diff --git a/.github/workflows/go_ci.yml b/.github/workflows/go_ci.yml new file mode 100644 index 0000000..de68bdd --- /dev/null +++ b/.github/workflows/go_ci.yml @@ -0,0 +1,143 @@ +name: Go CI + +on: + workflow_call: + inputs: + go-version: + required: true + type: string + os: + required: true + type: string + +jobs: + build: + runs-on: ${{ inputs.os }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go ${{ inputs.go-version }} + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.go-version }} + + - name: Install dependencies + run: go mod tidy + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + libx11-dev \ + libxext-dev \ + libxrender-dev \ + libxrandr-dev \ + libxtst-dev \ + libxt-dev \ + libgl1-mesa-dev \ + libglu1-mesa-dev \ + freeglut3-dev \ + libxcursor-dev \ + libxinerama-dev \ + libxxf86vm-dev + + - name: Build + run: go build $(go list ./... | grep -v /internal/ | grep -v /examples/) + + - name: Upload build artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.os }}-${{ inputs.go-version }}-build + path: . + + test: + runs-on: ${{ inputs.os }} + needs: build + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + libx11-dev \ + libxext-dev \ + libxrender-dev \ + libxrandr-dev \ + libxtst-dev \ + libxt-dev \ + libgl1-mesa-dev \ + libglu1-mesa-dev \ + freeglut3-dev \ + libxcursor-dev \ + libxinerama-dev \ + libxxf86vm-dev + + - name: Set up Go ${{ inputs.go-version }} + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.go-version }} + + - name: Set up gotestfmt + uses: GoTestTools/gotestfmt-action@v2 + + - uses: actions/download-artifact@v4 + with: + name: ${{ inputs.os }}-${{ inputs.go-version }}-build + + - name: Test with Go + run: go test $(go list ./... | grep -v /internal/ | grep -v /examples/) -race -json -v -coverprofile=coverage.txt ./... 2>&1 | tee /tmp/gotest.log | gotestfmt + + - name: Upload coverage + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.os }}-${{ inputs.go-version }}-coverage + path: coverage.txt + + coverage: + runs-on: ${{ inputs.os }} + needs: test + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go ${{ inputs.go-version }} + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.go-version }} + + - uses: actions/download-artifact@v4 + with: + name: ${{ inputs.os }}-${{ inputs.go-version }}-coverage + + - name: Install gocover-cobertura + run: | + go get github.com/boumenot/gocover-cobertura && go install github.com/boumenot/gocover-cobertura + + - name: Convert go coverage to corbetura format + run: gocover-cobertura < coverage.txt > coverage.xml + + - name: Generate code coverage report + uses: irongut/CodeCoverageSummary@v1.3.0 + with: + filename: coverage.xml + badge: false + fail_below_min: false + format: markdown + hide_branch_rate: false + hide_complexity: true + indicators: true + output: both + thresholds: '60 80' + + - name: Add Coverage PR Comment + uses: marocchino/sticky-pull-request-comment@v2 + if: github.event_name == 'pull_request' + with: + recreate: true + path: code-coverage-results.md diff --git a/.github/workflows/gosec_security_check.yml b/.github/workflows/gosec_security_check.yml new file mode 100644 index 0000000..b436d0b --- /dev/null +++ b/.github/workflows/gosec_security_check.yml @@ -0,0 +1,34 @@ +name: Gosec Security Check + +on: + workflow_call: + inputs: + go-version: + required: true + type: string + +jobs: + gosec-security-analysis: + runs-on: 'ubuntu-latest' + env: + GO111MODULE: on + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.go-version }} + + - name: Install Gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Run Gosec Security Scanner + run: | + gosec -exclude=G404 -fmt=sarif -out=gosec-results.sarif ./... || true + + - name: Upload SARIF report to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: gosec-results.sarif \ No newline at end of file diff --git a/.github/workflows/master_workflow.yml b/.github/workflows/master_workflow.yml new file mode 100644 index 0000000..5b9a259 --- /dev/null +++ b/.github/workflows/master_workflow.yml @@ -0,0 +1,24 @@ +name: Master Workflow + +on: + push: + branches: [ main ] + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + +jobs: + version-matrix: + strategy: + fail-fast: false + matrix: + os: [ 'ubuntu-latest' ] + go-version: [ '1.23.5' ] + uses: ./.github/workflows/go_ci.yml + with: + go-version: ${{ matrix.go-version }} + os: ${{ matrix.os }} + + security-analysis: + uses: ./.github/workflows/gosec_security_check.yml + with: + go-version: '1.23.5' \ No newline at end of file diff --git a/README.md b/README.md index 99dca04..08dae32 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +![Master Workflow](https://github.com/rodd-oss/gomp/actions/workflows/master_workflow.yml/badge.svg?event=push) + # Golang MultiPlayer Game Engine Framework Modern way to create fullstack multiplayer games using Go.