mirror of
https://github.com/CloudNebulaProject/barycenter.git
synced 2026-04-10 13:10:42 +00:00
782a319164
- Add docker-build job that runs on every push/PR - Builds only amd64 platform for speed (vs multi-platform in release) - Uses GitHub Actions cache for faster builds - Prevents Dockerfile issues from reaching release workflow 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
120 lines
3 KiB
YAML
120 lines
3 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- develop
|
|
- 'feature/**'
|
|
- 'release/**'
|
|
- 'hotfix/**'
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- develop
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
RUST_BACKTRACE: 1
|
|
|
|
jobs:
|
|
test:
|
|
name: Test
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
components: rustfmt, clippy
|
|
|
|
- name: Install cargo-nextest
|
|
uses: taiki-e/install-action@v2
|
|
with:
|
|
tool: cargo-nextest
|
|
|
|
- name: Cache cargo registry
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/.cargo/registry
|
|
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-registry-
|
|
|
|
- name: Cache cargo index
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/.cargo/git
|
|
key: ${{ runner.os }}-cargo-git-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-git-
|
|
|
|
- name: Cache cargo build
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: target
|
|
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-build-target-
|
|
|
|
- name: Check formatting
|
|
run: cargo fmt --all -- --check
|
|
|
|
- name: Run clippy
|
|
run: cargo clippy --all-targets --all-features -- -D warnings
|
|
continue-on-error: true # Make clippy informational
|
|
|
|
- name: Build
|
|
run: cargo build --verbose
|
|
|
|
- name: Run tests
|
|
run: cargo nextest run --verbose
|
|
|
|
docker-build:
|
|
name: Docker Build Check
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Docker image (amd64)
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64
|
|
push: false
|
|
tags: barycenter:ci-test
|
|
cache-from: type=gha,scope=ci-docker-amd64
|
|
cache-to: type=gha,mode=max,scope=ci-docker-amd64
|
|
|
|
security:
|
|
name: Security Audit
|
|
runs-on: ubuntu-latest
|
|
continue-on-error: true # Make this informational only
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@stable
|
|
|
|
- name: Install cargo-audit
|
|
run: cargo install cargo-audit
|
|
|
|
- name: Run security audit
|
|
run: |
|
|
# Ignore known unfixable vulnerabilities:
|
|
# - RUSTSEC-2023-0071: RSA crate Marvin attack (transitive dep, no fix available)
|
|
# - RUSTSEC-2025-0120: json5 unmaintained (transitive dep from config crate)
|
|
cargo audit \
|
|
--ignore RUSTSEC-2023-0071 \
|
|
--ignore RUSTSEC-2025-0120
|
|
continue-on-error: true
|