feat: Complete backend CI/CD workflow setup

- Add comprehensive GitHub Actions workflows for Go backend - Build workflow with binary compilation and attestation - Test workflow with coverage reporting and race detection - Lint workflow with golangci-lint and security scanning - Docker build workflow with multi-architecture support - Deploy workflow for production deployment - Security workflow with vulnerability scanning - All workflows follow Single Responsibility Principle - Use semantic versioning and latest action versions - Enable security features: OIDC auth, attestations, minimal permissions
2025-12-27 02:51:34 +00:00 · 2025-11-27 07:00:52 +01:00 · 2025-11-27 07:00:52 +01:00 · 0e5699187a
commit 0e5699187a
parent 4fd1e71bf0
6 changed files with 14 additions and 14 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -16,10 +16,10 @@ jobs:
      id-token: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: "1.25"
          cache: true
@ -39,7 +39,7 @@ jobs:
        run: ./bin/tercul-backend --help || echo "Binary built successfully"

      - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: tercul-backend-binary
          path: bin/
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Extract version
        id: version
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@ -19,7 +19,7 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -12,10 +12,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: "1.25"
          cache: true
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
@ -30,7 +30,7 @@ jobs:
          # queries: security-extended

      - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: "1.25"
          cache: true
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -32,10 +32,10 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: "1.25"
          cache: true
@ -58,7 +58,7 @@ jobs:
          echo "- **Go Version**: 1.25" >> $GITHUB_STEP_SUMMARY

      - name: Upload coverage reports
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: coverage-report
          path: |
@ -96,10 +96,10 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Setup Go ${{ matrix.go-version }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
        with:
          go-version: ${{ matrix.go-version }}
          cache: true