From a4b08865846d49ee389d07ca7c5788ad107557cc Mon Sep 17 00:00:00 2001
From: Nikolay Nechaev <Nikolay_Nechaev@mail.ru>
Date: Fri, 16 Feb 2024 19:28:40 +0300
Subject: [PATCH] Lab 3 bonus: CI

---
 .github/workflows/go-app.yml | 71 ++++++++++++++++++++++++++++++++++++
 app_go/CI.md                 | 14 +++++++
 app_go/README.md             |  7 ++++
 3 files changed, 92 insertions(+)
 create mode 100644 .github/workflows/go-app.yml
 create mode 100644 app_go/CI.md

diff --git a/.github/workflows/go-app.yml b/.github/workflows/go-app.yml
new file mode 100644
index 0000000000..8af9e20827
--- /dev/null
+++ b/.github/workflows/go-app.yml
@@ -0,0 +1,71 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Go application
+
+on:
+  push:
+    paths:
+      - .github/workflows/**
+      - app_go/**
+
+permissions:
+  contents: read
+
+jobs:
+  lint-test-snyk:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        go-version: ["1.21", "1.22"]
+
+    defaults:
+      run:
+        working-directory: ./app_go
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Go ${{ matrix.go-version }}
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+        cache-dependency-path: app_go/go.sum
+    - name: Build
+      run: go build
+    - name: Lint with `go vet`
+      run: go vet
+    - name: Test with `go test`
+      run: |
+        go test
+
+    - name: Check for vulnerabilities with Snyk
+      uses: snyk/actions/golang@master
+      with:
+        args: app_go/
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+
+  docker-build-push:
+    needs: [ lint-test-snyk ]
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Cache Docker images
+      uses: ScribeMD/docker-cache@0.3.7
+      with:
+        key: docker-app_go
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: kolay0ne
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - name: Build and push docker image
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: "{{defaultContext}}:app_go/"
+        tags: kolay0ne/app_go:${{ github.ref_name }}
diff --git a/app_go/CI.md b/app_go/CI.md
new file mode 100644
index 0000000000..6d5e285b9b
--- /dev/null
+++ b/app_go/CI.md
@@ -0,0 +1,14 @@
+# CI for `app_python`
+
+## Best practices
+
+-   Runs on push only if files in related directories have changed.
+
+-   Uses matrix strategy: runs tests with different python versions,
+    can be extended further, e.g., to use different operating systems.
+
+-   In the lint&test job, dependencies are cached and reused. Cache is
+    updated when newer versions of dependent libraries are released.
+
+-   In the docker build&push job, docker layers are cached and reused.
+    Cache is updated when any of the layers change.
diff --git a/app_go/README.md b/app_go/README.md
index 9148740957..79c1e67150 100644
--- a/app_go/README.md
+++ b/app_go/README.md
@@ -52,3 +52,10 @@ Replace `kolay0ne/app_go` with your image/tag name if you built it manually.
 ## Unit Tests
 
 To run unit tests, navigate to the project directory and run `go test`.
+
+## CI
+
+On every push to the repository that changes files under `app_go/`,
+the code is linted and tested, and checked for vulnerabilities. On success,
+an image is built and published in DockerHub under the name `kolay0ne/app_go`
+with a tag matching the branch name.