audit-go/.azuredevops/build-pipeline.yml

pool:
  vmImage: 'ubuntu-24.04'

variables:
  - name: bufVersion
    # go install github.com/bufbuild/buf/cmd/buf@
    value: v1.61.0
  - name: golangCiLintVersion
    # github.com/golangci/golangci-lint
    value: v2.6.2
  - name: goVersion
    # github.com/golang/go
    value: 1.24.0
  - name: protobufValidateVersion
    # go install github.com/envoyproxy/protoc-gen-validate@
    value: v1.2.1
  - name: protobufVersion
    # go install google.golang.org/protobuf/cmd/protoc-gen-go@
    value: v1.36.10
  - name: GOPATH
    value: '$(system.defaultWorkingDirectory)/gopath'

stages:
  - stage: Build
    jobs:
      - job: GoBuildTest
        displayName: Run build and tests
        variables:
          - group: artifactory-xx-sit-odj-sec-ident
          - name: isCiBuild
            value: $[eq(variables['Build.SourceBranch'], 'refs/heads/main')]
        steps:
          - task: GoTool@0
            displayName: Install Go $(goVersion)
            inputs:
              version: $(goVersion)

          - bash: |
              set -e
              go env -w GOMODCACHE="$(pwd)/.gomodcache"              
            displayName: Configure GOMODCACHE

          - bash: |
              set -e
              go install google.golang.org/protobuf/cmd/protoc-gen-go@$(protobufVersion)
              go install github.com/envoyproxy/protoc-gen-validate@$(protobufValidateVersion)
              go install github.com/bufbuild/buf/cmd/buf@$(bufVersion)
              curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $(golangCiLintVersion)              
            condition: succeeded()
            displayName: Install build dependencies

          - bash: |
              set -e
              echo on
              go mod download
              go mod tidy
              go get ./...              
            condition: succeeded()
            displayName: Download dependencies

          - bash: |
              set -e
              echo on
              rm -rf gen/
              export PATH="$PATH:$GOPATH/bin"
              buf format proto -w
              cd proto
              buf lint
              buf generate
              cd -              
            condition: succeeded()
            displayName: Regenerate code from schema

          - bash: |
              set -e
              echo on
              export PATH="$PATH:$GOPATH/bin"
              go fmt ./... && go vet ./... && golangci-lint run              
            condition: succeeded()
            displayName: Format and lint

          - bash: |
              set -e
              echo on
              git diff HEAD --name-only --exit-code              
            condition: succeeded()
            displayName: Check local changes after code generation and formatting

          - script: echo "$(ARTIFACTORY_PASSWORD)" | docker login schwarzit-docker.jfrog.io --username $(ARTIFACTORY_USER) --password-stdin
            displayName: 'Docker login'
            condition: succeeded()

          - bash: go build ./...
            condition: succeeded()
            displayName: Build

          - bash: go test ./...
            condition: succeeded()
            displayName: Run tests

          - task: SnykSecurityScan@1
            condition: and(succeeded(), eq(variables.isCiBuild, true))
            displayName: Snyk check (main branch)
            inputs:
              additionalArguments: "--remote-repo-url=$(Build.Repository.Uri)"
              failOnIssues: false
              monitorWhen: 'always'
              organization: 'xx-sit-odj-stackit-public'
              projectName: $(Build.Repository.Name)
              serviceConnectionEndpoint: 'xx-sit-odj-stackit-public-snyk'
              testType: 'app'

          - task: SnykSecurityScan@1
            condition: and(succeeded(), eq(variables.isCiBuild, false))
            displayName: Snyk check
            inputs:
              additionalArguments: "--remote-repo-url=$(Build.Repository.Uri)"
              failOnIssues: false
              monitorWhen: 'never'
              organization: 'xx-sit-odj-stackit-public'
              projectName: $(Build.Repository.Name)
              serviceConnectionEndpoint: 'xx-sit-odj-stackit-public-snyk'
              testType: 'app'

          - bash: sudo rm -rf .gomodcache
            condition: always()
            displayName: Clean up the local cache (.gomodcache)