name: CI - 4NK Node on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] env: RUST_VERSION: '1.70' DOCKER_COMPOSE_VERSION: '2.20.0' jobs: # Job de vérification du code code-quality: name: Code Quality runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Cache Rust dependencies uses: actions/cache@v3 with: path: | ~/.cargo/registry ~/.cargo/git target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Run clippy run: | cd sdk_relay cargo clippy --all-targets --all-features -- -D warnings - name: Run rustfmt run: | cd sdk_relay cargo fmt --all -- --check - name: Check documentation run: | cd sdk_relay cargo doc --no-deps - name: Check for TODO/FIXME run: | if grep -r "TODO\|FIXME" . --exclude-dir=.git --exclude-dir=target; then echo "Found TODO/FIXME comments. Please address them." exit 1 fi # Job de tests unitaires unit-tests: name: Unit Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Cache Rust dependencies uses: actions/cache@v3 with: path: | ~/.cargo/registry ~/.cargo/git target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Run unit tests run: | cd sdk_relay cargo test --lib --bins - name: Run integration tests run: | cd sdk_relay cargo test --tests # Job de tests d'intégration integration-tests: name: Integration Tests runs-on: ubuntu-latest services: docker: image: docker:24.0.5 options: >- --health-cmd "docker info" --health-interval 10s --health-timeout 5s --health-retries 5 ports: - 2375:2375 steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker images run: | docker build -t 4nk-node-bitcoin ./bitcoin docker build -t 4nk-node-blindbit ./blindbit docker build -t 4nk-node-sdk-relay -f ./sdk_relay/Dockerfile .. - name: Run integration tests run: | # Tests de connectivité de base ./tests/run_connectivity_tests.sh || true # Tests d'intégration ./tests/run_integration_tests.sh || true - name: Upload test results uses: actions/upload-artifact@v3 if: always() with: name: test-results path: | tests/logs/ tests/reports/ retention-days: 7 # Job de tests de sécurité security-tests: name: Security Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Run cargo audit run: | cd sdk_relay cargo audit --deny warnings - name: Check for secrets run: | # Vérifier les secrets potentiels if grep -r "password\|secret\|key\|token" . --exclude-dir=.git --exclude-dir=target --exclude=*.md; then echo "Potential secrets found. Please review." exit 1 fi - name: Check file permissions run: | # Vérifier les permissions sensibles find . -type f -perm /0111 -name "*.conf" -o -name "*.key" -o -name "*.pem" | while read file; do if [[ $(stat -c %a "$file") != "600" ]]; then echo "Warning: $file has insecure permissions" fi done # Job de build et test Docker docker-build: name: Docker Build & Test runs-on: ubuntu-latest services: docker: image: docker:24.0.5 options: >- --health-cmd "docker info" --health-interval 10s --health-timeout 5s --health-retries 5 ports: - 2375:2375 steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and test Bitcoin Core run: | docker build -t 4nk-node-bitcoin:test ./bitcoin docker run --rm 4nk-node-bitcoin:test bitcoin-cli --version - name: Build and test Blindbit run: | docker build -t 4nk-node-blindbit:test ./blindbit docker run --rm 4nk-node-blindbit:test --version || true - name: Build and test SDK Relay run: | docker build -t 4nk-node-sdk-relay:test -f ./sdk_relay/Dockerfile .. docker run --rm 4nk-node-sdk-relay:test --version || true - name: Test Docker Compose run: | docker-compose config docker-compose build --no-cache # Job de tests de documentation documentation-tests: name: Documentation Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Check markdown links uses: gaurav-nelson/github-action-markdown-link-check@v1 with: use-verbose-mode: 'yes' use-quiet-mode: 'yes' - name: Check documentation structure run: | # Vérifier la présence des fichiers de documentation essentiels required_files=( "README.md" "LICENSE" "CONTRIBUTING.md" "CHANGELOG.md" "CODE_OF_CONDUCT.md" "SECURITY.md" "docs/INDEX.md" "docs/INSTALLATION.md" "docs/USAGE.md" ) for file in "${required_files[@]}"; do if [[ ! -f "$file" ]]; then echo "Missing required documentation file: $file" exit 1 fi done - name: Validate documentation run: | # Vérifier la cohérence de la documentation if ! grep -q "4NK Node" README.md; then echo "README.md should mention '4NK Node'" exit 1 fi # Job de tests de performance performance-tests: name: Performance Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Run performance tests run: | cd sdk_relay cargo test --release --test performance_tests || true - name: Check memory usage run: | # Tests de base de consommation mémoire echo "Performance tests completed" # Job de déploiement (uniquement sur main) deploy: name: Deploy runs-on: ubuntu-latest needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests] if: github.ref == 'refs/heads/main' && github.event_name == 'push' steps: - name: Checkout code uses: actions/checkout@v4 - name: Create release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: v${{ github.run_number }} release_name: Release v${{ github.run_number }} body: | Automated release from CI/CD pipeline Changes in this release: - See CHANGELOG.md for details draft: false prerelease: false - name: Upload release artifacts uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ./archive/4NK_node_v${{ github.run_number }}.tar.gz asset_name: 4NK_node_v${{ github.run_number }}.tar.gz asset_content_type: application/gzip # Job de notification notify: name: Notify runs-on: ubuntu-latest needs: [deploy] if: always() steps: - name: Notify success if: needs.deploy.result == 'success' run: | echo "✅ All tests passed and deployment successful!" - name: Notify failure if: needs.deploy.result == 'failure' run: | echo "❌ Some tests failed or deployment failed!" exit 1