.github/workflows/test.yaml

name: rabbitmq & toxiproxy integration tests

on:
  push:
    branches: ["main"]
    paths:
      - "**.go"
      - "**.yaml"
      - "**.yml"
      - "**.json"
      - "go.mod"
      - "go.sum"
  pull_request:
    # The branches below must be a subset of the branches above
    branches: ["main"]
    paths:
      - "**.go"
      - "**.yaml"
      - "**.yml"
      - "**.json"
      - "go.mod"
      - "go.sum"

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  test:
    strategy:
      matrix:
        go-version: ["stable", "oldstable"]
        platform: [ubuntu-latest]
    runs-on: ${{ matrix.platform }}
    permissions:
      # required for all workflows
      security-events: write
      # only required for workflows in private repositories
      actions: read
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install Go
        uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}

      - name: Vet
        run: go vet ./...

      - name: Install govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest

      - name: Run govulncheck
        run: govulncheck ./...

      - name: Run Gosec Security Scanner
        uses: securego/gosec@master
        with:
          # we let the report trigger content trigger a failure using the GitHub Security features.
          args: "-no-fail -fmt sarif -out results.sarif ./..."
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v3
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: results.sarif

      - name: Setup integration test environment
        run: docker compose up -d

      - name: Code Coverage
        run: go test -timeout 900s -race -count=1 -parallel 2 -covermode=atomic -coverprofile=coverage.txt ./...

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./coverage.txt
          fail_ci_if_error: false
          verbose: false