Merge pull request #5 from Draco-Lunaris/feature/multi-distro-ci
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 53s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m15s
CI/CD Pipeline / Security Audit (push) Successful in 5s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m34s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 4s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m3s
CI/CD Pipeline / Build Debian Package (push) Failing after 3s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m21s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m27s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m8s
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 53s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m15s
CI/CD Pipeline / Security Audit (push) Successful in 5s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m34s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 4s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 1m3s
CI/CD Pipeline / Build Debian Package (push) Failing after 3s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m21s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m27s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m8s
feat: multi-distro CI with self-hosted runners
This commit is contained in:
Draco Lunaris
170
.github/workflows/ci.yml
vendored
170
.github/workflows/ci.yml
vendored
@ -9,11 +9,15 @@ on:
|
|||||||
|
|
||||||
env:
|
env:
|
||||||
CARGO_TERM_COLOR: always
|
CARGO_TERM_COLOR: always
|
||||||
|
RUST_BACKTRACE: 1
|
||||||
|
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: write
|
contents: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
# ── Quality Gates (GitHub-hosted, all triggers) ──────────────────────────
|
||||||
|
|
||||||
fmt:
|
fmt:
|
||||||
name: Rust Format
|
name: Rust Format
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@ -71,22 +75,18 @@ jobs:
|
|||||||
- run: cargo test --test enrollment_test
|
- run: cargo test --test enrollment_test
|
||||||
- run: cargo test --test enrollment_e2e
|
- run: cargo test --test enrollment_e2e
|
||||||
|
|
||||||
build-deb:
|
# ── Release Preparation (tag push only) ───────────────────────────────────
|
||||||
name: Build & Release
|
|
||||||
needs: [fmt, clippy, test, enrollment-tests]
|
prepare-release:
|
||||||
|
name: Prepare Release
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit]
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- uses: dtolnay/rust-toolchain@stable
|
|
||||||
- uses: Swatinem/rust-cache@v2
|
|
||||||
- name: Install system dependencies
|
|
||||||
run: sudo apt-get update && sudo apt-get install -y libsystemd-dev pkg-config libssl-dev
|
|
||||||
- name: Build .deb package
|
|
||||||
run: chmod +x scripts/build-package.sh && scripts/build-package.sh
|
|
||||||
- name: Generate release notes
|
- name: Generate release notes
|
||||||
if: startsWith(github.ref, 'refs/tags/v')
|
|
||||||
id: release_notes
|
id: release_notes
|
||||||
run: |
|
run: |
|
||||||
PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
|
PREV_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
|
||||||
@ -98,9 +98,153 @@ jobs:
|
|||||||
echo "notes<<EOF" >> $GITHUB_OUTPUT
|
echo "notes<<EOF" >> $GITHUB_OUTPUT
|
||||||
echo "$NOTES" >> $GITHUB_OUTPUT
|
echo "$NOTES" >> $GITHUB_OUTPUT
|
||||||
echo "EOF" >> $GITHUB_OUTPUT
|
echo "EOF" >> $GITHUB_OUTPUT
|
||||||
- name: Upload to GitHub Release
|
- name: Create GitHub Release
|
||||||
if: startsWith(github.ref, 'refs/tags/v')
|
|
||||||
uses: softprops/action-gh-release@v2
|
uses: softprops/action-gh-release@v2
|
||||||
with:
|
with:
|
||||||
body: ${{ steps.release_notes.outputs.notes }}
|
body: ${{ steps.release_notes.outputs.notes }}
|
||||||
files: linux-patch-api_*.deb
|
|
||||||
|
# ── Build Jobs (tag push only, self-hosted runners) ───────────────────────
|
||||||
|
|
||||||
|
build-deb-u2404:
|
||||||
|
name: Build .deb (Ubuntu 24.04)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: [self-hosted, linux, ubuntu-24.04]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Add Rust to PATH
|
||||||
|
run: echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||||
|
- name: Build .deb package
|
||||||
|
run: chmod +x scripts/build-package.sh && scripts/build-package.sh
|
||||||
|
- name: Rename package with distro suffix
|
||||||
|
run: |
|
||||||
|
FILE=$(ls linux-patch-api_*_amd64.deb 2>/dev/null | head -1)
|
||||||
|
if [ -n "$FILE" ]; then
|
||||||
|
mv "$FILE" "$(echo "$FILE" | sed 's/_amd64/_u2404_amd64/')"
|
||||||
|
fi
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: linux-patch-api_*_u2404_amd64.deb
|
||||||
|
|
||||||
|
build-deb-u2204:
|
||||||
|
name: Build .deb (Ubuntu 22.04)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: [self-hosted, linux, ubuntu-22.04]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Add Rust to PATH
|
||||||
|
run: echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||||
|
- name: Build .deb package
|
||||||
|
run: chmod +x scripts/build-package.sh && scripts/build-package.sh
|
||||||
|
- name: Rename package with distro suffix
|
||||||
|
run: |
|
||||||
|
FILE=$(ls linux-patch-api_*_amd64.deb 2>/dev/null | head -1)
|
||||||
|
if [ -n "$FILE" ]; then
|
||||||
|
mv "$FILE" "$(echo "$FILE" | sed 's/_amd64/_u2204_amd64/')"
|
||||||
|
fi
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: linux-patch-api_*_u2204_amd64.deb
|
||||||
|
|
||||||
|
build-deb-debian13:
|
||||||
|
name: Build .deb (Debian 13)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: [self-hosted, linux, debian-13]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Add Rust to PATH
|
||||||
|
run: echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||||
|
- name: Build .deb package
|
||||||
|
run: chmod +x scripts/build-package.sh && scripts/build-package.sh
|
||||||
|
- name: Rename package with distro suffix
|
||||||
|
run: |
|
||||||
|
FILE=$(ls linux-patch-api_*_amd64.deb 2>/dev/null | head -1)
|
||||||
|
if [ -n "$FILE" ]; then
|
||||||
|
mv "$FILE" "$(echo "$FILE" | sed 's/_amd64/_debian13_amd64/')"
|
||||||
|
fi
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: linux-patch-api_*_debian13_amd64.deb
|
||||||
|
|
||||||
|
build-rpm-fedora:
|
||||||
|
name: Build .rpm (Fedora)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: [self-hosted, linux, fedora]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Add Rust to PATH
|
||||||
|
run: echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||||
|
- name: Build release binary
|
||||||
|
run: cargo build --release
|
||||||
|
- name: Build RPM package
|
||||||
|
run: chmod +x build-rpm.sh && SKIP_CARGO_BUILD=1 ./build-rpm.sh
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: releases/linux-patch-api-*.rpm
|
||||||
|
|
||||||
|
build-rpm-almalinux:
|
||||||
|
name: Build .rpm (AlmaLinux 10)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: [self-hosted, linux, almalinux-10]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Add Rust to PATH
|
||||||
|
run: echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||||
|
- name: Build release binary
|
||||||
|
run: cargo build --release
|
||||||
|
- name: Build RPM package
|
||||||
|
run: chmod +x build-rpm.sh && SKIP_CARGO_BUILD=1 ./build-rpm.sh
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: releases/linux-patch-api-*.rpm
|
||||||
|
|
||||||
|
build-arch:
|
||||||
|
name: Build .pkg.tar.zst (Arch Linux)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: [self-hosted, linux, arch]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Add Rust to PATH
|
||||||
|
run: echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
||||||
|
- name: Build release binary
|
||||||
|
run: cargo build --release
|
||||||
|
- name: Build Arch package
|
||||||
|
run: chmod +x build-arch.sh && SKIP_CARGO_BUILD=1 ./build-arch.sh
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: releases/*.pkg.tar.zst
|
||||||
|
|
||||||
|
build-alpine:
|
||||||
|
name: Build .apk (Alpine)
|
||||||
|
if: startsWith(github.ref, 'refs/tags/v')
|
||||||
|
needs: [fmt, clippy, test, enrollment-tests, audit, prepare-release]
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
container:
|
||||||
|
image: alpine:latest
|
||||||
|
steps:
|
||||||
|
- name: Install prerequisites for actions/checkout
|
||||||
|
run: apk add --no-cache bash git curl tar
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- name: Install Alpine build dependencies
|
||||||
|
run: apk add --no-cache gcc musl-dev openssl-dev openssl elogind-dev alpine-sdk rust cargo abuild
|
||||||
|
- name: Build release binary (musl target)
|
||||||
|
run: cargo build --release --target x86_64-unknown-linux-musl
|
||||||
|
- name: Build Alpine package
|
||||||
|
run: |
|
||||||
|
chmod +x build-alpine.sh
|
||||||
|
SKIP_CARGO_BUILD=1 ./build-alpine.sh
|
||||||
|
- name: Upload to GitHub Release
|
||||||
|
uses: softprops/action-gh-release@v2
|
||||||
|
with:
|
||||||
|
files: releases/linux-patch-api-*.apk
|
||||||
|
|||||||
6
scripts/build-package.sh
Executable file → Normal file
6
scripts/build-package.sh
Executable file → Normal file
@ -67,10 +67,14 @@ chmod 755 "${BUILD_DIR}/usr/bin/linux-patch-api"
|
|||||||
# Systemd service
|
# Systemd service
|
||||||
cp "${PROJECT_ROOT}/configs/linux-patch-api.service" "${BUILD_DIR}/lib/systemd/system/"
|
cp "${PROJECT_ROOT}/configs/linux-patch-api.service" "${BUILD_DIR}/lib/systemd/system/"
|
||||||
|
|
||||||
# Configuration files
|
# Configuration files (live configs for admin editing)
|
||||||
cp "${PROJECT_ROOT}/configs/config.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/config.yaml"
|
cp "${PROJECT_ROOT}/configs/config.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/config.yaml"
|
||||||
cp "${PROJECT_ROOT}/configs/whitelist.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/whitelist.yaml"
|
cp "${PROJECT_ROOT}/configs/whitelist.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/whitelist.yaml"
|
||||||
|
|
||||||
|
# Example config files (referenced by postinst for first-run setup)
|
||||||
|
cp "${PROJECT_ROOT}/configs/config.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/config.yaml.example"
|
||||||
|
cp "${PROJECT_ROOT}/configs/whitelist.yaml.example" "${BUILD_DIR}/etc/linux_patch_api/whitelist.yaml.example"
|
||||||
|
|
||||||
# Calculate installed size BEFORE generating control file
|
# Calculate installed size BEFORE generating control file
|
||||||
INSTALLED_SIZE=$(du -sk "${BUILD_DIR}" | cut -f1)
|
INSTALLED_SIZE=$(du -sk "${BUILD_DIR}" | cut -f1)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user