git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity
Files
185b3901a621dffdb971440b794c66a222743b68
linux_patch_api/.github/workflows/ci.yml

220 lines
8.8 KiB
YAML
Raw Blame History

name: CI/CD Pipeline
on:
push:
branches: [ master, develop ]
tags: [ 'v*' ]
pull_request:
branches: [ master ]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
fmt:
name: Code Format
runs-on: linux
container: node:18
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- name: Check formatting
run: cargo fmt --all -- --check
clippy:
name: Clippy Lints
runs-on: linux
container: node:18
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install system dependencies
run: |
apt-get update
apt-get install -y libsystemd-dev pkg-config
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- name: Cache cargo
uses: Swatinem/rust-cache@v2
- name: Run clippy
run: cargo clippy --all-targets --all-features -- -D warnings
test:
name: Unit Tests
runs-on: linux
container: node:18
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install system dependencies
run: |
apt-get update
apt-get install -y libsystemd-dev pkg-config
- uses: dtolnay/rust-toolchain@stable
- name: Cache cargo
uses: Swatinem/rust-cache@v2
- name: Run tests
run: cargo test --all-features
audit:
name: Security Audit
runs-on: linux
container: node:18
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install system dependencies
run: |
apt-get update
apt-get install -y libsystemd-dev pkg-config
- uses: dtolnay/rust-toolchain@stable
- name: Run cargo-audit
run: |
cargo install cargo-audit
cargo audit
build-deb:
name: Build Debian Package
runs-on: linux
container: node:18-bookworm
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: dtolnay/rust-toolchain@stable
- name: Install build dependencies
run: |
apt-get update
apt-get install -y build-essential debhelper cargo rustc libsystemd-dev pkg-config
- name: Build Debian package
run: dpkg-buildpackage -us -uc -b
- name: Copy .deb to workspace
run: cp ../linux-patch-api_*.deb .
- name: Upload to Gitea Release (on tag)
if: startsWith(github.ref, 'refs/tags/')
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITEA_API: https://gitea.moon-dragon.us/api/v1
run: |
TAG_NAME=${GITHUB_REF#refs/tags/}
FILE=$(ls linux-patch-api_*.deb 2>/dev/null | head -1)
[ -z "$FILE" ] && exit 0
RELEASE_ID=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/echo/linux_patch_api/releases/tags/$TAG_NAME" 2>/dev/null | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
if [ -z "$RELEASE_ID" ]; then
RESPONSE=$(curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" -d "{\"tag_name\": \"$TAG_NAME\", \"name\": \"$TAG_NAME\"}" "$GITEA_API/repos/echo/linux_patch_api/releases")
RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
fi
[ -n "$RELEASE_ID" ] && curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -F "name=@$FILE" "$GITEA_API/repos/echo/linux_patch_api/releases/$RELEASE_ID/assets?name=$(basename $FILE)" && echo "Uploaded $FILE"
# RHEL/CentOS/Fedora Package Build
build-rpm:
name: Build RPM Package
runs-on: linux
container: linux-patch-api-rpm:latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: dtolnay/rust-toolchain@stable
- name: Install RPM build tools
run: |
dnf install -y rpm-build gcc cargo rust systemd-devel pkg-config
- name: Build release binary
run: cargo build --release
- name: Build RPM package
run: ./build-rpm.sh
- name: Upload to Gitea Release (on tag)
if: startsWith(github.ref, 'refs/tags/')
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITEA_API: https://gitea.moon-dragon.us/api/v1
run: |
TAG_NAME=${GITHUB_REF#refs/tags/}
FILE=$(ls ~/rpmbuild/RPMS/x86_64/*.rpm 2>/dev/null | head -1)
[ -z "$FILE" ] && exit 0
RELEASE_ID=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/echo/linux_patch_api/releases/tags/$TAG_NAME" 2>/dev/null | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
if [ -z "$RELEASE_ID" ]; then
RESPONSE=$(curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" -d "{\"tag_name\": \"$TAG_NAME\", \"name\": \"$TAG_NAME\"}" "$GITEA_API/repos/echo/linux_patch_api/releases")
RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
fi
[ -n "$RELEASE_ID" ] && curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -F "name=@$FILE" "$GITEA_API/repos/echo/linux_patch_api/releases/$RELEASE_ID/assets?name=$(basename $FILE)" && echo "Uploaded $FILE"
# Alpine Package Build
build-apk:
name: Build Alpine Package
runs-on: linux
container: node:18-alpine
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Rust toolchain (rustup for edition2024 support)
run: |
apk add --no-cache curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
source $HOME/.cargo/env
rustc --version
cargo --version
- name: Install build dependencies
run: |
apk add --no-cache musl-dev openssl-dev git abuild gcc elogind-dev
# NOTE: abuild-keygen is now done inside build-alpine.sh to ensure keys persist in same shell session
- name: Build APK package
run: ./build-alpine.sh
- name: Upload to Gitea Release (on tag)
if: startsWith(github.ref, 'refs/tags/')
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITEA_API: https://gitea.moon-dragon.us/api/v1
run: |
TAG_NAME=${GITHUB_REF#refs/tags/}
FILE=$(ls releases/*.apk 2>/dev/null | head -1)
[ -z "$FILE" ] && exit 0
RELEASE_ID=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/echo/linux_patch_api/releases/tags/$TAG_NAME" 2>/dev/null | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
if [ -z "$RELEASE_ID" ]; then
RESPONSE=$(curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" -d "{\"tag_name\": \"$TAG_NAME\", \"name\": \"$TAG_NAME\"}" "$GITEA_API/repos/echo/linux_patch_api/releases")
RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
fi
[ -n "$RELEASE_ID" ] && curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -F "name=@$FILE" "$GITEA_API/repos/echo/linux_patch_api/releases/$RELEASE_ID/assets?name=$(basename $FILE)" && echo "Uploaded $FILE"
# Arch Linux Package Build
build-arch:
name: Build Arch Package
runs-on: linux
container: linux-patch-api-arch:latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install build dependencies
run: |
pacman -Syu --noconfirm rust cargo systemd git base-devel
- name: Build release binary
run: cargo build --release
- name: Build Arch package
run: ./build-arch.sh
- name: Upload to Gitea Release (on tag)
if: startsWith(github.ref, 'refs/tags/')
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITEA_API: https://gitea.moon-dragon.us/api/v1
run: |
TAG_NAME=${GITHUB_REF#refs/tags/}
FILE=$(ls releases/*.pkg.tar.zst 2>/dev/null | head -1)
[ -z "$FILE" ] && exit 0
RELEASE_ID=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/echo/linux_patch_api/releases/tags/$TAG_NAME" 2>/dev/null | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
if [ -z "$RELEASE_ID" ]; then
RESPONSE=$(curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -H "Content-Type: application/json" -d "{\"tag_name\": \"$TAG_NAME\", \"name\": \"$TAG_NAME\"}" "$GITEA_API/repos/echo/linux_patch_api/releases")
RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
fi
[ -n "$RELEASE_ID" ] && curl -s -X POST -H "Authorization: token $GITEA_TOKEN" -F "name=@$FILE" "$GITEA_API/repos/echo/linux_patch_api/releases/$RELEASE_ID/assets?name=$(basename $FILE)" && echo "Uploaded $FILE"
View Git Blame Copy Permalink