# ci-workflows **Repository Path**: mirrors_go-openapi/ci-workflows ## Basic Information - **Project Name**: ci-workflows - **Description**: Common CI workflows and setup for go-openapi repos - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2025-08-23 - **Last Updated**: 2026-06-28 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # ci-workflows [![Tests][test-badge]][test-url] [![Coverage][cov-badge]][cov-url] [![CI vuln scan][vuln-scan-badge]][vuln-scan-url] [![CodeQL][codeql-badge]][codeql-url] [![Release][release-badge]][release-url] [![Go Report Card][gocard-badge]][gocard-url] [![CodeFactor Grade][codefactor-badge]][codefactor-url] [![License][license-badge]][license-url] [![GoDoc][godoc-badge]][godoc-url] [![Discord Channel][discord-badge]][discord-url] [![go version][goversion-badge]][goversion-url] ![Top language][top-badge] ![Commits since latest release][commits-badge] --- Common Continuous Integration (`CI`) workflows and setup for go-openapi repos. * shared github action workflows * shared `dependabot` configuration (**BLOCKED**) * shared `golangci-lint` configuration (**BLOCKED**) ## Status Active development. We are regularly adding more shared workflows to standardize CI across go-openapi repos. > NOTE: at this moment, it is difficult to share the configurations for dependabot and golangci-lint, > so these are not shared yet. ## Content This repository essentially contains github action workflows in `.github/workflows`. `go` code in this repo is provided only for the purpose of testing these workflows. Workflows contents are detailed [here][.github/workflows/README.md]. ## Example `go-test.yml` ![go-test workflow](./docs/images/go-test.png) ## Basic usage You reuse a workflow like so: ```yaml name: go test permissions: pull-requests: read contents: read on: push: branches: - master pull_request: jobs: test: uses: go-openapi/ci-workflows/.github/workflows/go-test.yml@master secrets: inherit ``` It is recommended to pin the git ref `master` with a commit sha, and let dependabot keep you up to date. Like so: ```yaml uses: go-openapi/ci-workflows/.github/workflows/go-test.yml@b28a8b978a5ee5b7f4241ffafd6cc6163edb5dfd # v0.1.0 ``` ### Permissions Make sure your job permissions match the requirements of the called shared workflow. Example: ```yaml name: "CodeQL" on: push: branches: [ "master" ] pull_request: branches: [ "master" ] paths-ignore: # remove this clause if CodeQL is a required check - '**/*.md' schedule: - cron: '39 19 * * 5' permissions: contents: read jobs: codeql: permissions: # <- grant permissions at the job level that match the requirements of the called workflow contents: read security-events: write uses: ./.github/workflows/codeql.yml secrets: inherit ``` ## Available workflows `[v0.2.16]` ### Dependencies automation * auto-merge.yml: * auto-merge dependabot updates, with dependency group rules * auto-merge go-openapi bot updates ### Test automation * go-test.yml: go unit tests * includes: * fuzz-test.yml: orchestrates fuzz testing with a cached corpus * collect-coverage.yml: (common) collect & publish test coverage (to codecov) * collect-reports.yml: (common) collect & publish test reports (to codecov and github) * go-test-monorepo.yml: go unit tests, with support for go mono-repos (same features) >NOTE: for mono-repos, the workflow works best with go1.25 and go.work declaring all your modules and committed to git. ### Security * codeql.yml: CodeQL workflow for go and github actions * scanner.yml: trivy & govulncheck scans ### Release automation * bump-release.yml: manually triggered workflow to cut a release * tag-release.yml: cut a release on push tag * release.yml: (common) release & release notes build >NOTE: mono-repos are not supported yet. Release notes are produced using `git-cliff`. The configuration may be set using a `.cliff.toml` file. The default configuration is the `.cliff.toml` in this repo (uses remote config). ### Documentation quality * contributors.yml: updates CONTRIBUTORS.md ## Motivation It took a while (well something like 10 years...), but we eventually managed to align all checks, tests and dependabot rules declared in the family of go-openapi repos. Now we'd like to be able to maintain, enrich and improve these checks without worrying too much about the burden of replicating the stuff about a dozen times. ## Change log See ## Licensing This content ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE). ## Other documentation * [All-time contributors](./CONTRIBUTORS.md) * [Contributing guidelines][contributing-doc-site] * [Maintainers documentation][maintainers-doc-site] * [Code style][style-doc-site] * [Roadmap](docs/ROADMAP.md) ## Cutting a new release Maintainers can cut a new release by either: * running [this workflow](https://github.com/go-openapi/ci-workflows/actions/workflows/local-bump-release.yml) * or pushing a semver tag * signed tags are preferred * The tag message is prepended to release notes [test-badge]: https://github.com/go-openapi/ci-workflows/actions/workflows/local-go-test.yml/badge.svg [test-url]: https://github.com/go-openapi/ci-workflows/actions/workflows/local-go-test.yml [cov-badge]: https://codecov.io/gh/go-openapi/ci-workflows/branch/master/graph/badge.svg [cov-url]: https://codecov.io/gh/go-openapi/ci-workflows [vuln-scan-badge]: https://github.com/go-openapi/ci-workflows/actions/workflows/local-scanner.yml/badge.svg [vuln-scan-url]: https://github.com/go-openapi/ci-workflows/actions/workflows/local-scanner.yml [codeql-badge]: https://github.com/go-openapi/ci-workflows/actions/workflows/local-codeql.yml/badge.svg [codeql-url]: https://github.com/go-openapi/ci-workflows/actions/workflows/local-codeql.yml [release-badge]: https://badge.fury.io/gh/go-openapi%2Fci-workflows.svg [release-url]: https://badge.fury.io/gh/go-openapi%2Fci-workflows [gomod-badge]: https://badge.fury.io/go/github.com%2Fgo-openapi%2Fci-workflows.svg [gomod-url]: https://badge.fury.io/go/github.com%2Fgo-openapi%2Fci-workflows [gocard-badge]: https://goreportcard.com/badge/github.com/go-openapi/ci-workflows [gocard-url]: https://goreportcard.com/report/github.com/go-openapi/ci-workflows [codefactor-badge]: https://img.shields.io/codefactor/grade/github/go-openapi/ci-workflows [codefactor-url]: https://www.codefactor.io/repository/github/go-openapi/ci-workflows [doc-badge]: https://img.shields.io/badge/doc-site-blue?link=https%3A%2F%2Fgoswagger.io%2Fgo-openapi%2F [doc-url]: https://goswagger.io/go-openapi [godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/ci-workflows [godoc-url]: http://pkg.go.dev/github.com/go-openapi/ci-workflows [discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord&label=discord&color=blue [discord-url]: https://discord.gg/FfnFYaC3k5 [license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg [license-url]: https://github.com/go-openapi/ci-workflows/?tab=Apache-2.0-1-ov-file#readme [goversion-badge]: https://img.shields.io/github/go-mod/go-version/go-openapi/ci-workflows [goversion-url]: https://github.com/go-openapi/ci-workflows/blob/master/go.mod [top-badge]: https://img.shields.io/github/languages/top/go-openapi/ci-workflows [commits-badge]: https://img.shields.io/github/commits-since/go-openapi/ci-workflows/latest [contributing-doc-site]: https://go-openapi.github.io/doc-site/contributing/contributing/index.html [maintainers-doc-site]: https://go-openapi.github.io/doc-site/maintainers/index.html [style-doc-site]: https://go-openapi.github.io/doc-site/contributing/style/index.html