name: CI/CD Pipeline on: push: branches: [ master, develop ] tags: [ 'v*' ] pull_request: branches: [ master ] env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 jobs: fmt: name: Code Format runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable with: components: rustfmt - name: Check formatting run: cargo fmt --all -- --check clippy: name: Clippy Lints runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Install system dependencies run: | apt-get update apt-get install -y libsystemd-dev pkg-config - uses: dtolnay/rust-toolchain@stable with: components: clippy - name: Cache cargo uses: Swatinem/rust-cache@v2 - name: Run clippy run: cargo clippy --all-targets --all-features -- -D warnings test: name: Unit Tests runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Install system dependencies run: | apt-get update apt-get install -y libsystemd-dev pkg-config - uses: dtolnay/rust-toolchain@stable - name: Cache cargo uses: Swatinem/rust-cache@v2 - name: Run tests run: cargo test --all-features - name: Upload coverage uses: codecov/codecov-action@v4 if: always() audit: name: Security Audit runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Install system dependencies run: | apt-get update apt-get install -y libsystemd-dev pkg-config - uses: dtolnay/rust-toolchain@stable - name: Run cargo-audit run: | cargo install cargo-audit cargo audit # Debian/Ubuntu Package Build build-deb: name: Build Debian Package runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - name: Install build dependencies run: | apt-get update apt-get install -y build-essential debhelper cargo rustc libsystemd-dev pkg-config - name: Build Debian package run: dpkg-buildpackage -us -uc -b - name: Copy .deb to workspace run: cp ../linux-patch-api_*.deb . - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: linux-patch-api_*.deb # RHEL/CentOS/Fedora Package Build build-rpm: name: Build RPM Package runs-on: linux container: node:18 steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - name: Install RPM build tools run: | apt-get update apt-get install -y rpm cargo rustc libsystemd-dev pkg-config - name: Build RPM package run: | rpmbuild -ba linux-patch-api.spec - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: ~/rpmbuild/RPMS/x86_64/*.rpm # Alpine Package Build build-apk: name: Build Alpine Package runs-on: linux container: alpine:latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Install build dependencies run: | apk add --no-cache rust cargo musl-dev openssl-dev systemd-dev git nodejs npm - name: Build release binary run: cargo build --release --target x86_64-unknown-linux-musl - name: Create APK package run: | mkdir -p package/usr/bin mkdir -p package/etc/linux_patch_api mkdir -p package/lib/systemd/system cp target/x86_64-unknown-linux-musl/release/linux-patch-api package/usr/bin/ cp configs/linux-patch-api.service package/lib/systemd/system/ cp configs/config.yaml.example package/etc/linux_patch_api/config.yaml cp configs/whitelist.yaml.example package/etc/linux_patch_api/whitelist.yaml # Create APKBUILD cat > APKBUILD << 'EOF' pkgname=linux-patch-api pkgver=1.0.0 pkgrel=1 pkgdesc="Secure remote package management API for Linux systems" url="https://gitea.internal/linux-patch-api" arch="x86_64" license="MIT" depends="systemd" source="package" package() { cp -r "$srcdir"/package/* "$pkgdir"/ } EOF abuild -F -r - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: ~/packages/x86_64/*.apk # Arch Linux Package Build build-arch: name: Build Arch Package runs-on: linux container: archlinux:latest steps: - uses: actions/checkout@v2 with: fetch-depth: 0 - name: Install build dependencies run: | pacman -Syu --noconfirm rust cargo systemd git base-devel nodejs npm - name: Build release binary run: cargo build --release - name: Create PKGBUILD package run: | mkdir -p package/usr/bin mkdir -p package/etc/linux_patch_api mkdir -p package/usr/lib/systemd/system cp target/release/linux-patch-api package/usr/bin/ cp configs/linux-patch-api.service package/usr/lib/systemd/system/ cp configs/config.yaml.example package/etc/linux_patch_api/config.yaml cp configs/whitelist.yaml.example package/etc/linux_patch_api/whitelist.yaml # Create PKGBUILD cat > PKGBUILD << 'EOF' pkgname=linux-patch-api pkgver=1.0.0 pkgrel=1 pkgdesc="Secure remote package management API for Linux systems" url="https://gitea.internal/linux-patch-api" arch=('x86_64') license=('MIT') depends=('systemd') source=('package') package() { cp -r "$srcdir"/package/* "$pkgdir"/ } EOF makepkg -f --noconfirm - name: Upload to releases (on tag) if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v1 with: files: '*.pkg.tar.zst'