akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
f2afe73a4636ea35d0004e920600d77137e00f12
Charon/.github/workflows/quality-checks.yml
GitHub Actions a1ef8e49f3 fix: upgrade golangci-lint to v2.8.0 for action v9.2.0 compatibility 
The golangci-lint-action v9.2.0 dropped support for golangci-lint v1.x
and requires v2.x versions. The error "golangci-lint v1 is not supported
by golangci-lint-action >= v7" indicates we need to upgrade, not downgrade.

Updated both ci-pipeline.yml and quality-checks.yml from v1.64.5 to v2.8.0
to align with the current golangci-lint major version.

Fixes: #666 (golangci-lint version compatibility error)
2026-02-08 07:35:58 +00:00

233 lines
8.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Quality Checks
on:
workflow_dispatch:
inputs:
run_frontend:
description: 'Run frontend checks'
required: false
default: true
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.run_id }}
cancel-in-progress: true
permissions:
contents: read
checks: write
env:
GO_VERSION: '1.25.7'
NODE_VERSION: '24.12.0'
GOTOOLCHAIN: auto
jobs:
backend-quality:
name: Backend (Go)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ github.sha }}
- name: Set up Go
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: backend/go.sum
- name: Repo health check
run: |
bash scripts/repo_health_check.sh
- name: Run Go tests
id: go-tests
working-directory: ${{ github.workspace }}
env:
CGO_ENABLED: 1
run: |
bash scripts/go-test-coverage.sh 2>&1 | tee backend/test-output.txt
exit ${PIPESTATUS[0]}
- name: Go Test Summary
if: always()
working-directory: backend
run: |
echo "## 🔧 Backend Test Results" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.go-tests.outcome }}" == "success" ]; then
echo "✅ **All tests passed**" >> $GITHUB_STEP_SUMMARY
PASS_COUNT=$(grep -c "^--- PASS" test-output.txt || echo "0")
echo "- Tests passed: $PASS_COUNT" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Tests failed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Failed Tests:" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
grep -E "^--- FAIL|FAIL\s+github" test-output.txt || echo "See logs for details"
grep -E "^--- FAIL|FAIL\s+github" test-output.txt >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
fi
# Codecov upload moved to `codecov-upload.yml` (Docker Build-gated).
- name: Run golangci-lint
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
with:
version: v2.8.0
working-directory: backend
args: --config=.golangci-fast.yml --timeout=2m
- name: GORM Security Scanner
id: gorm-scan
run: |
chmod +x scripts/scan-gorm-security.sh
./scripts/scan-gorm-security.sh --check
continue-on-error: false
- name: GORM Security Scan Summary
if: always()
run: |
echo "## 🔒 GORM Security Scan Results" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.gorm-scan.outcome }}" == "success" ]; then
echo "✅ **No GORM security issues detected**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "All models follow secure GORM patterns:" >> $GITHUB_STEP_SUMMARY
echo "- ✅ No exposed internal database IDs" >> $GITHUB_STEP_SUMMARY
echo "- ✅ No exposed API keys or secrets" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Response DTOs properly structured" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **GORM security issues found**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Run locally for details:" >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
echo "./scripts/scan-gorm-security.sh --report" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "See [GORM Security Scanner docs](docs/implementation/gorm_security_scanner_complete.md) for remediation guidance." >> $GITHUB_STEP_SUMMARY
fi
- name: Annotate GORM Security Issues
if: failure() && steps.gorm-scan.outcome == 'failure'
run: |
echo "::error title=GORM Security Issues Detected::Run './scripts/scan-gorm-security.sh --report' locally for detailed findings. See docs/implementation/gorm_security_scanner_complete.md for remediation guidance."
- name: Run Perf Asserts
working-directory: backend
env:
# Conservative defaults to avoid flakiness on CI; tune as necessary
PERF_MAX_MS_GETSTATUS_P95: 500ms
PERF_MAX_MS_GETSTATUS_P95_PARALLEL: 1500ms
PERF_MAX_MS_LISTDECISIONS_P95: 2000ms
run: |
echo "## 🔍 Running performance assertions (TestPerf)" >> $GITHUB_STEP_SUMMARY
go test -run TestPerf -v ./internal/api/handlers -count=1 | tee perf-output.txt
exit ${PIPESTATUS[0]}
frontend-quality:
name: Frontend (React)
runs-on: ubuntu-latest
if: ${{ inputs.run_frontend != false }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
ref: ${{ github.sha }}
- name: Repo health check
run: |
bash scripts/repo_health_check.sh
- name: Set up Node.js
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: frontend/package-lock.json
- name: Check if frontend was modified in PR
id: check-frontend
run: |
EVENT_NAME="${{ github.event_name }}"
BASE_REF="${{ github.event.pull_request.base.ref }}"
if [ "$EVENT_NAME" = "push" ]; then
echo "frontend_changed=true" >> $GITHUB_OUTPUT
exit 0
fi
# Try to fetch the PR base ref. This may fail for forked PRs or other cases.
if [ -n "$BASE_REF" ]; then
git fetch origin "$BASE_REF" --depth=1 || true
fi
# Compute changed files against the PR base ref, fallback to origin/main, then fallback to last 10 commits
if [ -n "$BASE_REF" ]; then
CHANGED=$(git diff --name-only "origin/${BASE_REF}"...HEAD 2>/dev/null || echo "")
else
CHANGED=""
fi
echo "Changed files (base ref):\n$CHANGED"
if [ -z "$CHANGED" ]; then
echo "Base ref diff empty or failed; fetching origin/main for fallback..."
git fetch origin main --depth=1 || true
CHANGED=$(git diff --name-only origin/main...HEAD 2>/dev/null || echo "")
echo "Changed files (main fallback):\n$CHANGED"
fi
if [ -z "$CHANGED" ]; then
echo "Still empty; falling back to diffing last 10 commits from HEAD..."
CHANGED=$(git diff --name-only HEAD~10...HEAD 2>/dev/null || echo "")
echo "Changed files (HEAD~10 fallback):\n$CHANGED"
fi
if echo "$CHANGED" | grep -q '^frontend/'; then
echo "frontend_changed=true" >> $GITHUB_OUTPUT
else
echo "frontend_changed=false" >> $GITHUB_OUTPUT
fi
- name: Install dependencies
working-directory: frontend
if: ${{ inputs.run_frontend != false && (github.event_name == 'workflow_dispatch' || steps.check-frontend.outputs.frontend_changed == 'true') }}
run: npm ci
- name: Run frontend tests and coverage
id: frontend-tests
working-directory: ${{ github.workspace }}
if: ${{ inputs.run_frontend != false && (github.event_name == 'workflow_dispatch' || steps.check-frontend.outputs.frontend_changed == 'true') }}
run: |
bash scripts/frontend-test-coverage.sh 2>&1 | tee frontend/test-output.txt
exit ${PIPESTATUS[0]}
- name: Frontend Test Summary
if: always()
working-directory: frontend
run: |
echo "## ⚛️ Frontend Test Results" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.frontend-tests.outcome }}" == "success" ]; then
echo "✅ **All tests passed**" >> $GITHUB_STEP_SUMMARY
# Extract test counts from vitest output
if grep -q "Tests:" test-output.txt; then
grep "Tests:" test-output.txt | tail -1 >> $GITHUB_STEP_SUMMARY
fi
else
echo "❌ **Tests failed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Failed Tests:" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
# Extract failed test info from vitest output
grep -E "FAIL|✕|×|AssertionError|Error:" test-output.txt | head -30 >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
fi
# Codecov upload moved to `codecov-upload.yml` (Docker Build-gated).
- name: Run frontend lint
working-directory: frontend
run: npm run lint
continue-on-error: true
Reference in New Issue View Git Blame Copy Permalink