Build CI/CD pipelines in Go with github actions and Docker

Last updated: January 30, 2024


Gopher

This tutorial will show you how to setup a CI/CD pipeline using GitHub Actions. The pipeline will test, build and publish a Go app to Docker Hub when changes are pushed to a GitHub repository.

Overview

Here is an overview of what's in this guide:

  • We start by creating a simple console app in Go that prints Hello World along with the version number of the app.
  • We will create a GitHub repository and assign Docker Hub credentials using the Secrets feature of GitHub.
  • We will create a GitHub workflow that runs Go tests each time a change is pushed to the main branch. The workflow will be configured to build a Docker image and push it to Docker Hub when a tag is pushed to the repository.
  • The workflow will extract a version number from a Git tag and assign it to a Go variable at build time so the latest version is printed when the app is run.
  • We will see the workflows in action. First by seeing what happens when we push code that fails tests. We will fix the code and see it pass, then we will see what happens when we push a tag.

1. Create Go Project

First let's create a simple Go program that prints out Hello World along with the version number of our app. Create a folder to store our files:

$ mkdir ~/golang-pipeline
$ cd ~/golang-pipeline

Create main.go and main_test.go

$ touch main.go
$ touch main_test.go

Add the following code to main.go

package main

import "fmt"

var version = "dev"

func main() {
    fmt.Printf("Version: %s\n", version)
    fmt.Println(hello())
}

func hello() string {
    return "Hello Golang"
}

Note: the version variable is assigned the string dev and the string returned by the hello function is intentionally wrong so that our tests fail. Later we will see how the GitHub action can be configured to automatically replace the version string at build time.

Add the following code to main_test.go

package main

import "testing"

func TestHello(t *testing.T) {
    want := "Hello Golang"

    got := hello()

    if want != got {
        t.Fatalf("want %s, got %s\n", want, got)
    }
}

Make sure our tests run and fail by running:

$ go test

--- FAIL: TestHello (0.00s)
    main_test.go:9: want Hello Golang, got Hello Golang
FAIL
exit status 1
FAIL    hello   0.003s

It fails because we made the return value of the hello function wrong on purpose so we can test the CI/CD pipeline catches errors.

We can also test the app runs by running:

$ go run main.go

Version: dev
Hello golang

Notice it prints out dev for the version. When we run the release version from the published image on Docker Hub, we will see the version number that was tagged when pushing a release to the GitHub repo.

2. Create GitHub Repository

Login to your GitHub account and create a new repository. For the following example I have created a new public repo (exmple golang-pipeline)

3. Assign Docker Hub Credentials as Secrets

For this step you will need to login to your Docker Hub account and generate an access token. Once you've done that, navigate to the Settings screen of the GitHub repository then click on Secrets.

Create Secret DOCKER_USERNAME Create Secret DOCKER_USERNAME

Create Secret DOCKER_ACCESS_TOKEN Create Secret DOCKER_ACCESS_TOKEN

Secrets for pipeline Secrets for pipeline

4. Create GitHub Workflow

We are now ready to create the GitHub workflow. Create a folder inside your repository called .github/workflows and add a file called push.yml.

$ mkdir -p .github/workflows
$ touch .github/workflows/push.yml

Add the following config to the push.yml file:

name: golang-pipeline
on: push
jobs:
    test:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags')
    steps:
        - uses: actions/checkout@v2
        - name: Run Unit Tests
        run: go test

    deploy:
    runs-on: ubuntu-latest
    needs: test
    if: startsWith(github.ref, 'refs/tags')
    steps:
        - name: Extract Version
        id: version_step
        run: |
            echo "##[set-output name=version;]VERSION=${GITHUB_REF#$"refs/tags/v"}"
            echo "##[set-output name=version_tag;]$GITHUB_REPOSITORY:${GITHUB_REF#$"refs/tags/v"}"
            echo "##[set-output name=latest_tag;]$GITHUB_REPOSITORY:latest"
        - name: Print Version
        run: |
            echo ${{steps.version_step.outputs.version_tag}}
            echo ${{steps.version_step.outputs.latest_tag}}
        - name: Set up QEMU
        uses: docker/setup-qemu-action@v1

        - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

        - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}

        - name: PrepareReg Names
        id: read-docker-image-identifiers
        run: |
            echo VERSION_TAG=$(echo ${{ steps.version_step.outputs.version_tag }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
            echo LASTEST_TAG=$(echo ${{ steps.version_step.outputs.latest_tag  }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
        - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
            push: true
            tags: |
            ${{env.VERSION_TAG}}
            ${{env.LASTEST_TAG}}
            build-args: |
            ${{steps.version_step.outputs.version}}

Replace Variables in the environment with $ ( example push.yml )

The workflow config is quite simple. You will notice there are two jobs, one called test and one called deploy. The test job has one step that uses an if to make sure it only runs when changes are pushed to the main branch or a tag is pushed.

The deploy job requires the test job to run first so that if the tests fail, the Docker image will not be built. If the test job does pass, the remaining steps will run. The first step extracts the version number from a git tag that has the following format v1.0.0.

The next two steps setup the environment so that Docker images can be built. Finally, a step is run that signs into your Docker Hub account using the credentials stored in GitHub Secrets, then the Docker image is built and pushed to Docker Hub.

You Can see you run action pipeline in https://github.com/USERNAME/golang-pipeline/actions your repo.

5. Create Dockerfile

Now we need to create a Dockerfile for the GitHub action to use when building the image. Create a file called Dockerfile at the root of the repo.

$ touch Dockerfile

Add the following to the Dockerfile:

FROM golang:1.16.4-buster AS builder

ARG VERSION=dev

WORKDIR /go/src/app
COPY main.go .
RUN go build -o main -ldflags=-X=main.version=${VERSION} main.go

FROM debian:buster-slim
COPY --from=builder /go/src/app/main /go/bin/main
ENV PATH="/go/bin:${PATH}"
CMD ["main"]

The config above uses a multi-stage build process to build the Go app then copy it to a slim Debian image. If you want to make the image smaller, you can change it to alpine or scratch.

Let's test the Dockerfile by building it with the following command:

    $ docker build -t golang-pipeline:dev .

    Sending build context to Docker daemon  114.2kB
    Step 1/9 : FROM golang:1.16.4-buster AS builder
    1.16.4-buster: Pulling from library/golang
    d960726af2be: Pull complete
    e8d62473a22d: Pull complete
    8962bc0fad55: Pull complete
    65d943ee54c1: Pull complete
    f2253e6fbefa: Pull complete
    6d7fa7c7d5d3: Pull complete
    e2e442f7f89f: Pull complete
    Digest: sha256:ab32429d40c1b734ed4f036838ac516352182f9414563478fa88a1553c4a4414
    Status: Downloaded newer image for golang:1.16.4-buster
     ---> 96129f3766cf
    Step 2/9 : ARG VERSION=dev
     ---> Running in 819610ae34de
    Removing intermediate container 819610ae34de
     ---> 9eec806043be
    Step 3/9 : WORKDIR /go/src/app
     ---> Running in 46c0cf6a36b4
    Removing intermediate container 46c0cf6a36b4
     ---> 1f1f66dfcc4f
    Step 4/9 : COPY main.go .
     ---> 963a3bcf262b
    Step 5/9 : RUN go build -o main -ldflags=-X=main.version=${VERSION} main.go
     ---> Running in c18447aa254a
    Removing intermediate container c18447aa254a
     ---> 3d5364678624
    Step 6/9 : FROM debian:buster-slim
    buster-slim: Pulling from library/debian
    69692152171a: Pull complete
    Digest: sha256:f077cd32bfea6c4fa8ddeea05c53b27e90c7fad097e2011c9f5f11a8668f8db4
    Status: Downloaded newer image for debian:buster-slim
     ---> 80b9e7aadac5
    Step 7/9 : COPY --from=builder /go/src/app/main /go/bin/main
     ---> f96694436dca
    Step 8/9 : ENV PATH="/go/bin:${PATH}"
     ---> Running in 0423a0a1b60a
    Removing intermediate container 0423a0a1b60a
     ---> 8ac59bcbe805
    Step 9/9 : CMD ["main"]
     ---> Running in 1491bcf193c6
    Removing intermediate container 1491bcf193c6
     ---> 190ba9407211
    Successfully built 190ba9407211
    Successfully tagged golang-pipeline:dev

Now run the image and see if it prints the incorrect string Hello Golang:

    $ docker run --rm golang-pipeline:dev

    Version: dev
    Hello golang

We can assign a version to the image by using --build-arg VERSION=1.0.0 while building the image. For example:

    $ docker build -t golang-pipeline:1.0.0 . --build-arg VERSION=1.0.0

    Sending build context to Docker daemon  114.2kB
    Step 1/9 : FROM golang:1.16.4-buster AS builder
     ---> 96129f3766cf
    Step 2/9 : ARG VERSION=dev
     ---> Using cache
     ---> 9eec806043be
    Step 3/9 : WORKDIR /go/src/app
     ---> Using cache
     ---> 1f1f66dfcc4f
    Step 4/9 : COPY main.go .
     ---> Using cache
     ---> 963a3bcf262b
    Step 5/9 : RUN go build -o main -ldflags=-X=main.version=${VERSION} main.go
     ---> Running in 352fb8de7969
    Removing intermediate container 352fb8de7969
     ---> 0950776088fa
    Step 6/9 : FROM debian:buster-slim
     ---> 80b9e7aadac5
    Step 7/9 : COPY --from=builder /go/src/app/main /go/bin/main
     ---> 91938ce4f326
    Step 8/9 : ENV PATH="/go/bin:${PATH}"
     ---> Running in 44541fe9de77
    Removing intermediate container 44541fe9de77
     ---> c8924b6b45b3
    Step 9/9 : CMD ["main"]
     ---> Running in 424b93b94419
    Removing intermediate container 424b93b94419
     ---> 9da417e7399b
    Successfully built 9da417e7399b
    Successfully tagged golang-pipeline:1.0.0

The docker image built can be found here:

    $ docker images

    REPOSITORY                TAG             IMAGE ID       CREATED          SIZE
    golang-pipeline           1.0.0           9da417e7399b   22 seconds ago   71.2MB
    golang-pipeline           dev             190ba9407211   3 minutes ago    71.2MB
    golang                    1.16.4-buster   96129f3766cf   2 weeks ago      862MB
    debian                    buster-slim     80b9e7aadac5   2 weeks ago      69.2MB

The reason this works, is because we use -ldflags to modify the version variable at compile time. The --build-arg assigns the version to VERSION and is used in the following line:

    RUN go build -o main -ldflags=-X=main.version=${VERSION} main.go

Okay, we are now ready to push our code to the GitHub repository.

6. Push Code to Main

Now that we know our project builds and we have created a repository, we are ready to push our code to the main branch. Let’s initialise Git, commit our changes, add the origin, and push the changes by running the following commands (replace the repo URL with your own):

    $ git init
    $ git add .
    $ git commit -m "first commit"
    $ git remote add origin git@github.com:USERNAME/golang-pipeline
    $ git branch -M main
    $ git push -u origin main

7. Check Build Failed

Go to your GitHub repository and click Actions. We should see the GitHub action running. Since we are pushing to the main branch, it will run the test job and it should fail.

Github Action test fail_ Github Action test fail

8. Fix Code so Test Passes

Let's fix the broken test. Open main.go and modify the return value of the hello function so that it returns Hello Golang.

    $ go test

    PASS
    ok      hello   0.003s


Commit and push the changes.

    $ git add .
    $ git commit - "Fix hello function return value"
    $ git push

The GitHub action should run again and now the test will pass.

Github Action test fail_ Github Action test successfully

Github Action test fail_ Github Action status

9. Push Tag

Now that we know the test passes, let's push a release tag. We will tag this version as v1.0.0

    $ git tag v1.0.0
    $ git push --tags

After pushing the tags, the GitHub action will run again and this time it will build the Docker image and push it to your Docker Hub repository.