azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
f2e0456f8defb259f2fe55a2ab4dec6b9422abc2
guru-connect/.gitea/workflows/build-and-test.yml
Mike Swanson 60519be28a feat: operational tooling — signing, versioning, changelog, roadmap (SPEC-001) 
Establish GuruConnect's release engineering and project tracking (SPEC-001):
- docs/ scaffold: FEATURE_ROADMAP, ARCHITECTURE_DECISIONS (ADR-001 standalone+contract,
  ADR-002 Gitea Actions + Azure Trusted Signing), docs/specs/SPEC-001, CHANGELOG.
- .gitea/workflows/release.yml: conventional-commit auto-versioning, git-cliff changelog,
  Windows agent build, Azure Trusted Signing via jsign (reusing the shared ACG cert profile),
  Gitea release via REST API. build-and-test.yml is the PR/push gate; deploy.yml de-duplicated.
- server: GET /api/changelog/:component/:version (latest + by-version), path-traversal hardened.
- cliff.toml; server/.env.example documents CHANGELOG_DIR.

Reviewed (Code Review Agent): axum route-conflict blocker fixed; CHANGELOG ordering, toolchain
target, breaking-change parsing, empty-changelog fallback addressed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 07:19:29 -07:00

152 lines
4.2 KiB
YAML
Raw Blame History

name: Build and Test
# PR/push CI gate (SPEC-001): fmt, clippy -D warnings, build, test, cargo-audit.
# This workflow does NOT version, sign, or release — that is release.yml's job. The agent build
# here is a compile gate only (it produces an unsigned artifact for inspection). Release commits
# carry `[skip ci]` so this workflow does not re-run on the version-bump commit.
on:
push:
branches:
- main
- develop
pull_request:
branches:
- main
jobs:
build-server:
name: Build Server (Linux)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: x86_64-unknown-linux-gnu
override: true
components: rustfmt, clippy
- name: Cache Cargo dependencies
uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-server-${{ hashFiles('server/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-server-
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y pkg-config libssl-dev protobuf-compiler
- name: Check formatting
run: cd server && cargo fmt --all -- --check
- name: Run Clippy
run: cd server && cargo clippy --all-targets --all-features -- -D warnings
- name: Build server
run: |
cd server
cargo build --release --target x86_64-unknown-linux-gnu
- name: Run tests
run: |
cd server
cargo test --release
- name: Upload server binary
uses: actions/upload-artifact@v3
with:
name: guruconnect-server-linux
path: server/target/x86_64-unknown-linux-gnu/release/guruconnect-server
retention-days: 30
build-agent:
name: Build Agent (Windows)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
# Single source of truth for the Windows target used by the build below.
target: x86_64-pc-windows-gnu
override: true
- name: Install cross-compilation tools
run: |
sudo apt-get update
sudo apt-get install -y mingw-w64
- name: Cache Cargo dependencies
uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-agent-${{ hashFiles('agent/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-agent-
- name: Build agent (cross-compile for Windows)
run: |
# Target is installed by the toolchain step above (single source of truth).
cd agent
cargo build --release --target x86_64-pc-windows-gnu
- name: Upload agent binary
uses: actions/upload-artifact@v3
with:
name: guruconnect-agent-windows
path: agent/target/x86_64-pc-windows-gnu/release/guruconnect.exe
retention-days: 30
security-audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run security audit on server
run: cd server && cargo audit
- name: Run security audit on agent
run: cd agent && cargo audit
build-summary:
name: Build Summary
runs-on: ubuntu-latest
needs: [build-server, build-agent, security-audit]
steps:
- name: Build succeeded
run: |
echo "All builds completed successfully"
echo "Server: Linux x86_64"
echo "Agent: Windows x86_64"
echo "Security: Passed"
Reference in New Issue View Git Blame Copy Permalink