name: Backend CI on: push: branches: [main, master, develop] pull_request: branches: [main, master, develop] jobs: test: name: Test runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version-file: go.mod cache: true - name: Download dependencies run: go mod download - name: Run tests run: go test -race -count=1 ./... contract-tests: name: Contract Tests runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version-file: go.mod cache: true - name: Download dependencies run: go mod download - name: Run contract validation run: go test -v -run "TestRouteSpecContract|TestKMPSpecContract" ./internal/integration/ build: name: Build runs-on: ubuntu-latest needs: [test, contract-tests] steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version-file: go.mod cache: true - name: Build API run: go build -ldflags "-s -w" -o bin/casera-api ./cmd/api - name: Build Worker run: go build -ldflags "-s -w" -o bin/casera-worker ./cmd/worker lint: name: Lint runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version-file: go.mod cache: true - name: Run go vet run: go vet ./... - name: Check formatting run: | unformatted=$(gofmt -l .) if [ -n "$unformatted" ]; then echo "Unformatted files:" echo "$unformatted" exit 1 fi - name: Install govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck run: govulncheck ./... secrets: name: Secret Scanning runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run gitleaks uses: gitleaks/gitleaks-action@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}