name: CI/CD Pipeline on: push: branches: [ master, develop ] tags: [ 'v*' ] pull_request: branches: [ master ] env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 jobs: fmt: name: Code Format runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable with: components: rustfmt - name: Check formatting run: cargo fmt --all -- --check clippy: name: Clippy Lints runs-on: linux container: node:18 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install system dependencies run: | apt-get update apt-get install -y libsystemd-dev pkg-config - uses: dtolnay/rust-toolchain@stable with: components: clippy - name: Cache cargo uses: Swatinem/rust-cache@v2 - name: Run clippy run: cargo clippy --all-targets --all-features -- -D warnings test: name: Unit Tests runs-on: linux container: node:18 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install system dependencies run: | apt-get update apt-get install -y libsystemd-dev pkg-config - uses: dtolnay/rust-toolchain@stable - name: Cache cargo uses: Swatinem/rust-cache@v2 - name: Run tests run: cargo test --all-features audit: name: Security Audit runs-on: linux container: node:18 steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install system dependencies run: | apt-get update apt-get install -y libsystemd-dev pkg-config - uses: dtolnay/rust-toolchain@stable - name: Run cargo-audit run: | cargo install cargo-audit cargo audit build-deb: name: Build Debian Package runs-on: linux container: node:18-bookworm steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - name: Install build dependencies run: | apt-get update apt-get install -y build-essential debhelper cargo rustc libsystemd-dev pkg-config - name: Build Debian package run: dpkg-buildpackage -us -uc -b - name: Copy .deb to workspace run: cp ../linux-patch-api_*.deb . - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: linux-patch-api_*.deb # RHEL/CentOS/Fedora Package Build build-rpm: name: Build RPM Package runs-on: linux container: linux-patch-api-rpm:latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - name: Install RPM build tools run: | dnf install -y rpm-build gcc cargo rust systemd-devel pkg-config - name: Build release binary run: cargo build --release - name: Build RPM package run: ./build-rpm.sh - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: ~/rpmbuild/RPMS/x86_64/*.rpm # Alpine Package Build build-apk: name: Build Alpine Package runs-on: linux container: node:18-alpine steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Rust toolchain (rustup for edition2024 support) run: | apk add --no-cache curl curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable source $HOME/.cargo/env rustc --version cargo --version - name: Install build dependencies run: | apk add --no-cache musl-dev openssl-dev git abuild gcc elogind-dev # NOTE: abuild-keygen is now done inside build-alpine.sh to ensure keys persist in same shell session - name: Build APK package run: ./build-alpine.sh - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: releases/*.apk # Arch Linux Package Build build-arch: name: Build Arch Package runs-on: linux container: linux-patch-api-arch:latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install build dependencies run: | pacman -Syu --noconfirm rust cargo systemd git base-devel - name: Build release binary run: cargo build --release - name: Build Arch package run: ./build-arch.sh - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: releases/*.pkg.tar.zst