name: CI/CD Pipeline "on": push: branches: [ master, develop ] tags: [ 'v*' ] pull_request: branches: [ master ] env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 jobs: fmt: name: Code Format runs-on: ubuntu-24.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" rustup component add rustfmt echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Check formatting run: cargo fmt --all -- --check clippy: name: Clippy Lints runs-on: ubuntu-24.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" rustup component add clippy echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y build-essential libsystemd-dev pkg-config - name: Run clippy run: cargo clippy --all-targets --all-features -- -D warnings test: name: Unit Tests runs-on: ubuntu-24.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y build-essential libsystemd-dev pkg-config - name: Run tests run: cargo test --all-features audit: name: Security Audit runs-on: ubuntu-24.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install system dependencies run: | sudo apt-get update sudo apt-get install -y build-essential libsystemd-dev pkg-config - name: Run cargo-audit run: | cargo install cargo-audit cargo audit --ignore RUSTSEC-2025-0134 build-deb: name: Build Debian Package needs: [fmt, clippy, test] runs-on: ubuntu-24.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install build dependencies run: | sudo apt-get update sudo apt-get install -y build-essential debhelper pkg-config libsystemd-dev - name: Build Debian package run: | sudo dpkg-buildpackage -us -uc -b -d - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.GITEATOKEN }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls ../linux-patch-api_*.deb 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE" build-deb-u2204: name: Build Debian Package (Ubuntu 22.04) needs: [fmt, clippy, test] runs-on: ubuntu-22.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install build dependencies run: | sudo apt-get update sudo apt-get install -y build-essential debhelper pkg-config libsystemd-dev - name: Build Debian package run: | sudo dpkg-buildpackage -us -uc -b -d - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.GITEATOKEN }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls ../linux-patch-api_*.deb 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "${TAG_NAME}-u2204" "$FILE" build-rpm: name: Build RPM Package needs: [fmt, clippy, test] runs-on: fedora steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install build dependencies run: | sudo dnf install -y gcc rpm-build systemd-devel pkg-config - name: Build release binary run: cargo build --release - name: Build RPM package run: | chmod +x build-rpm.sh ./build-rpm.sh - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.GITEATOKEN }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls ~/rpmbuild/RPMS/x86_64/*.rpm 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE" build-apk: name: Build Alpine Package needs: [fmt, clippy, test] runs-on: alpine steps: - name: Checkout repository run: | apk add --no-cache curl curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | apk add --no-cache curl bash curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" rustup target add x86_64-unknown-linux-musl echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install build dependencies run: | apk add --no-cache alpine-sdk rust cargo openssl-dev elogind-dev musl-dev abuild gcc - name: Build release binary run: cargo build --release --target x86_64-unknown-linux-musl - name: Build Alpine package run: | chmod +x build-alpine.sh SKIP_CARGO_BUILD=1 ./build-alpine.sh - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.GITEATOKEN }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls releases/*.apk 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE" build-arch: name: Build Arch Package needs: [fmt, clippy, test] runs-on: arch steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_api/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Install build dependencies run: | sudo pacman -Syu --noconfirm rust cargo systemd git base-devel gcc - name: Build release binary run: cargo build --release - name: Build Arch package run: | chmod +x build-arch.sh SKIP_CARGO_BUILD=1 ./build-arch.sh - name: Upload to Gitea Release if: startsWith(github.ref, 'refs/tags/') env: GITEA_TOKEN: ${{ secrets.GITEATOKEN }} run: | TAG_NAME=${GITHUB_REF#refs/tags/} FILE=$(ls releases/*.pkg.tar.zst 2>/dev/null | head -1) chmod +x scripts/upload-release.sh ./scripts/upload-release.sh "$TAG_NAME" "$FILE"