From 58dc697656049b0099d50229f3ecd0a559967162 Mon Sep 17 00:00:00 2001 From: Rene Cannao Date: Mon, 23 Mar 2026 22:42:22 +0000 Subject: [PATCH 1/2] Modernize CI: add caching, lint, CVE scanning, and Go version matrix --- .github/workflows/main.yml | 45 +++++++++++++++++++++++++++++++++-- .github/workflows/system.yml | 1 + .github/workflows/upgrade.yml | 1 + 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a500f9fa..69744c03 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,6 +11,9 @@ jobs: build: runs-on: ubuntu-latest + strategy: + matrix: + go-version: ['1.24', '1.25.7'] steps: - uses: actions/checkout@v4 @@ -18,7 +21,8 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: '1.25.7' + go-version: ${{ matrix.go-version }} + cache: true - name: Test source code run: script/test-source @@ -47,5 +51,42 @@ jobs: - name: Upload orchestrator binary artifact uses: actions/upload-artifact@v4 with: - name: orchestrator + name: orchestrator-go${{ matrix.go-version }} path: bin/orchestrator + + lint: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.25.7' + cache: true + + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: latest + + security: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.25.7' + cache: true + + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + + - name: Run govulncheck + run: govulncheck ./... diff --git a/.github/workflows/system.yml b/.github/workflows/system.yml index 931151a6..2a3d35f5 100644 --- a/.github/workflows/system.yml +++ b/.github/workflows/system.yml @@ -16,6 +16,7 @@ jobs: uses: actions/setup-go@v5 with: go-version: '1.25.7' + cache: true - name: check out uses: actions/checkout@v4 diff --git a/.github/workflows/upgrade.yml b/.github/workflows/upgrade.yml index 3fd16cbe..ab0ab7d4 100644 --- a/.github/workflows/upgrade.yml +++ b/.github/workflows/upgrade.yml @@ -15,6 +15,7 @@ jobs: uses: actions/setup-go@v5 with: go-version: '1.25.7' + cache: true - name: Start local MySQL run: sudo /etc/init.d/mysql start From ecdde95fae86b8a4794f2fb7a03a03c7dd42eb0e Mon Sep 17 00:00:00 2001 From: Rene Cannao Date: Mon, 23 Mar 2026 22:55:42 +0000 Subject: [PATCH 2/2] Address review feedback: pin tool versions, fix cache ordering, simplify matrix --- .github/workflows/main.yml | 11 ++++------- .github/workflows/system.yml | 6 +++--- .github/workflows/upgrade.yml | 6 +++--- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 69744c03..c3cc3b74 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,9 +11,6 @@ jobs: build: runs-on: ubuntu-latest - strategy: - matrix: - go-version: ['1.24', '1.25.7'] steps: - uses: actions/checkout@v4 @@ -21,7 +18,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: '1.25.7' cache: true - name: Test source code @@ -51,7 +48,7 @@ jobs: - name: Upload orchestrator binary artifact uses: actions/upload-artifact@v4 with: - name: orchestrator-go${{ matrix.go-version }} + name: orchestrator path: bin/orchestrator lint: @@ -70,7 +67,7 @@ jobs: - name: Run golangci-lint uses: golangci/golangci-lint-action@v6 with: - version: latest + version: v1.64.8 security: @@ -86,7 +83,7 @@ jobs: cache: true - name: Install govulncheck - run: go install golang.org/x/vuln/cmd/govulncheck@latest + run: go install golang.org/x/vuln/cmd/govulncheck@v1.1.4 - name: Run govulncheck run: govulncheck ./... diff --git a/.github/workflows/system.yml b/.github/workflows/system.yml index 2a3d35f5..f7050a08 100644 --- a/.github/workflows/system.yml +++ b/.github/workflows/system.yml @@ -12,15 +12,15 @@ jobs: runs-on: ubuntu-latest steps: + - name: check out + uses: actions/checkout@v4 + - name: Set up Go uses: actions/setup-go@v5 with: go-version: '1.25.7' cache: true - - name: check out - uses: actions/checkout@v4 - - name: build run: script/test-build diff --git a/.github/workflows/upgrade.yml b/.github/workflows/upgrade.yml index ab0ab7d4..fcdf675d 100644 --- a/.github/workflows/upgrade.yml +++ b/.github/workflows/upgrade.yml @@ -11,6 +11,9 @@ jobs: # backend: [sqlite, MySQL] steps: + - name: check out + uses: actions/checkout@v4 + - name: Set up Go uses: actions/setup-go@v5 with: @@ -20,9 +23,6 @@ jobs: - name: Start local MySQL run: sudo /etc/init.d/mysql start - - name: check out - uses: actions/checkout@v4 - - name: copy config file template run: | cp conf/orchestrator-ci-upgrade.conf.json /tmp