name: CI Pipeline "on": push: branches: [master] tags: ["v*"] pull_request: branches: [master] env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 jobs: rust-format: name: Rust Format Check runs-on: ubuntu-22.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_manager/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" rustup component add rustfmt echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Check formatting run: cargo fmt --all -- --check clippy: name: Clippy Lints runs-on: ubuntu-22.04 steps: - name: Install system dependencies run: | sudo apt-get update -qq sudo apt-get install -y --no-install-recommends curl ca-certificates build-essential pkg-config libssl-dev - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_manager/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" rustup component add clippy echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Run Clippy run: cargo clippy --all-targets --all-features -- -D warnings rust-test: name: Rust Unit Tests runs-on: ubuntu-22.04 steps: - name: Install system dependencies run: | sudo apt-get update -qq sudo apt-get install -y --no-install-recommends curl ca-certificates build-essential pkg-config libssl-dev - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_manager/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Run tests run: cargo test --workspace --all-features security-audit: name: Security Audit runs-on: ubuntu-22.04 steps: - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_manager/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Run cargo-audit run: | cargo install cargo-audit cargo audit --ignore RUSTSEC-2025-0134 frontend-lint: name: Frontend Lint & Type Check runs-on: ubuntu-22.04 steps: - name: Install checkout dependencies run: | sudo apt-get update -qq sudo apt-get install -y --no-install-recommends curl ca-certificates nodejs npm - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_manager/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Node.js dependencies working-directory: frontend run: npm ci - name: Run ESLint working-directory: frontend run: npx eslint src/ --ext .ts,.tsx --max-warnings 0 - name: TypeScript type check working-directory: frontend run: npx tsc --noEmit build-and-release: name: Build .deb & Release runs-on: ubuntu-22.04 needs: [rust-format, clippy, rust-test, security-audit, frontend-lint] if: startsWith(github.ref, 'refs/tags/v') steps: - name: Install system dependencies run: | sudo apt-get update -qq sudo apt-get install -y --no-install-recommends \ curl ca-certificates build-essential pkg-config libssl-dev \ git nodejs npm dpkg-dev python3 - name: Checkout repository run: | curl -sfL -H "Authorization: token ${{ secrets.GITEATOKEN }}" "https://gitea-lxc.moon-dragon.us/echo/linux_patch_manager/archive/${GITHUB_SHA}.tar.gz" -o repo.tar.gz tar -xzf repo.tar.gz --strip-components=1 rm -f repo.tar.gz - name: Install Rust run: | curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal . "$HOME/.cargo/env" echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" - name: Build Rust backend (release) run: cargo build --release - name: Run Rust tests run: cargo test --workspace --all-features - name: Strip binaries run: | strip target/release/pm-web target/release/pm-worker - name: Build frontend run: | cd frontend && npm ci && npm run build - name: Determine version run: | VERSION=$(grep '^version' Cargo.toml | head -1 | sed 's/.*=.*"\(.*\)"/\1/') echo "VERSION=${VERSION}" >> "$GITHUB_ENV" echo "Building version: ${VERSION}" - name: Assemble .deb package run: | chmod +x scripts/build-package.sh scripts/build-package.sh - name: Verify package run: | ls -la target/package/*.deb dpkg-deb -I target/package/linux-patch-manager_*.deb - name: Create Gitea Release if: startsWith(github.ref, 'refs/tags/v') env: GITEA_TOKEN: ${{ secrets.GITEATOKEN }} run: | VERSION=$(grep '^version' Cargo.toml | head -1 | sed 's/.*=.*"\(.*\)"/\1/') REPO="${GITHUB_REPOSITORY:-echo/linux_patch_manager}" REF_NAME="${GITHUB_REF_NAME:-v${VERSION}}" DEB=$(ls target/package/linux-patch-manager_*.deb) python3 scripts/create-release.py \ --repo "${REPO}" \ --tag "${REF_NAME}" \ --title "Release ${REF_NAME}" \ --asset "${DEB}" \ --token "${GITEA_TOKEN}" \ --gitea-url "https://gitea-lxc.moon-dragon.us"