name: CI/CD Pipeline on: push: branches: [ master, develop ] tags: [ 'v*' ] pull_request: branches: [ master ] env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 jobs: fmt: name: Code Format runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV - name: Check formatting run: cargo fmt --all -- --check clippy: name: Clippy Lints runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV rustup component add clippy - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y libsystemd-dev pkg-config - name: Run clippy run: cargo clippy --all-targets --all-features -- -D warnings test: name: Unit Tests runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y libsystemd-dev pkg-config - name: Run tests run: cargo test --all-features audit: name: Security Audit runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y libsystemd-dev pkg-config - name: Run cargo-audit run: | cargo install cargo-audit cargo audit --ignore RUSTSEC-2025-0134 build-deb: name: Build Debian Package needs: [fmt, clippy, test] runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV - name: Install build dependencies run: | sudo apt-get update sudo apt-get install -y build-essential debhelper pkg-config libsystemd-dev - name: Build Debian package run: sudo dpkg-buildpackage -us -uc -b - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.giteatoken }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls ../linux-patch-api_*.deb 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE" build-rpm: name: Build RPM Package needs: [fmt, clippy, test] runs-on: fedora steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV - name: Install build dependencies run: sudo dnf install -y rpm-build gcc systemd-devel pkg-config - name: Build release binary run: cargo build --release - name: Build RPM package run: | chmod +x build-rpm.sh ./build-rpm.sh - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.giteatoken }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls ~/rpmbuild/RPMS/x86_64/*.rpm 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE" build-apk: name: Build Alpine Package needs: [fmt, clippy, test] runs-on: alpine steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | apk add --no-cache curl bash curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV source "$HOME/.cargo/env" rustup target add x86_64-unknown-linux-musl - name: Install build dependencies run: | apk add --no-cache alpine-sdk rust cargo openssl-dev elogind-dev musl-dev git abuild gcc nodejs - name: Build release binary run: cargo build --release --target x86_64-unknown-linux-musl - name: Build Alpine package run: | chmod +x build-alpine.sh SKIP_CARGO_BUILD=1 ./build-alpine.sh - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.giteatoken }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls releases/*.apk 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE" build-arch: name: Build Arch Package needs: [fmt, clippy, test] runs-on: arch steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal echo "$HOME/.cargo/bin" >> $GITHUB_PATH echo "CARGO_HOME=$HOME/.cargo" >> $GITHUB_ENV - name: Install build dependencies run: sudo pacman -Syu --noconfirm rust cargo systemd git base-devel - name: Build release binary run: cargo build --release - name: Build Arch package run: | chmod +x build-arch.sh SKIP_CARGO_BUILD=1 ./build-arch.sh - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.giteatoken }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls releases/*.pkg.tar.zst 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE"