Skip to content

Commit 675fd1e

Browse files
mrz1836mrz1836
committed
feat(ci): improve workflow infrastructure and performance tracking
- Add status-check-result input to performance summary - Enhance fortress setup configuration workflow - Update build system configuration - Improve matrix handling in fortress workflow
1 parent 48c2366 commit 675fd1e

File tree

4 files changed

+112
-60
lines changed

4 files changed

+112
-60
lines changed

.github/workflows/fortress-performance-summary.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,11 @@ on:
5151
required: false
5252
type: string
5353
default: "skipped"
54+
status-check-result:
55+
description: "Result of the status-check job"
56+
required: false
57+
type: string
58+
default: "skipped"
5459
test-matrix:
5560
description: "Test matrix JSON"
5661
required: true
@@ -263,6 +268,8 @@ jobs:
263268
if [[ "${{ inputs.benchmarks-result }}" != "skipped" ]]; then
264269
echo "| 🏃 Benchmarks | ${{ inputs.benchmarks-result }} | $([ "${{ inputs.benchmarks-result }}" = "success" ] && echo "✅" || echo "❌") |"
265270
fi
271+
# Always show status-check result
272+
echo "| 🎯 All Tests Passed | ${{ inputs.status-check-result }} | $([ "${{ inputs.status-check-result }}" = "success" ] && echo "✅" || echo "❌") |"
266273
# Only show release row if it was attempted
267274
if [[ "${{ inputs.release-result }}" != "skipped" ]]; then
268275
echo "| 🚀 Release | ${{ inputs.release-result }} | $([ "${{ inputs.release-result }}" = "success" ] && echo "✅" || echo "❌") |"
@@ -312,6 +319,7 @@ jobs:
312319
[ "${{ inputs.code-quality-result }}" != "success" ] && [ "${{ inputs.code-quality-result }}" != "skipped" ] && FAILED_JOBS="${FAILED_JOBS}Code Quality, "
313320
[ "${{ inputs.test-suite-result }}" != "success" ] && [ "${{ inputs.test-suite-result }}" != "skipped" ] && FAILED_JOBS="${FAILED_JOBS}Test Suite, "
314321
[ "${{ inputs.benchmarks-result }}" != "success" ] && [ "${{ inputs.benchmarks-result }}" != "skipped" ] && FAILED_JOBS="${FAILED_JOBS}Benchmarks, "
322+
[ "${{ inputs.status-check-result }}" != "success" ] && [ "${{ inputs.status-check-result }}" != "skipped" ] && FAILED_JOBS="${FAILED_JOBS}Status Check, "
315323
[ "${{ inputs.release-result }}" != "success" ] && [ "${{ inputs.release-result }}" != "skipped" ] && FAILED_JOBS="${FAILED_JOBS}Release, "
316324
317325
if [ -n "$FAILED_JOBS" ]; then

.github/workflows/fortress-setup-config.yml

Lines changed: 94 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,18 @@ on:
6969
security-scans-enabled:
7070
description: "Whether security scans are enabled"
7171
value: ${{ jobs.setup-config.outputs.security-scans-enabled }}
72+
nancy-enabled:
73+
description: "Whether Nancy dependency checks are enabled"
74+
value: ${{ jobs.setup-config.outputs.nancy-enabled }}
75+
govulncheck-enabled:
76+
description: "Whether govulncheck vulnerability scanning is enabled"
77+
value: ${{ jobs.setup-config.outputs.govulncheck-enabled }}
78+
gitleaks-enabled:
79+
description: "Whether Gitleaks secret scanning is enabled"
80+
value: ${{ jobs.setup-config.outputs.gitleaks-enabled }}
81+
is-release-run:
82+
description: "Whether this is a release-eligible run (tag starting with v)"
83+
value: ${{ jobs.setup-config.outputs.is-release-run }}
7284
start-epoch:
7385
description: "Workflow start epoch time"
7486
value: ${{ jobs.setup-config.outputs.start-epoch }}
@@ -110,6 +122,10 @@ jobs:
110122
race-detection-enabled: ${{ steps.config.outputs.race-detection-enabled }}
111123
secondary-runner: ${{ steps.config.outputs.secondary-runner }}
112124
security-scans-enabled: ${{ steps.config.outputs.security-scans-enabled }}
125+
nancy-enabled: ${{ steps.config.outputs.nancy-enabled }}
126+
govulncheck-enabled: ${{ steps.config.outputs.govulncheck-enabled }}
127+
gitleaks-enabled: ${{ steps.config.outputs.gitleaks-enabled }}
128+
is-release-run: ${{ steps.config.outputs.is-release-run }}
113129
start-epoch: ${{ steps.timer.outputs.start-epoch }}
114130
start-time: ${{ steps.timer.outputs.start-time }}
115131
static-analysis-enabled: ${{ steps.config.outputs.static-analysis-enabled }}
@@ -284,10 +300,26 @@ jobs:
284300
echo "go-lint-enabled=${{ env.ENABLE_GO_LINT }}" >> $GITHUB_OUTPUT
285301
echo "yaml-lint-enabled=${{ env.ENABLE_YAML_LINT }}" >> $GITHUB_OUTPUT
286302
echo "race-detection-enabled=${{ env.ENABLE_RACE_DETECTION }}" >> $GITHUB_OUTPUT
287-
echo "security-scans-enabled=${{ env.ENABLE_SECURITY_SCANS }}" >> $GITHUB_OUTPUT
303+
# Security scans - enable if any individual tool is enabled
304+
if [[ "${{ env.ENABLE_SECURITY_SCAN_NANCY }}" == "true" || "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" || "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ]]; then
305+
echo "security-scans-enabled=true" >> $GITHUB_OUTPUT
306+
else
307+
echo "security-scans-enabled=false" >> $GITHUB_OUTPUT
308+
fi
309+
echo "nancy-enabled=${{ env.ENABLE_SECURITY_SCAN_NANCY }}" >> $GITHUB_OUTPUT
310+
echo "govulncheck-enabled=${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" >> $GITHUB_OUTPUT
311+
echo "gitleaks-enabled=${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" >> $GITHUB_OUTPUT
288312
echo "static-analysis-enabled=${{ env.ENABLE_STATIC_ANALYSIS }}" >> $GITHUB_OUTPUT
289313
echo "fuzz-testing-enabled=${{ env.ENABLE_FUZZ_TESTING }}" >> $GITHUB_OUTPUT
290314
315+
# Detect if this is a release run
316+
if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
317+
echo "is-release-run=true" >> $GITHUB_OUTPUT
318+
echo "🚀 Release detected: Tag ${{ github.ref_name }}"
319+
else
320+
echo "is-release-run=false" >> $GITHUB_OUTPUT
321+
fi
322+
291323
# ————————————————————————————————————————————————————————————————
292324
# Build the final summary of the configuration
293325
# ————————————————————————————————————————————————————————————————
@@ -310,26 +342,30 @@ jobs:
310342
echo "_Generated at: ${SUMMARY_TIME}_" >> $GITHUB_STEP_SUMMARY
311343
echo "" >> $GITHUB_STEP_SUMMARY
312344
313-
# Environment Overview
314-
echo "## 📊 Environment Overview" >> $GITHUB_STEP_SUMMARY
315-
echo "- **Total Environment Variables Loaded**: $ENV_COUNT" >> $GITHUB_STEP_SUMMARY
316-
echo "- **Configuration Source**: \`.github/.env.shared\`" >> $GITHUB_STEP_SUMMARY
317-
echo "- **Workflow Start Time**: ${{ steps.timer.outputs.start-time }}" >> $GITHUB_STEP_SUMMARY
318-
echo "" >> $GITHUB_STEP_SUMMARY
319-
320-
# All Environment Variables
321-
echo "## 🔍 Loaded Environment Variables" >> $GITHUB_STEP_SUMMARY
322-
echo "<details>" >> $GITHUB_STEP_SUMMARY
323-
echo "<summary>Click to expand all $ENV_COUNT environment variables</summary>" >> $GITHUB_STEP_SUMMARY
324-
echo "" >> $GITHUB_STEP_SUMMARY
325-
echo "| Variable | Value |" >> $GITHUB_STEP_SUMMARY
345+
# Workflow Trigger Information
346+
echo "## 🎯 Workflow Trigger" >> $GITHUB_STEP_SUMMARY
347+
echo "| Property | Value |" >> $GITHUB_STEP_SUMMARY
326348
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
349+
echo "| **Trigger Type** | \`${{ github.event_name }}\` |" >> $GITHUB_STEP_SUMMARY
350+
echo "| **Reference** | \`${{ github.ref }}\` |" >> $GITHUB_STEP_SUMMARY
351+
echo "| **Branch/Tag** | \`${{ github.ref_name }}\` |" >> $GITHUB_STEP_SUMMARY
352+
echo "| **Is Tag Push** | $([ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ] && echo "✅ Yes" || echo "❌ No") |" >> $GITHUB_STEP_SUMMARY
353+
echo "| **Is Release Eligible** | $([ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ] && echo "🚀 **Yes - Release will run if tests pass**" || echo "❌ No") |" >> $GITHUB_STEP_SUMMARY
354+
echo "" >> $GITHUB_STEP_SUMMARY
327355
328-
# Sort and display all env vars
329-
echo "$ENV_JSON" | jq -r 'to_entries | sort_by(.key) | .[] | "| **\(.key)** | `\(.value)` |"' >> $GITHUB_STEP_SUMMARY
356+
# Configuration Statistics (moved up for overview)
357+
echo "## 📈 Configuration Overview" >> $GITHUB_STEP_SUMMARY
358+
ENABLED_FEATURES=$(echo "$ENV_JSON" | jq -r '[to_entries | .[] | select(.key | startswith("ENABLE_")) | select(.value == "true")] | length')
359+
DISABLED_FEATURES=$(echo "$ENV_JSON" | jq -r '[to_entries | .[] | select(.key | startswith("ENABLE_")) | select(.value == "false")] | length')
360+
MATRIX_COUNT=$(echo "$MATRIX_JSON" | jq '.include | length')
330361
331-
echo "" >> $GITHUB_STEP_SUMMARY
332-
echo "</details>" >> $GITHUB_STEP_SUMMARY
362+
echo "- **Workflow Start Time**: ${{ steps.timer.outputs.start-time }}" >> $GITHUB_STEP_SUMMARY
363+
echo "- **Total Environment Variables**: $ENV_COUNT (from \`.github/.env.shared\`)" >> $GITHUB_STEP_SUMMARY
364+
echo "- **Enabled Features**: $ENABLED_FEATURES" >> $GITHUB_STEP_SUMMARY
365+
echo "- **Disabled Features**: $DISABLED_FEATURES" >> $GITHUB_STEP_SUMMARY
366+
echo "- **Test Matrix Combinations**: $MATRIX_COUNT" >> $GITHUB_STEP_SUMMARY
367+
echo "- **Unique Go Versions**: $(echo "$UNIQUE_GO_VERSIONS" | jq 'length')" >> $GITHUB_STEP_SUMMARY
368+
echo "- **Runner Operating Systems**: $([ "${{ env.PRIMARY_RUNNER }}" == "${{ env.SECONDARY_RUNNER }}" ] && echo "1" || echo "2")" >> $GITHUB_STEP_SUMMARY
333369
echo "" >> $GITHUB_STEP_SUMMARY
334370
335371
# Core Configuration
@@ -343,6 +379,17 @@ jobs:
343379
echo "| **Unique Go Versions** | $UNIQUE_GO_VERSIONS | Deduplicated list of Go versions |" >> $GITHUB_STEP_SUMMARY
344380
echo "" >> $GITHUB_STEP_SUMMARY
345381
382+
# Test Matrix
383+
echo "## 🧪 Generated Test Matrix" >> $GITHUB_STEP_SUMMARY
384+
echo "**Total test configurations**: $MATRIX_COUNT" >> $GITHUB_STEP_SUMMARY
385+
echo "" >> $GITHUB_STEP_SUMMARY
386+
echo "| # | OS | Go Version | Configuration Name | Fuzz Testing |" >> $GITHUB_STEP_SUMMARY
387+
echo "|---|----|-----------|--------------------|--------------|" >> $GITHUB_STEP_SUMMARY
388+
389+
echo "$MATRIX_JSON" | jq -r '.include | to_entries | .[] | "| \(.key + 1) | \(.value.os) | \(.value["go-version"]) | \(.value.name) | \(if .value["run-fuzz"] then "✅ Yes" else "❌ No" end) |"' >> $GITHUB_STEP_SUMMARY
390+
391+
echo "" >> $GITHUB_STEP_SUMMARY
392+
346393
# Feature Flags
347394
echo "## 🚀 Feature Flags" >> $GITHUB_STEP_SUMMARY
348395
echo "| Feature | Status | Impact |" >> $GITHUB_STEP_SUMMARY
@@ -353,7 +400,9 @@ jobs:
353400
echo "| **Go Linting** | $([ "${{ env.ENABLE_GO_LINT }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | golangci-lint will $([ "${{ env.ENABLE_GO_LINT }}" == "true" ] && echo "analyze code quality" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
354401
echo "| **YAML Linting** | $([ "${{ env.ENABLE_YAML_LINT }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | prettier will $([ "${{ env.ENABLE_YAML_LINT }}" == "true" ] && echo "validate YAML formatting" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
355402
echo "| **Race Detection** | $([ "${{ env.ENABLE_RACE_DETECTION }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Tests will $([ "${{ env.ENABLE_RACE_DETECTION }}" == "true" ] && echo "run with -race flag" || echo "run without race detection") |" >> $GITHUB_STEP_SUMMARY
356-
echo "| **Security Scans** | $([ "${{ env.ENABLE_SECURITY_SCANS }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Security tools will $([ "${{ env.ENABLE_SECURITY_SCANS }}" == "true" ] && echo "scan for vulnerabilities" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
403+
echo "| **Nancy (Dependency Checks)** | $([ "${{ env.ENABLE_SECURITY_SCAN_NANCY }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Nancy will $([ "${{ env.ENABLE_SECURITY_SCAN_NANCY }}" == "true" ] && echo "scan dependencies for vulnerabilities" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
404+
echo "| **Govulncheck (Go Vuln Scan)** | $([ "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | govulncheck will $([ "${{ env.ENABLE_SECURITY_SCAN_GOVULNCHECK }}" == "true" ] && echo "scan for Go vulnerabilities" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
405+
echo "| **Gitleaks (Secret Scan)** | $([ "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Gitleaks will $([ "${{ env.ENABLE_SECURITY_SCAN_GITLEAKS }}" == "true" ] && echo "scan for leaked secrets" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
357406
echo "| **Static Analysis** | $([ "${{ env.ENABLE_STATIC_ANALYSIS }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Static analysis will $([ "${{ env.ENABLE_STATIC_ANALYSIS }}" == "true" ] && echo "check for code issues" || echo "be skipped") |" >> $GITHUB_STEP_SUMMARY
358407
echo "" >> $GITHUB_STEP_SUMMARY
359408
@@ -365,20 +414,6 @@ jobs:
365414
echo "| **Verbose Output** | $([ "${{ env.ENABLE_VERBOSE_TEST_OUTPUT }}" == "true" ] && echo "✅ Enabled" || echo "❌ Disabled") | Test output verbosity |" >> $GITHUB_STEP_SUMMARY
366415
echo "" >> $GITHUB_STEP_SUMMARY
367416
368-
# Custom Project Variables
369-
echo "## 🎨 Custom Project Configuration" >> $GITHUB_STEP_SUMMARY
370-
PROJECT_VARS=$(echo "$ENV_JSON" | jq -r 'to_entries | map(select(.key | startswith("CUSTOM_"))) | length')
371-
if [ "$PROJECT_VARS" -gt 0 ]; then
372-
echo "Found **$PROJECT_VARS** CUSTOM-specific environment variables:" >> $GITHUB_STEP_SUMMARY
373-
echo "" >> $GITHUB_STEP_SUMMARY
374-
echo "| Variable | Value |" >> $GITHUB_STEP_SUMMARY
375-
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
376-
echo "$ENV_JSON" | jq -r 'to_entries | map(select(.key | startswith("CUSTOM_"))) | sort_by(.key) | .[] | "| **\(.key)** | `\(.value)` |"' >> $GITHUB_STEP_SUMMARY
377-
else
378-
echo "_No project-specific (CUSTOM_*) variables found._" >> $GITHUB_STEP_SUMMARY
379-
fi
380-
echo "" >> $GITHUB_STEP_SUMMARY
381-
382417
# Security Tools Configuration
383418
echo "## 🔒 Security Tools Configuration" >> $GITHUB_STEP_SUMMARY
384419
echo "| Tool | Version | Configuration |" >> $GITHUB_STEP_SUMMARY
@@ -388,18 +423,6 @@ jobs:
388423
echo "| **Nancy** | \`${{ env.NANCY_VERSION }}\` | Excludes: \`${{ env.NANCY_EXCLUDES }}\` |" >> $GITHUB_STEP_SUMMARY
389424
echo "" >> $GITHUB_STEP_SUMMARY
390425
391-
# Test Matrix
392-
echo "## 🧪 Generated Test Matrix" >> $GITHUB_STEP_SUMMARY
393-
MATRIX_COUNT=$(echo "$MATRIX_JSON" | jq '.include | length')
394-
echo "**Total test configurations**: $MATRIX_COUNT" >> $GITHUB_STEP_SUMMARY
395-
echo "" >> $GITHUB_STEP_SUMMARY
396-
echo "| # | OS | Go Version | Configuration Name | Fuzz Testing |" >> $GITHUB_STEP_SUMMARY
397-
echo "|---|----|-----------|--------------------|--------------|" >> $GITHUB_STEP_SUMMARY
398-
399-
echo "$MATRIX_JSON" | jq -r '.include | to_entries | .[] | "| \(.key + 1) | \(.value.os) | \(.value["go-version"]) | \(.value.name) | \(if .value["run-fuzz"] then "✅ Yes" else "❌ No" end) |"' >> $GITHUB_STEP_SUMMARY
400-
401-
echo "" >> $GITHUB_STEP_SUMMARY
402-
403426
# GitHub Token Configuration
404427
echo "## 🔑 Authentication" >> $GITHUB_STEP_SUMMARY
405428
echo "| Setting | Value |" >> $GITHUB_STEP_SUMMARY
@@ -408,16 +431,33 @@ jobs:
408431
echo "| **Token Type** | $([ "${{ env.PREFERRED_GITHUB_TOKEN }}" == "GH_PAT_TOKEN" ] && echo "Personal Access Token (5000 req/hour)" || echo "Default GITHUB_TOKEN (1000 req/hour)") |" >> $GITHUB_STEP_SUMMARY
409432
echo "" >> $GITHUB_STEP_SUMMARY
410433
411-
# Summary Statistics
412-
echo "## 📈 Configuration Statistics" >> $GITHUB_STEP_SUMMARY
413-
ENABLED_FEATURES=$(echo "$ENV_JSON" | jq -r '[to_entries | .[] | select(.key | startswith("ENABLE_")) | select(.value == "true")] | length')
414-
DISABLED_FEATURES=$(echo "$ENV_JSON" | jq -r '[to_entries | .[] | select(.key | startswith("ENABLE_")) | select(.value == "false")] | length')
434+
# Custom Project Variables
435+
echo "## 🎨 Custom Project Configuration" >> $GITHUB_STEP_SUMMARY
436+
PROJECT_VARS=$(echo "$ENV_JSON" | jq -r 'to_entries | map(select(.key | startswith("CUSTOM_"))) | length')
437+
if [ "$PROJECT_VARS" -gt 0 ]; then
438+
echo "Found **$PROJECT_VARS** CUSTOM-specific environment variables:" >> $GITHUB_STEP_SUMMARY
439+
echo "" >> $GITHUB_STEP_SUMMARY
440+
echo "| Variable | Value |" >> $GITHUB_STEP_SUMMARY
441+
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
442+
echo "$ENV_JSON" | jq -r 'to_entries | map(select(.key | startswith("CUSTOM_"))) | sort_by(.key) | .[] | "| **\(.key)** | `\(.value)` |"' >> $GITHUB_STEP_SUMMARY
443+
else
444+
echo "_No project-specific (CUSTOM_*) variables found._" >> $GITHUB_STEP_SUMMARY
445+
fi
446+
echo "" >> $GITHUB_STEP_SUMMARY
415447
416-
echo "- **Enabled Features**: $ENABLED_FEATURES" >> $GITHUB_STEP_SUMMARY
417-
echo "- **Disabled Features**: $DISABLED_FEATURES" >> $GITHUB_STEP_SUMMARY
418-
echo "- **Test Matrix Combinations**: $MATRIX_COUNT" >> $GITHUB_STEP_SUMMARY
419-
echo "- **Unique Go Versions**: $(echo "$UNIQUE_GO_VERSIONS" | jq 'length')" >> $GITHUB_STEP_SUMMARY
420-
echo "- **Runner Operating Systems**: $([ "${{ env.PRIMARY_RUNNER }}" == "${{ env.SECONDARY_RUNNER }}" ] && echo "1" || echo "2")" >> $GITHUB_STEP_SUMMARY
448+
# All Environment Variables (moved to end as reference)
449+
echo "## 🔍 All Environment Variables" >> $GITHUB_STEP_SUMMARY
450+
echo "<details>" >> $GITHUB_STEP_SUMMARY
451+
echo "<summary>Click to expand all $ENV_COUNT environment variables</summary>" >> $GITHUB_STEP_SUMMARY
452+
echo "" >> $GITHUB_STEP_SUMMARY
453+
echo "| Variable | Value |" >> $GITHUB_STEP_SUMMARY
454+
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
455+
456+
# Sort and display all env vars
457+
echo "$ENV_JSON" | jq -r 'to_entries | sort_by(.key) | .[] | "| **\(.key)** | `\(.value)` |"' >> $GITHUB_STEP_SUMMARY
458+
459+
echo "" >> $GITHUB_STEP_SUMMARY
460+
echo "</details>" >> $GITHUB_STEP_SUMMARY
421461
echo "" >> $GITHUB_STEP_SUMMARY
422462
423463
# Footer

0 commit comments

Comments
 (0)