mirror of
https://github.com/dockersrc/go
synced 2026-07-14 23:45:58 -04:00
bc1eb17c2f
Build and Push / build (push) Has been cancelled
Scan Go dependencies against the vulnerability database automatically on every run, between vet and test. Fail fast on known CVEs before spending time running the full test suite. - rootfs/usr/local/bin/go-workflow: add govulncheck ./... as step 4; renumber build to step 6 - README.md: update default workflow diagram to include govulncheck README.md rootfs/usr/local/bin/go-workflow
73 lines
2.3 KiB
Bash
Executable File
73 lines
2.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# shellcheck shell=bash
|
|
# Default Go workflow: tidy → fmt → vet → test → build
|
|
# Runs automatically when `docker run casjaysdev/go` is called with no args.
|
|
# Working directory is expected to be a Go module root (go.mod must exist).
|
|
set -euo pipefail
|
|
|
|
# Resolve the working directory — prefer /app if mounted, else cwd
|
|
WORK_DIR="${GOWORKDIR:-${PWD}}"
|
|
cd "$WORK_DIR"
|
|
|
|
# Require a go.mod so we fail fast with a clear message instead of cryptic go errors
|
|
if [ ! -f "go.mod" ]; then
|
|
echo "Error: no go.mod found in ${WORK_DIR}" >&2
|
|
echo "Mount your project with: docker run --rm -v \"\$(pwd)\":/app casjaysdev/go" >&2
|
|
exit 1
|
|
fi
|
|
|
|
MODULE="$(awk '/^module /{print $2}' go.mod)"
|
|
echo ""
|
|
echo "▶ Go workflow: ${MODULE}"
|
|
echo " Working dir: ${WORK_DIR}"
|
|
echo ""
|
|
|
|
run_step() {
|
|
local label="$1"; shift
|
|
echo "── ${label}"
|
|
"$@"
|
|
echo ""
|
|
}
|
|
|
|
# Resolve build mode. Resolution order (first non-empty value wins):
|
|
# GO_MODE — canonical name; prod|production or dev|devel|development
|
|
# MODE — alias for GO_MODE (accepted for convenience)
|
|
# GO_PROD — legacy flag; GO_PROD=1 maps to production mode
|
|
# -trimpath -ldflags=-s -w applied to go build only; go test is unaffected.
|
|
_RESOLVED_MODE="${GO_MODE:-${MODE:-}}"
|
|
_IS_PROD=0
|
|
case "${_RESOLVED_MODE}" in
|
|
prod | production) _IS_PROD=1 ;;
|
|
dev | devel | development) _IS_PROD=0 ;;
|
|
"")
|
|
[ "${GO_PROD:-0}" = "1" ] && _IS_PROD=1
|
|
;;
|
|
*)
|
|
echo "Warning: unknown GO_MODE '${_RESOLVED_MODE}' — expected prod|production|dev|devel|development; defaulting to development" >&2
|
|
;;
|
|
esac
|
|
|
|
BUILD_FLAGS=()
|
|
if [ "$_IS_PROD" = "1" ]; then
|
|
echo " (mode: production — -trimpath -ldflags=-s -w)"
|
|
BUILD_FLAGS=(-trimpath -ldflags="-s -w")
|
|
else
|
|
echo " (mode: development)"
|
|
fi
|
|
|
|
# 1. Sync module graph and go.sum before anything reads them
|
|
run_step "go mod tidy" go mod tidy
|
|
# 2. Format all Go source files in place
|
|
run_step "gofmt -w ." gofmt -w .
|
|
# 3. Catch suspicious constructs
|
|
run_step "go vet ./..." go vet ./...
|
|
# 4. Scan dependencies against the Go vulnerability database
|
|
run_step "govulncheck ./..." govulncheck ./...
|
|
# 5. Run tests — fail fast before wasting time on a build
|
|
run_step "go test ./..." go test ./...
|
|
# 6. Build all main packages; output lands alongside source in each package dir
|
|
run_step "go build ./..." go build "${BUILD_FLAGS[@]}" ./...
|
|
|
|
echo "✅ Done."
|
|
|