schwarzit.stackit-public/audit-go
1
0
Fork 0
mirror of https://dev.azure.com/schwarzit/schwarzit.stackit-public/_git/audit-go synced 2026-02-07 16:47:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
audit-go/.azuredevops/build-pipeline.yml
Christian Schaible (EXT) 80326d88a6 Merged PR 908570: feat: Update dependencies and add sonarqube configuration 
- Update dependencies
- Update related code adjustments
- Add sonarqube configuration and pipeline adjustments

Security-concept-update-needed: false.

JIRA Work Item: [STACKITRMA-822](https://jira.schwarz/browse/STACKITRMA-822)
2026-01-13 09:00:27 +00:00

127 lines
4.3 KiB
YAML
Raw Blame History

pool:
vmImage: 'ubuntu-24.04'
variables:
- name: bufVersion
# go install github.com/bufbuild/buf/cmd/buf@
value: v1.63.0
- name: golangCiLintVersion
# github.com/golangci/golangci-lint
value: v2.8.0
- name: goVersion
# github.com/golang/go
value: 1.24.0
- name: protobufValidateVersion
# go install github.com/envoyproxy/protoc-gen-validate@
value: v1.3.0
- name: protobufVersion
# go install google.golang.org/protobuf/cmd/protoc-gen-go@
value: v1.36.11
- name: GOPATH
value: '$(system.defaultWorkingDirectory)/gopath'
stages:
- stage: Build
jobs:
- job: GoBuildTest
displayName: Run build and tests
variables:
- group: artifactory-xx-sit-odj-sec-ident
- name: isCiBuild
value: $[eq(variables['Build.SourceBranch'], 'refs/heads/main')]
steps:
- task: GoTool@0
displayName: Install Go $(goVersion)
inputs:
version: $(goVersion)
- bash: |
set -e
go env -w GOMODCACHE="$(pwd)/.gomodcache"
displayName: Configure GOMODCACHE
- bash: |
set -e
go install google.golang.org/protobuf/cmd/protoc-gen-go@$(protobufVersion)
go install github.com/envoyproxy/protoc-gen-validate@$(protobufValidateVersion)
go install github.com/bufbuild/buf/cmd/buf@$(bufVersion)
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $(golangCiLintVersion)
condition: succeeded()
displayName: Install build dependencies
- bash: |
set -e
echo on
go mod download
go mod tidy
go get ./...
condition: succeeded()
displayName: Download dependencies
- bash: |
set -e
echo on
rm -rf gen/
export PATH="$PATH:$GOPATH/bin"
buf format proto -w
cd proto
buf lint
buf generate
cd -
condition: succeeded()
displayName: Regenerate code from schema
- bash: |
set -e
echo on
export PATH="$PATH:$GOPATH/bin"
go fmt ./... && go vet ./... && golangci-lint run
condition: succeeded()
displayName: Format and lint
- bash: |
set -e
echo on
git diff HEAD --name-only --exit-code
condition: succeeded()
displayName: Check local changes after code generation and formatting
- script: echo "$(ARTIFACTORY_PASSWORD)" | docker login schwarzit-docker.jfrog.io --username $(ARTIFACTORY_USER) --password-stdin
displayName: 'Docker login'
condition: succeeded()
- bash: go build ./...
condition: succeeded()
displayName: Build
- bash: go test ./...
condition: succeeded()
displayName: Run tests
- task: SnykSecurityScan@1
condition: and(succeeded(), eq(variables.isCiBuild, true))
displayName: Snyk check (main branch)
inputs:
additionalArguments: "--remote-repo-url=$(Build.Repository.Uri)"
failOnIssues: false
monitorWhen: 'always'
organization: 'xx-sit-odj-stackit-public'
projectName: $(Build.Repository.Name)
serviceConnectionEndpoint: 'xx-sit-odj-stackit-public-snyk'
testType: 'app'
- task: SnykSecurityScan@1
condition: and(succeeded(), eq(variables.isCiBuild, false))
displayName: Snyk check
inputs:
additionalArguments: "--remote-repo-url=$(Build.Repository.Uri)"
failOnIssues: false
monitorWhen: 'never'
organization: 'xx-sit-odj-stackit-public'
projectName: $(Build.Repository.Name)
serviceConnectionEndpoint: 'xx-sit-odj-stackit-public-snyk'
testType: 'app'
- bash: sudo rm -rf .gomodcache
condition: always()
displayName: Clean up the local cache (.gomodcache)
Reference in a new issue View git blame Copy permalink