From 058ad927d005f1e228eef0b9399c472524ddabfb Mon Sep 17 00:00:00 2001 From: JeremyCurmi <54748653+JeremyCurmi@users.noreply.github.com> Date: Sat, 18 Oct 2025 13:17:15 +0200 Subject: [PATCH 1/5] chore: update Docker action inputs and add latest_tag option --- .../actions/build-publish-docker/action.yml | 98 +++++++++++-------- .github/workflows/docker-service.yml | 45 +++++---- 2 files changed, 82 insertions(+), 61 deletions(-) diff --git a/.github/actions/build-publish-docker/action.yml b/.github/actions/build-publish-docker/action.yml index cf9b6d2..30fae55 100644 --- a/.github/actions/build-publish-docker/action.yml +++ b/.github/actions/build-publish-docker/action.yml @@ -12,7 +12,7 @@ inputs: tag-prefix: description: "tag prefix" required: true - default: "" + default: "" dockerfile: description: "docker file" required: true @@ -21,7 +21,7 @@ inputs: description: "set build-time variables" required: false default: "" - ssh_key: + ssh_key: description: "ssh key" required: true default: "" @@ -32,11 +32,11 @@ inputs: ecr_aws_access_key_id: description: "ecr aws access key id" required: true - default: "" + default: "" ecr_aws_secret_key: description: "ecr aws secret key" required: true - default: "" + default: "" git_fetch_submodules: description: "checkout and fetch submodules" default: "true" @@ -44,6 +44,10 @@ inputs: description: "github token" required: true default: "" + latest_tag: + description: "latest tag" + required: false + default: "false" runs: using: "composite" steps: @@ -51,25 +55,25 @@ runs: if: inputs.git_fetch_submodules == 'true' with: submodules: recursive - ssh-key: ${{ inputs.ssh_key }} + ssh-key: ${{ inputs.ssh_key }} - uses: actions/checkout@v3 - if: inputs.git_fetch_submodules != 'true' + if: inputs.git_fetch_submodules != 'true' - name: Install SSH Key # You may pin to the exact commit or the version. # uses: shimataro/ssh-key-action@3c9b0fc6f2d223b8450b02a0445f526350fc73e0 uses: shimataro/ssh-key-action@v2.3.1 with: key: ${{ inputs.ssh_key }} - known_hosts: ${{ inputs.ssh_known_hosts }} + known_hosts: ${{ inputs.ssh_known_hosts }} - name: Copy SSH Key shell: bash run: cp ~/.ssh/id_rsa . - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ inputs.ecr_aws_access_key_id }} - aws-secret-access-key: ${{ inputs.ecr_aws_secret_key }} - aws-region: eu-west-1 + aws-access-key-id: ${{ inputs.ecr_aws_access_key_id }} + aws-secret-access-key: ${{ inputs.ecr_aws_secret_key }} + aws-region: eu-west-1 - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v1 @@ -88,39 +92,51 @@ runs: id: findPr with: # Can be "open", "closed", or "all". Defaults to "open". - state: open + state: open - name: Cache Docker layers continue-on-error: true uses: actions/cache@v3 with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- - name: Build and push if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' uses: docker/build-push-action@v3 with: - context: . - platforms: linux/amd64 - push: true - tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclick-${{ env.BUILD_NUMBER }} - file: ${{inputs.dockerfile}} - build-args: ${{ inputs.build-args }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclick-${{ env.BUILD_NUMBER }} + file: ${{inputs.dockerfile}} + build-args: ${{ inputs.build-args }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + - name: Build and push latest + if: (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') && inputs.latest_tag == 'true' + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}latest + file: ${{inputs.dockerfile}} + build-args: ${{ inputs.build-args }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Build and push PR if: (github.ref != 'refs/heads/master' || github.ref != 'refs/heads/main') && steps.findPr.outputs.number > 0 uses: docker/build-push-action@v3 with: - context: . - platforms: linux/amd64 - push: true - tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }} - file: ${{inputs.dockerfile}} - build-args: ${{ inputs.build-args }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }} + file: ${{inputs.dockerfile}} + build-args: ${{ inputs.build-args }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Comment oneclick PR tag if: (github.ref != 'refs/heads/master' || github.ref != 'refs/heads/main') && steps.findPr.outputs.number > 0 uses: marocchino/sticky-pull-request-comment@v2 @@ -129,19 +145,19 @@ runs: header: OneClick PR tag recreate: true message: | - Your build has the image tag: `${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}` :sparkles: + Your build has the image tag: `${{inputs.tag-prefix}}oneclickpr-${{ steps.findPr.outputs.pr }}-${{ env.BUILD_NUMBER }}` :sparkles: - name: Build and push Release if: contains(github.ref, 'release') uses: docker/build-push-action@v3 with: - context: . - platforms: linux/amd64 - push: true - tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickrelease-${{ env.BUILD_NUMBER }} - file: ${{inputs.dockerfile}} - build-args: ${{ inputs.build-args }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.login-ecr.outputs.registry }}/${{inputs.image}}:${{inputs.tag-prefix}}oneclickrelease-${{ env.BUILD_NUMBER }} + file: ${{inputs.dockerfile}} + build-args: ${{ inputs.build-args }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new # This ugly bit is necessary if you don't want your cache to grow forever # until it hits GitHub's limit of 5GB. # Temp fix @@ -152,4 +168,4 @@ runs: shell: bash run: | rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/docker-service.yml b/.github/workflows/docker-service.yml index e98bef4..f709a55 100644 --- a/.github/workflows/docker-service.yml +++ b/.github/workflows/docker-service.yml @@ -9,7 +9,7 @@ on: tag-prefix: required: false type: string - default: "" + default: "" dockerfile: required: false type: string @@ -20,17 +20,21 @@ on: default: "" start-build-from: required: false - type: string - default: "0" - git_fetch_submodules: - required: false + type: string + default: "0" + git_fetch_submodules: + required: false type: string default: "true" + latest_tag: + required: false + type: string + default: "false" secrets: FT_SSH_KEY: required: true FT_BITBUCKET_KNOWN_HOSTS: - required: true + required: true FT_ECR_AWS_ACCESS_KEY_ID: required: true FT_ECR_AWS_SECRET_ACCESS_KEY: @@ -40,17 +44,18 @@ jobs: build-service: runs-on: ubuntu-latest steps: - - name: Build & Publish - uses: fasttrack-solutions/ci/.github/actions/build-publish-docker@main - with: - image: ${{ inputs.image }} - tag-prefix: ${{ inputs.tag-prefix }} - dockerfile: ${{ inputs.dockerfile }} - build-args: ${{ inputs.build-args }} - ssh_key: ${{ secrets.FT_SSH_KEY }} - ssh_known_hosts: ${{ secrets.FT_BITBUCKET_KNOWN_HOSTS }} - ecr_aws_access_key_id: ${{ secrets.FT_ECR_AWS_ACCESS_KEY_ID }} - ecr_aws_secret_key: ${{ secrets.FT_ECR_AWS_SECRET_ACCESS_KEY }} - start-build-from: ${{ inputs.start-build-from }} - git_fetch_submodules: ${{ inputs.git_fetch_submodules }} - github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Build & Publish + uses: fasttrack-solutions/ci/.github/actions/build-publish-docker@main + with: + image: ${{ inputs.image }} + tag-prefix: ${{ inputs.tag-prefix }} + dockerfile: ${{ inputs.dockerfile }} + build-args: ${{ inputs.build-args }} + ssh_key: ${{ secrets.FT_SSH_KEY }} + ssh_known_hosts: ${{ secrets.FT_BITBUCKET_KNOWN_HOSTS }} + ecr_aws_access_key_id: ${{ secrets.FT_ECR_AWS_ACCESS_KEY_ID }} + ecr_aws_secret_key: ${{ secrets.FT_ECR_AWS_SECRET_ACCESS_KEY }} + start-build-from: ${{ inputs.start-build-from }} + git_fetch_submodules: ${{ inputs.git_fetch_submodules }} + github_token: ${{ secrets.GITHUB_TOKEN }} + latest_tag: ${{ inputs.latest_tag }} From 3045d7ce0f4c3313db3eb0608b3c4286ae837362 Mon Sep 17 00:00:00 2001 From: JeremyCurmi <54748653+JeremyCurmi@users.noreply.github.com> Date: Sat, 18 Oct 2025 13:19:30 +0200 Subject: [PATCH 2/5] chore: update .gitignore to include .cursor --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 723ef36..000bd78 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -.idea \ No newline at end of file +.idea +.cursor \ No newline at end of file From 63e0038d54825a1b6dd5ea9296a55c788cc48524 Mon Sep 17 00:00:00 2001 From: JeremyCurmi <54748653+JeremyCurmi@users.noreply.github.com> Date: Sat, 18 Oct 2025 13:33:21 +0200 Subject: [PATCH 3/5] fix: update workflow to use correct action branch - Change action reference from @main to @feat/latest-tag-workflow - Ensures latest_tag parameter is available in the action --- .github/workflows/docker-service.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-service.yml b/.github/workflows/docker-service.yml index f709a55..73d5a66 100644 --- a/.github/workflows/docker-service.yml +++ b/.github/workflows/docker-service.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Build & Publish - uses: fasttrack-solutions/ci/.github/actions/build-publish-docker@main + uses: fasttrack-solutions/ci/.github/actions/build-publish-docker@feat/latest-tag-workflow with: image: ${{ inputs.image }} tag-prefix: ${{ inputs.tag-prefix }} From afd3d87f80786c77da6b9173fdbd25d4a9d121b0 Mon Sep 17 00:00:00 2001 From: JeremyCurmi <54748653+JeremyCurmi@users.noreply.github.com> Date: Sat, 18 Oct 2025 13:43:47 +0200 Subject: [PATCH 4/5] fix: update workflow to use main branch for Docker action --- .github/workflows/docker-service.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-service.yml b/.github/workflows/docker-service.yml index 73d5a66..f709a55 100644 --- a/.github/workflows/docker-service.yml +++ b/.github/workflows/docker-service.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Build & Publish - uses: fasttrack-solutions/ci/.github/actions/build-publish-docker@feat/latest-tag-workflow + uses: fasttrack-solutions/ci/.github/actions/build-publish-docker@main with: image: ${{ inputs.image }} tag-prefix: ${{ inputs.tag-prefix }} From d8d919508d85ee168cf45f40e22e4c11fd72482a Mon Sep 17 00:00:00 2001 From: JeremyCurmi <54748653+JeremyCurmi@users.noreply.github.com> Date: Tue, 16 Dec 2025 12:42:59 +0100 Subject: [PATCH 5/5] Skip Go tests when only docs or infra change --- .github/workflows/golang-ci.yml | 68 ++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 2 deletions(-) diff --git a/.github/workflows/golang-ci.yml b/.github/workflows/golang-ci.yml index b46ebee..54a5897 100644 --- a/.github/workflows/golang-ci.yml +++ b/.github/workflows/golang-ci.yml @@ -62,6 +62,66 @@ jobs: - 2375:2375 steps: - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Detect code changes + id: detect-code-changes + shell: bash + env: + DEFAULT_BRANCH: ${{ github.event.repository.default_branch || 'main' }} + run: | + set -eo pipefail + + BASE_SHA="${{ github.event.pull_request.base.sha || '' }}" + BEFORE_SHA="${{ github.event.before || '' }}" + CURRENT_SHA="${{ github.sha }}" + + if [[ -z "$BASE_SHA" || "$BASE_SHA" =~ ^0+$ ]]; then + BASE_SHA="$BEFORE_SHA" + fi + + if [[ -z "$BASE_SHA" || "$BASE_SHA" =~ ^0+$ ]]; then + if git rev-parse HEAD^ >/dev/null 2>&1; then + BASE_SHA="$(git rev-parse HEAD^)" + fi + fi + + if [[ -z "$BASE_SHA" || "$BASE_SHA" =~ ^0+$ ]]; then + echo "Falling back to origin/${DEFAULT_BRANCH}" + git fetch --no-tags --prune --depth=1 origin "$DEFAULT_BRANCH" + BASE_SHA="origin/${DEFAULT_BRANCH}" + fi + + echo "Comparing changes between $BASE_SHA and $CURRENT_SHA" + CHANGED_FILES="$(git diff --name-only "$BASE_SHA" "$CURRENT_SHA")" + echo "$CHANGED_FILES" + + CAN_SKIP="true" + if [[ -n "$CHANGED_FILES" ]]; then + while IFS= read -r file; do + [[ -z "$file" ]] && continue + lower="${file,,}" + if [[ "$lower" == *.md ]]; then + continue + fi + if [[ "$file" == deployments/oneclickdeployment/* ]]; then + continue + fi + CAN_SKIP="false" + break + done <<< "$CHANGED_FILES" + fi + + RUN_TESTS="true" + if [[ "$CAN_SKIP" == "true" ]]; then + RUN_TESTS="false" + echo "Only documentation or deployments/oneclickdeployment files changed; skipping Go tests." + else + echo "Code-affecting changes detected; Go tests will run." + fi + + echo "run-tests=$RUN_TESTS" >> "$GITHUB_OUTPUT" - name: Docker Hub login run: echo "${{ secrets.DOCKERHUB_PULL_TOKEN }}" | docker login -u "${{ inputs.dockerhub_username }}" --password-stdin @@ -136,22 +196,26 @@ jobs: run: go build ./... - name: Test Dir + if: ${{ steps.detect-code-changes.outputs.run-tests == 'true' }} run: mkdir test-reports - name: Get gotestsum + if: ${{ steps.detect-code-changes.outputs.run-tests == 'true' }} run: go install gotest.tools/gotestsum@v1.12.3 - name: Run Test + if: ${{ steps.detect-code-changes.outputs.run-tests == 'true' }} run: MYSQL_VERSION=${{ inputs.go-test-mysql-version }} gotestsum --junitfile test-reports/report.xml -- -timeout ${{ inputs.go-test-timeout }} -parallel=5 -covermode=atomic -coverprofile=cover.out ./... - name: Test Report uses: dorny/test-reporter@v1 - if: success() || failure() # run this step even if previous step failed + if: ${{ steps.detect-code-changes.outputs.run-tests == 'true' && (success() || failure()) }} # run this step even if previous step failed with: name: Unit tests # Name of the check run which will be created path: test-reports/*.xml # Path to test results reporter: java-junit - name: Upload coverage reports to Codecov + if: ${{ steps.detect-code-changes.outputs.run-tests == 'true' }} continue-on-error: true uses: codecov/codecov-action@v3 env: @@ -170,4 +234,4 @@ jobs: uses: actions/cache@v3 with: path: /tmp/docker-cache - key: docker-cache-${{ runner.os }}-${{ github.sha }} \ No newline at end of file + key: docker-cache-${{ runner.os }}-${{ github.sha }}