include: - template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml' - project: unboundsoftware/ci-templates file: Release.gitlab-ci.yml - project: unboundsoftware/ci-templates file: Pre-Commit-Go.gitlab-ci.yml stages: - build - test - deploy-prod - release variables: UNBOUND_RELEASE_TAG_ONLY: true .buildtools: image: buildtool/build-tools:${BUILDTOOLS_VERSION} check: stage: .pre image: golang:1.23.5@sha256:e213430692e5c31aba27473cdc84cfff2896d0c097e984bef67b6a44c75a8181 script: - go install mvdan.cc/gofumpt@latest - go install golang.org/x/tools/cmd/goimports@latest - go generate ./... - git diff --stat --exit-code build: extends: .buildtools stage: build script: - build - curl -Os https://uploader.codecov.io/latest/linux/codecov - chmod +x codecov - ./codecov -t ${CODECOV_TOKEN} -R $CI_PROJECT_DIR -C $CI_COMMIT_SHA -r $CI_PROJECT_PATH - push vulnerabilities: stage: build image: golang:1.23.5@sha256:e213430692e5c31aba27473cdc84cfff2896d0c097e984bef67b6a44c75a8181 script: - go install golang.org/x/vuln/cmd/govulncheck@latest - govulncheck ./... deploy-prod: extends: .buildtools stage: deploy-prod before_script: - echo Deploy to prod script: - deploy prod rules: - if: $CI_COMMIT_BRANCH == "main" environment: name: prod check_release: stage: test image: name: goreleaser/goreleaser:v2.6.1@sha256:8577ee8e351783b8c89ce26c973c3dbd4f854121e0c5456893ea4c9a3a6d76ce entrypoint: [ '' ] script: | goreleaser check goreleaser release --snapshot --clean release: stage: release needs: - unbound_release_prepare_release image: name: goreleaser/goreleaser:v2.6.1@sha256:8577ee8e351783b8c89ce26c973c3dbd4f854121e0c5456893ea4c9a3a6d76ce entrypoint: [ '' ] variables: # Disable shallow cloning so that goreleaser can diff between tags to # generate a changelog. GIT_DEPTH: 0 GITLAB_TOKEN: $GITLAB_CI_TOKEN # Only run this release job for tags, not every commit (for example). rules: - if: $CI_COMMIT_TAG script: | goreleaser release --clean --release-notes=CHANGES.md