go mod #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Quantum ZKP CI/CD | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| env: | |
| GO_VERSION: '1.24' | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Code quality and security checks | |
| lint-and-security: | |
| name: Lint and Security Analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Run basic Go checks | |
| run: | | |
| go fmt ./... | |
| go vet ./... | |
| - name: Run golangci-lint (basic checks only) | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: latest | |
| args: --timeout=5m --disable-all --enable=errcheck,gosimple,govet,ineffassign,staticcheck,typecheck,unused | |
| continue-on-error: true | |
| - name: Run gosec security scanner (basic) | |
| run: | | |
| go install github.com/securecodewarrior/gosec/v2/cmd/gosec@latest | |
| gosec ./... || echo "gosec completed with warnings" | |
| continue-on-error: true | |
| # Comprehensive testing | |
| test: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| strategy: | |
| matrix: | |
| go-version: ['1.23', '1.24'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ matrix.go-version }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} | |
| - name: Install dependencies | |
| run: | | |
| go mod download | |
| go mod verify | |
| - name: Check Go environment | |
| run: | | |
| go version | |
| go env | |
| pwd | |
| ls -la | |
| - name: Run tests (with detailed output) | |
| run: | | |
| echo "Running all tests..." | |
| go test -v -race -coverprofile=coverage.out ./... 2>&1 | tee test-output.log | |
| echo "Test exit code: $?" | |
| - name: Run scientific paper validation tests | |
| run: | | |
| echo "Running scientific paper validation..." | |
| go test -v -run TestScientificPaperClaims 2>&1 | tee scientific-test-output.log | |
| echo "Scientific test exit code: $?" | |
| - name: Generate coverage report | |
| run: go tool cover -html=coverage.out -o coverage.html | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| - name: Upload coverage artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-report-go${{ matrix.go-version }} | |
| path: | | |
| coverage.out | |
| coverage.html | |
| # Performance benchmarking | |
| benchmark: | |
| name: Performance Benchmarks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Run benchmarks | |
| run: go test -bench=. -benchmem -run=^$ > benchmark.txt | |
| - name: Upload benchmark results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: benchmark-results | |
| path: benchmark.txt | |
| # Security vulnerability scanning | |
| security-scan: | |
| name: Security Vulnerability Scan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| # Build and test Docker image | |
| docker-build: | |
| name: Docker Build and Test | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| run: docker build -t quantum-zkp:test . | |
| - name: Verify Docker image exists | |
| run: docker images quantum-zkp:test | |
| - name: Test Docker image | |
| run: | | |
| echo "Testing Docker image default command (help)..." | |
| docker run --rm quantum-zkp:test | |
| echo "Testing demo..." | |
| docker run --rm quantum-zkp:test ./qzkp demo | |
| # Build and push Docker image (on release) | |
| docker-release: | |
| name: Docker Release | |
| runs-on: ubuntu-latest | |
| needs: [test, docker-build] | |
| if: github.event_name == 'release' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |