From 9fa712c0b11f66043802c89ee080e4266b72bfe0 Mon Sep 17 00:00:00 2001 From: Sudo-Ivan Date: Mon, 29 Dec 2025 22:04:58 -0600 Subject: [PATCH] Refactor CI workflows to utilize Task for build and test steps, add SBOM generation workflow, and remove deprecated steps. --- .gitea/workflows/build.yml | 52 +++++++------------------------- .gitea/workflows/go-test.yml | 22 ++++++++------ .gitea/workflows/sbom.yml | 57 ++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+), 50 deletions(-) create mode 100644 .gitea/workflows/sbom.yml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 9ff7600..abb02f3 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -34,18 +34,27 @@ jobs: with: go-version: '1.25' + - name: Setup Task + uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 + with: + version: '3.46.3' + - name: Build id: build_step env: GOOS: ${{ matrix.goos }} GOARCH: ${{ matrix.goarch }} GOARM: ${{ matrix.goarch == 'arm' && '6' || '' }} + CGO_ENABLED: '0' run: | + task build output_name="reticulum-go-${GOOS}-${GOARCH}" if [ "$GOOS" = "windows" ]; then output_name+=".exe" + mv bin/reticulum-go "${output_name}" + else + mv bin/reticulum-go "${output_name}" fi - go build -v -ldflags="-s -w" -o "${output_name}" ./cmd/reticulum-go echo "Built: ${output_name}" - name: Calculate SHA256 Checksum @@ -54,36 +63,7 @@ jobs: if [ "${{ matrix.goos }}" = "windows" ]; then output_name+=".exe" fi - sha256sum "${output_name}" > "${output_name}.sha256" - echo "Calculated SHA256 for ${output_name}" - - - name: Generate SBOM - uses: https://git.quad4.io/actions/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2 - with: - version: v1 - args: mod -licenses -json -output bom.json - - - name: Install Trivy - run: | - wget https://git.quad4.io/Quad4-Extra/assets/raw/commit/90fdcea1bb71d91df2de6ff2e3897f278413f300/bin/trivy_0.68.2_Linux-64bit.deb - sudo dpkg -i trivy_0.68.2_Linux-64bit.deb - - - name: Generate SPDX SBOM with Trivy - run: | - trivy fs --format spdx-json --output dependency-results.sbom.json . || exit 1 - if [ ! -f dependency-results.sbom.json ]; then - echo "Error: SBOM file was not created!" - exit 1 - fi - echo "SBOM file created successfully:" - ls -lh dependency-results.sbom.json - - - name: Verify SBOM files exist - run: | - echo "Checking for SBOM files..." - ls -lh bom.json dependency-results.sbom.json || true - test -f bom.json && echo "bom.json exists" || echo "bom.json missing" - test -f dependency-results.sbom.json && echo "dependency-results.sbom.json exists" || echo "dependency-results.sbom.json missing" + BINARY_PATH="${output_name}" task checksum - name: Upload Artifact uses: https://git.quad4.io/actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 @@ -91,16 +71,6 @@ jobs: name: reticulum-go-${{ matrix.goos }}-${{ matrix.goarch }} path: | reticulum-go-${{ matrix.goos }}-${{ matrix.goarch }}* - bom.json - dependency-results.sbom.json - - - name: Upload SPDX SBOM Artifact - if: matrix.goos == 'linux' && matrix.goarch == 'amd64' - uses: https://git.quad4.io/actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 - with: - name: spdx-sbom - path: dependency-results.sbom.json - retention-days: 90 release: name: Create Release diff --git a/.gitea/workflows/go-test.yml b/.gitea/workflows/go-test.yml index 16df5b5..0c028a7 100644 --- a/.gitea/workflows/go-test.yml +++ b/.gitea/workflows/go-test.yml @@ -37,6 +37,11 @@ jobs: with: go-version: '1.25' + - name: Setup Task + uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 + with: + version: '3.46.3' + - name: Cache Go modules uses: https://git.quad4.io/actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: @@ -47,29 +52,28 @@ jobs: restore-keys: | ${{ runner.os }}-go-${{ matrix.goarch }}- - - name: Run Go tests - run: go test -v ./... + - name: Run tests + run: task test - - name: Run Go tests with race detector (Linux AMD64 only) + - name: Run tests with race detector (Linux AMD64 only) if: matrix.os == 'ubuntu-latest' && matrix.goarch == 'amd64' - run: go test -race -v ./... + run: task test-race - name: Test build (ensure compilation works) run: | - # Test that we can build for the current platform echo "Testing build for current platform (${{ matrix.os }}, ${{ matrix.goarch }})..." - go build -v ./cmd/reticulum-go + task build - name: Test binary execution run: | echo "Testing binary execution on (${{ matrix.os }}, ${{ matrix.goarch }})..." - timeout 5s ./reticulum-go || echo "Binary started successfully (timeout expected)" + timeout 5s ./bin/reticulum-go || echo "Binary started successfully (timeout expected)" - name: Test cross-compilation (AMD64 runners only) if: matrix.goarch == 'amd64' run: | echo "Testing ARM64 cross-compilation from AMD64..." - go build -v ./cmd/reticulum-go + GOOS=linux GOARCH=arm64 task build env: GOOS: linux GOARCH: arm64 @@ -78,7 +82,7 @@ jobs: if: matrix.goarch == 'amd64' run: | echo "Testing ARMv6 cross-compilation from AMD64..." - go build -v ./cmd/reticulum-go + GOOS=linux GOARCH=arm GOARM=6 task build env: GOOS: linux GOARCH: arm diff --git a/.gitea/workflows/sbom.yml b/.gitea/workflows/sbom.yml new file mode 100644 index 0000000..64022fc --- /dev/null +++ b/.gitea/workflows/sbom.yml @@ -0,0 +1,57 @@ +name: Generate SBOM + +on: + push: + tags: + - 'v*' + workflow_dispatch: + +jobs: + generate-sbom: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + fetch-depth: 0 + ref: ${{ github.ref }} + + - name: Setup Go + uses: https://git.quad4.io/actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + with: + go-version: '1.25.5' + + - name: Setup Task + uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 + with: + version: '3.46.3' + + - name: Setup environment + run: task setup + + - name: Install dependencies + run: task install:ci + + - name: Download Trivy + run: | + curl -L -o /tmp/trivy.deb https://git.quad4.io/Quad4-Extra/assets/raw/commit/90fdcea1bb71d91df2de6ff2e3897f278413f300/bin/trivy_0.68.2_Linux-64bit.deb + sudo dpkg -i /tmp/trivy.deb || sudo apt-get install -f -y + + - name: Generate SBOM + run: | + mkdir -p sbom + trivy fs --format spdx-json --include-dev-deps --output sbom/sbom.spdx.json . + trivy fs --format cyclonedx --include-dev-deps --output sbom/sbom.cyclonedx.json . + + - name: Commit and Push Changes + run: | + git config --global user.name "Gitea Action" + git config --global user.email "actions@noreply.quad4.io" + git remote set-url origin https://${{ secrets.GITEA_TOKEN }}@git.quad4.io/${{ github.repository }}.git + git fetch origin master + git checkout master + git add sbom/ + git diff --quiet && git diff --staged --quiet || (git commit -m "Auto-update SBOM [skip ci]" && git push origin master) + env: + GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} +