From f8fecc396782092341f931f4586791a777e710ad Mon Sep 17 00:00:00 2001 From: Kaj Kowalski Date: Wed, 5 Nov 2025 22:34:08 +0100 Subject: [PATCH] chore: clean up CI workflows by removing unused release job and updating permissions --- .github/workflows/ci.yml | 134 +----------------------- .github/workflows/dependency-review.yml | 1 + .github/workflows/release.yml | 86 ++++++++++++++- 3 files changed, 86 insertions(+), 135 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f09eb4..1b92398 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,8 +3,6 @@ name: CI on: push: branches: ['master', 'develop'] - tags: - - 'v*.*.*' pull_request: branches: ['master', 'develop', 'feature/*'] @@ -352,136 +350,6 @@ jobs: fail-on-severity: moderate comment-summary-in-pr: always - release: - name: Release - runs-on: ubuntu-latest - if: github.ref_type == 'tag' - permissions: - contents: write - needs: ['test'] - steps: - - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: 'go.mod' - check-latest: true - - - name: Run tests - run: | - echo "## 🚀 Release Tests" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - go test -v ./... 2>&1 | tee release-test-output.log - TEST_STATUS=$? - - TOTAL_TESTS=$(grep -c "=== RUN" release-test-output.log || echo "0") - PASSED_TESTS=$(grep -c "--- PASS:" release-test-output.log || echo "0") - FAILED_TESTS=$(grep -c "--- FAIL:" release-test-output.log || echo "0") - - echo "| Metric | Value |" >> $GITHUB_STEP_SUMMARY - echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY - echo "| Total Tests | $TOTAL_TESTS |" >> $GITHUB_STEP_SUMMARY - echo "| Passed | ✅ $PASSED_TESTS |" >> $GITHUB_STEP_SUMMARY - echo "| Failed | ❌ $FAILED_TESTS |" >> $GITHUB_STEP_SUMMARY - echo "| Status | $([ $TEST_STATUS -eq 0 ] && echo "✅ PASSED" || echo "❌ FAILED") |" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - exit $TEST_STATUS - - - name: Install UPX - run: | - sudo apt-get update - sudo apt-get install -y upx - - - name: Build binaries - run: | - echo "## 🔨 Build Process" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Set the build time environment variable using git commit timestamp - BUILD_TIME=$(git log -1 --format=%cd --date=iso-strict) - - # Add run permissions to the build script - chmod +x ./scripts/build.sh - - # Display help information for the build script - ./scripts/build.sh --help - - echo "**Build Configuration:**" >> $GITHUB_STEP_SUMMARY - echo "- Version: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY - echo "- Build Time: $BUILD_TIME" >> $GITHUB_STEP_SUMMARY - echo "- Git Commit: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Build for all platforms - ./scripts/build.sh \ - --verbose \ - -ldflags "-s -w -X github.com/kjanat/articulate-parser/internal/version.Version=${{ github.ref_name }} -X github.com/kjanat/articulate-parser/internal/version.BuildTime=$BUILD_TIME -X github.com/kjanat/articulate-parser/internal/version.GitCommit=${{ github.sha }}" - - - name: Compress binaries with UPX - run: | - echo "## 📦 Binary Compression" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - echo "Compressing binaries with UPX..." - cd build/ - - # Get original sizes - echo "**Original sizes:**" >> $GITHUB_STEP_SUMMARY - echo "\`\`\`" >> $GITHUB_STEP_SUMMARY - ls -lah >> $GITHUB_STEP_SUMMARY - echo "\`\`\`" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - # Compress all binaries except Darwin (macOS) binaries as UPX doesn't work well with recent macOS versions - for binary in articulate-parser-*; do - echo "Compressing $binary..." - upx --best "$binary" || { - echo "Warning: UPX compression failed for $binary, keeping original" - } - - # if [[ "$binary" == *"darwin"* ]]; then - # echo "Skipping UPX compression for $binary (macOS compatibility)" - # else - # echo "Compressing $binary..." - # upx --best "$binary" || { # removed `--lzma` - # echo "Warning: UPX compression failed for $binary, keeping original" - # } - # fi - done - - echo "**Final sizes:**" >> $GITHUB_STEP_SUMMARY - echo "\`\`\`" >> $GITHUB_STEP_SUMMARY - ls -lah >> $GITHUB_STEP_SUMMARY - echo "\`\`\`" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - - name: Upload a Build Artifact - uses: actions/upload-artifact@v5.6.2 - with: - name: build-artifacts - path: build/ - if-no-files-found: ignore - retention-days: 1 - compression-level: 9 - overwrite: true - include-hidden-files: true - - - name: Create Release - uses: softprops/action-gh-release@v2 - with: - files: build/* - generate_release_notes: true - draft: false - # Mark v0.x.x releases as prerelease (pre-1.0 versions are considered unstable) - prerelease: ${{ startsWith(github.ref, 'refs/tags/v0.') }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - docker: name: Docker Build & Push runs-on: ubuntu-latest @@ -489,7 +357,7 @@ jobs: contents: read packages: write needs: ['test'] - if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/feature/docker')) + if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/feature/docker')) steps: - name: Checkout repository uses: actions/checkout@v5 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index a298d5e..60358ad 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,6 +10,7 @@ permissions: contents: read # Required to post security advisories security-events: write + pull-requests: write jobs: dependency-review: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ac48284..13ac330 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,10 +3,16 @@ name: Release on: push: tags: - - 'v*.*.*' + - "v*.*.*" + workflow_call: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} permissions: contents: write + packages: write jobs: release: @@ -21,7 +27,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version-file: 'go.mod' + go-version-file: "go.mod" check-latest: true - name: Run tests @@ -72,3 +78,79 @@ jobs: prerelease: ${{ startsWith(github.ref, 'refs/tags/v0.') }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + docker: + name: Docker Build & Push + runs-on: ubuntu-latest + needs: ['release'] + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.IMAGE_NAME }} + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=raw,value=latest,enable={{is_default_branch}} + labels: | + org.opencontainers.image.title=Articulate Parser + org.opencontainers.image.description=A powerful CLI tool to parse Articulate Rise courses and export them to multiple formats including Markdown HTML and DOCX. Supports media extraction content cleaning and batch processing for educational content conversion. + org.opencontainers.image.vendor=kjanat + org.opencontainers.image.licenses=MIT + org.opencontainers.image.url=https://github.com/${{ github.repository }} + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/master/DOCKER.md + + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + platforms: | + linux/amd64 + linux/arm64 + linux/arm/v7 + linux/386 + linux/ppc64le + linux/s390x + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.labels }} + build-args: | + VERSION=${{ github.ref_name }} + BUILD_TIME=${{ github.event.head_commit.timestamp || github.event.repository.pushed_at }} + GIT_COMMIT=${{ github.sha }} + cache-from: type=gha + cache-to: type=gha,mode=max + outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=A powerful CLI tool to parse Articulate Rise courses and export them to multiple formats including Markdown HTML and DOCX. Supports media extraction content cleaning and batch processing for educational content conversion. + sbom: true + provenance: true