feat: Improve GitHub actions

.github/workflows/build.yml

@@ -1,109 +1,72 @@
-name: Build
+name: Build Docker Image
 
 on:
   push:
     tags:
       - 'v*'
+  workflow_run:
+    workflows: ["Tests"]
+    branches: [master]
+    types:
+      - completed
+
 jobs:
-  push_to_registry:
-    name: Push Docker image to GitHub
-    runs-on: ubuntu-latest
+  release:
+    name: Release GitHub tag
+    runs-on: 'ubuntu-latest'
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    permissions:
+      contents: write
+    outputs:
+      new_tag: ${{ steps.tag_version.outputs.new_tag }}
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: Import Secrets
-        id: secrets
-        uses: hashicorp/vault-action@v2.6.0
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.1
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: github
-          githubToken: ${{ secrets.GT_VAULT_AUTH_TOKEN }}
-          secrets: |
-            github/data/token registry_write | GITHUB_REGISTRY_TOKEN ;
+          default_bump: minor
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Get the version
-        id: get_version
-        run: echo ::set-output name=VERSION::$(echo $GITHUB_REF | cut -d / -f 3)
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+      - name: Release with Notes
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ steps.tag_version.outputs.new_tag }}
+          name: Release ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          draft: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+  push:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    needs: [ release ]
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
 
       - name: Login to GitHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
-          password: ${{ steps.secrets.outputs.GITHUB_REGISTRY_TOKEN }}
+          password: ${{ secrets.GH_REGISTRY_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Build and push to GitHub
-        id: github_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: ./
           file: ./Dockerfile
           push: true
-          tags: ghcr.io/omegion/ssh-manager:latest,ghcr.io/omegion/ssh-manager:${{ steps.get_version.outputs.VERSION }}
+          tags: ghcr.io/omegion/ssh-manager:latest,ghcr.io/omegion/ssh-manager:${{ needs.release.outputs.new_tag }}
           platforms: linux/amd64,linux/arm64
-
-  release:
-    name: Create Release
-    runs-on: 'ubuntu-latest'
-    strategy:
-      matrix:
-        # List of GOOS and GOARCH pairs from `go tool dist list`
-        goosarch:
-          - 'darwin/amd64'
-          - 'darwin/arm64'
-          - 'linux/amd64'
-          - 'linux/arm64'
-          - 'windows/amd64'
-          - 'windows/arm64'
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Get the version
-        run: |
-          VERSION=$(echo $GITHUB_REF | cut -d / -f 3)
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '1.18'
-      - name: Get OS and arch info
-        run: |
-          GOOSARCH=${{matrix.goosarch}}
-          GOOS=${GOOSARCH%/*}
-          GOARCH=${GOOSARCH#*/}
-          BINARY_NAME=ssh-manager-$GOOS-$GOARCH
-          VERSION=$(echo $GITHUB_REF | cut -d / -f 3)
-          echo "BINARY_NAME=$BINARY_NAME" >> $GITHUB_ENV
-          echo "GOOS=$GOOS" >> $GITHUB_ENV
-          echo "GOARCH=$GOARCH" >> $GITHUB_ENV
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-      - name: Build
-        run: |
-          make build TARGETOS="$GOOS" TARGETARCH="$GOARCH" VERSION="$VERSION" BINARY_NAME="$BINARY_NAME"
-      - name: Release Notes
-        run: |
-          export VERSION=${{env.VERSION}}
-
-          git log $(git describe HEAD~ --tags --abbrev=0)..HEAD --pretty='format:* %h %s%n  * %an <%ae>' --no-merges >> .github/RELEASE_TEMPLATE.md
-          
-          curl -o /usr/local/bin/gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64
-          chmod 755 /usr/local/bin/gomplate
-          
-          gomplate --file .github/RELEASE_TEMPLATE.md --out .github/RELEASE_NOTES.md
-      - name: Release with Notes
-        uses: softprops/action-gh-release@v1
-        with:
-          name: Release ${{env.VERSION}}
-          body_path: ".github/RELEASE_NOTES.md"
-          draft: false
-          files: ${{env.BINARY_NAME}}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          build-args: VERSION=${{ needs.release.outputs.new_tag }}

.github/workflows/test.yml

@@ -1,6 +1,7 @@
-name: Code Check
+name: Tests
 
 on:
+  push:
   pull_request:
 
 jobs:
@@ -11,19 +12,17 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.18.0
+          go-version: ^1.21
         id: go
 
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Get dependencies
         run: |
           go get -v -t -d ./...
-
-      - name: Run Unit tests
-        run: |
-          go test -race -covermode atomic -coverprofile=covprofile ./...
+      - name: go test
+        run: go test -race -covermode atomic -coverprofile=covprofile ./...
 
       - name: Install goveralls
         run: go install github.com/mattn/goveralls@latest
@@ -34,43 +33,32 @@ jobs:
         run: goveralls -coverprofile=covprofile -service=github
 
   vet:
-    name: go vet and statuscheck
+    name: go vet and lint
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go 1.x
         uses: actions/setup-go@v4
         with:
-          go-version: 1.18.0
+          go-version: ^1.21
         id: go
 
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: go vet
+      - name: Get dependencies
         run: |
           go get -v -t -d ./...
-          go vet ./...
-
-      - name: go staticcheck
-        uses: dominikh/[email protected]
-        with:
-          version: "2022.1"
-          install-go: false
+      - name: go vet
+        run: go vet ./...
 
   golangci:
     name: golangci lint check
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.x
-        uses: actions/setup-go@v4
-        with:
-          go-version: 1.18.0
-        id: go
-
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.45.2
+          version: v1.54.2

README.md

@@ -9,7 +9,7 @@ SSH Key Manager for 1Password, Bitwarden and AWS S3.
 </p>
 
 <p align="center">
-    <img src="https://img.shields.io/github/workflow/status/omegion/ssh-manager/Code%20Check" alt="Check"></a>
+    <img src="https://img.shields.io/github/workflow/status/omegion/ssh-manager/Tests" alt="Check"></a>
     <img src="https://coveralls.io/repos/github/omegion/ssh-manager/badge.svg?branch=master" alt="Coverall"></a>
     <img src="https://goreportcard.com/badge/github.com/omegion/ssh-manager" alt="Report"></a>
     <a href="http://pkg.go.dev/github.com/omegion/ssh-manager"><img src="https://img.shields.io/badge/pkg.go.dev-doc-blue" alt="Doc"></a>

renovate.json

@@ -12,6 +12,7 @@
     {
       "description": "Automerge non-major updates",
       "matchUpdateTypes": [
+        "major",
         "minor",
         "patch"
       ],