258 lines
7.5 KiB
YAML
258 lines
7.5 KiB
YAML
name: CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ master, develop ]
|
|
tags: [ 'v*' ]
|
|
pull_request:
|
|
branches: [ master ]
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
RUST_BACKTRACE: 1
|
|
|
|
jobs:
|
|
fmt:
|
|
name: Code Format
|
|
runs-on: linux
|
|
container: node:18
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
components: rustfmt
|
|
- name: Check formatting
|
|
run: cargo fmt --all -- --check
|
|
|
|
clippy:
|
|
name: Clippy Lints
|
|
runs-on: linux
|
|
container: node:18
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install system dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y libsystemd-dev pkg-config
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
components: clippy
|
|
- name: Cache cargo
|
|
uses: Swatinem/rust-cache@v2
|
|
- name: Run clippy
|
|
run: cargo clippy --all-targets --all-features -- -D warnings
|
|
|
|
test:
|
|
name: Unit Tests
|
|
runs-on: linux
|
|
container: node:18
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install system dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y libsystemd-dev pkg-config
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Cache cargo
|
|
uses: Swatinem/rust-cache@v2
|
|
- name: Run tests
|
|
run: cargo test --all-features
|
|
- name: Upload coverage
|
|
uses: codecov/codecov-action@v4
|
|
if: always()
|
|
|
|
audit:
|
|
name: Security Audit
|
|
runs-on: linux
|
|
container: node:18
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install system dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y libsystemd-dev pkg-config
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Run cargo-audit
|
|
run: |
|
|
cargo install cargo-audit
|
|
cargo audit
|
|
|
|
# Debian/Ubuntu Package Build
|
|
build-deb:
|
|
name: Build Debian Package
|
|
runs-on: linux
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Install build dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y debhelper cargo rustc libsystemd-dev pkg-config
|
|
- name: Build Debian package
|
|
run: dpkg-buildpackage -us -uc -b
|
|
- name: Upload .deb artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: linux-patch-api-deb
|
|
path: ../linux-patch-api_*.deb
|
|
retention-days: 30
|
|
- name: Upload to releases (on tag)
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
files: ../linux-patch-api_*.deb
|
|
|
|
# RHEL/CentOS/Fedora Package Build
|
|
build-rpm:
|
|
name: Build RPM Package
|
|
runs-on: linux
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Install RPM build tools
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y rpm rpmbuild cargo rustc libsystemd-dev pkg-config
|
|
- name: Build RPM package
|
|
run: |
|
|
rpmbuild -ba linux-patch-api.spec
|
|
- name: Upload .rpm artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: linux-patch-api-rpm
|
|
path: ~/rpmbuild/RPMS/x86_64/*.rpm
|
|
retention-days: 30
|
|
- name: Upload to releases (on tag)
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
files: ~/rpmbuild/RPMS/x86_64/*.rpm
|
|
|
|
# Alpine Package Build
|
|
build-apk:
|
|
name: Build Alpine Package
|
|
runs-on: linux
|
|
container: alpine:latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install build dependencies
|
|
run: |
|
|
apk add --no-cache rust cargo musl-dev openssl-dev systemd-dev git
|
|
- name: Build release binary
|
|
run: cargo build --release --target x86_64-unknown-linux-musl
|
|
- name: Create APK package
|
|
run: |
|
|
mkdir -p package/usr/bin
|
|
mkdir -p package/etc/linux_patch_api
|
|
mkdir -p package/lib/systemd/system
|
|
cp target/x86_64-unknown-linux-musl/release/linux-patch-api package/usr/bin/
|
|
cp configs/linux-patch-api.service package/lib/systemd/system/
|
|
cp configs/config.yaml.example package/etc/linux_patch_api/config.yaml
|
|
cp configs/whitelist.yaml.example package/etc/linux_patch_api/whitelist.yaml
|
|
# Create APKBUILD
|
|
cat > APKBUILD << 'EOF'
|
|
pkgname=linux-patch-api
|
|
pkgver=1.0.0
|
|
pkgrel=1
|
|
pkgdesc="Secure remote package management API for Linux systems"
|
|
url="https://gitea.internal/linux-patch-api"
|
|
arch="x86_64"
|
|
license="MIT"
|
|
depends="systemd"
|
|
source="package"
|
|
|
|
package() {
|
|
cp -r "$srcdir"/package/* "$pkgdir"/
|
|
}
|
|
EOF
|
|
abuild -F -r
|
|
- name: Upload .apk artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: linux-patch-api-apk
|
|
path: ~/packages/x86_64/*.apk
|
|
retention-days: 30
|
|
|
|
# Arch Linux Package Build
|
|
build-arch:
|
|
name: Build Arch Package
|
|
runs-on: linux
|
|
container: archlinux:latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Install build dependencies
|
|
run: |
|
|
pacman -Syu --noconfirm rust cargo systemd git base-devel
|
|
- name: Build release binary
|
|
run: cargo build --release
|
|
- name: Create PKGBUILD package
|
|
run: |
|
|
mkdir -p package/usr/bin
|
|
mkdir -p package/etc/linux_patch_api
|
|
mkdir -p package/usr/lib/systemd/system
|
|
cp target/release/linux-patch-api package/usr/bin/
|
|
cp configs/linux-patch-api.service package/usr/lib/systemd/system/
|
|
cp configs/config.yaml.example package/etc/linux_patch_api/config.yaml
|
|
cp configs/whitelist.yaml.example package/etc/linux_patch_api/whitelist.yaml
|
|
# Create PKGBUILD
|
|
cat > PKGBUILD << 'EOF'
|
|
pkgname=linux-patch-api
|
|
pkgver=1.0.0
|
|
pkgrel=1
|
|
pkgdesc="Secure remote package management API for Linux systems"
|
|
url="https://gitea.internal/linux-patch-api"
|
|
arch=('x86_64')
|
|
license=('MIT')
|
|
depends=('systemd')
|
|
source=('package')
|
|
|
|
package() {
|
|
cp -r "$srcdir"/package/* "$pkgdir"/
|
|
}
|
|
EOF
|
|
makepkg -f --noconfirm
|
|
- name: Upload .pkg.tar.zst artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: linux-patch-api-arch
|
|
path: '*.pkg.tar.zst'
|
|
retention-days: 30
|
|
|
|
# Release - Collect all packages
|
|
release:
|
|
name: Create Release
|
|
needs: [build-deb, build-rpm, build-apk, build-arch]
|
|
runs-on: linux
|
|
container: node:18
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Download all packages
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: linux-patch-api-*
|
|
merge-multiple: true
|
|
path: ./releases/
|
|
- name: List release artifacts
|
|
run: ls -la ./releases/
|
|
- name: Upload to Gitea releases
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
files: releases/*
|