to add status summary. contents: read # Required to checkout repository. pull-requests: write # Required to add PR comment. steps: - name: Checkout uses: actions/checkout@v6 - name: Install Go ${{ env.GO_VERSION }} uses: actions/setup-go@v6 with: go-version: ${{ env.GO_VERSION }} - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false # terraform_version: "1.1.7" # - run: terraform init # - id: plan # run: terraform plan -no-color # - run: echo ${{ steps.plan.outputs.stdout }} # - run: echo ${{ steps.plan.outputs.stderr }} # - run: echo ${{ steps.plan.outputs.exitcode }} # Run plan by default, or apply on merge. - uses: op5dev/tf-via-pr@v13 with: working-directory: path/to/directory command: ${{ github.event_name == 'push' && 'apply' || 'plan' }} arg-lock: ${{ github.event_name == 'push' }} arg-backend-config: env/dev.tfbackend arg-var-file: env/dev.tfvars arg-workspace: dev-use1 plan-encrypt: ${{ secrets.PASSPHRASE }} # - name: "Ensure docs are up-to-date" # if: ${{ github.event_name == 'pull_request' }} # run: ./scripts/check-docs.sh # continue-on-error: true # - name: "Run go mod tidy" # if: ${{ github.event_name == 'pull_request' }} # run: go mod tidy - name: golangci-lint uses: golangci/golangci-lint-action@v9 with: version: v2.7 args: --config=golang-ci.yaml --allow-parallel-runners --timeout=5m # - name: Lint # run: make lint # - name: Test # run: make test # - name: Archive code coverage results # uses: actions/upload-artifact@v4 # with: # name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }} # path: "stackit/${{ env.CODE_COVERAGE_FILE_NAME }}" config: name: Check GoReleaser config if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v6 - name: Check GoReleaser uses: goreleaser/goreleaser-action@v6 with: args: check code_coverage: name: "Code coverage report" if: github.event_name == 'pull_request' # Do not run when workflow is triggered by push to main branch runs-on: ubuntu-latest needs: main permissions: contents: read actions: read # to download code coverage results from "main" job pull-requests: write # write permission needed to comment on PR steps: - name: Check new code coverage uses: fgrosse/go-coverage-report@v1.2.0 continue-on-error: true # Add this line to prevent pipeline failures in forks with: coverage-artifact-name: ${{ env.CODE_COVERAGE_ARTIFACT_NAME }} coverage-file-name: ${{ env.CODE_COVERAGE_FILE_NAME }} root-package: 'tfregistry.sysops.stackit.rocks/mhenselin/stackitprivatepreview' publish: name: "Publish artifact" runs-on: ubuntu-latest steps: - name: Set up S3cmd cli tool uses: s3-actions/s3cmd@v2.0.1 with: provider: aws # default is linode region: 'eu01' access_key: ${{ secrets.S3_ACCESS_KEY }} secret_key: ${{ secrets.S3_SECRET_KEY }} - name: Interact with object storage run: | s3cmd ls # s3cmd sync --recursive --acl-public dist s3://awesome.blog/ # s3cmd put dist/style.css --mime-type 'text/css' --acl-public s3://awesome.blog/style.css s3cmd info s3://awesome.blog