feat: codeql

.gitea/workflows/cd.yaml

@@ -9,27 +9,6 @@ env:
   DOCKER_REGISTRY: gitea.t000-n.de
 
 jobs:
-  check-changes:
-    name: Check changes
-    runs-on: ubuntu-latest
-    outputs:
-      changes: ${{ steps.filter.outputs.code }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Get changes
-        id: filter
-        uses: dorny/paths-filter@v3
-        with:
-          filters: |
-            code:
-              - 'go.mod'
-              - 'go.sum'
-              - '**/*.go'
-              - 'config.example.yaml'
-              - 'Dockerfile'
-              - 'Makefile'
-
   test:
     name: test
     runs-on: ubuntu-latest
@@ -65,58 +44,18 @@ jobs:
 
   build_and_push:
     name: Build and push
-    strategy:
-      matrix:
-        arch: [amd64, arm64]
     needs:
       - test
-      - check-changes
-    if: ${{ needs.check-changes.outputs.code == 'true' }}
-    runs-on:
-      - ubuntu-latest
-      - linux_${{ matrix.arch }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Login to Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.DOCKER_REGISTRY }}
-          username: ${{ secrets.REGISTRY_USER }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
-      - name: Get Metadata
-        id: meta
-        run: |
-          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
-          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: linux/${{ matrix.arch }}
-          push: true
-          provenance: false
-          build-args: GOARCH=${{ matrix.arch }}
-          tags: |
-            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-${{ matrix.arch }}
-
-  create_manifest:
-    name: Create manifest
-    needs:
-      - build_and_push
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Get Metadata
+      - name: Set up QEMU
-        id: meta
+        uses: docker/setup-qemu-action@v2
-        run: |
+
-          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
+      - name: Set up Docker Buildx
-          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to Registry
         uses: docker/login-action@v2
@@ -125,10 +64,21 @@ jobs:
           username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
-      - name: Create manifest
+      - name: Get Metadata
+        id: meta
         run: |
-          docker manifest create ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:latest \
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
-            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-amd64 \
+          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
-            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-arm64
 
-          docker manifest push ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:latest
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
+            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:latest

.gitea/workflows/codeql.yaml

@@ -0,0 +1,23 @@
+name: CodeQL Analysis
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  codeql-analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: "go"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

Dockerfile

@@ -1,14 +1,13 @@
-FROM golang:1.23-alpine as build
+FROM golang:1.23-alpine
-
-ARG GOARCH=amd64
 
 WORKDIR /app
-COPY go.mod go.sum ./
-RUN go mod download
-COPY . .
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} \
-    go build -trimpath -ldflags="-s -w" -o main .
 
-FROM gcr.io/distroless/static-debian12
+COPY go.mod go.sum ./
-COPY --from=build /app/main /
+
-CMD ["/main"]
+RUN go mod download
+
+COPY . .
+
+RUN go build -o main .
+
+CMD ["./main"]

renovate.json

@@ -1,3 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
-}