4NK_node/.gitea/workflows/ci.yml

name: CI - 4NK_node

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

env:
  RUST_VERSION: '1.70'
  DOCKER_COMPOSE_VERSION: '2.20.0'

jobs:
  # Job de vérification du code
  code-quality:
    name: Code Quality
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Setup Rust
      uses: actions-rs/toolchain@v1
      with:
        toolchain: ${{ env.RUST_VERSION }}
        override: true

    - name: Cache Rust dependencies
      uses: actions/cache@v3
      with:
        path: |
          ~/.cargo/registry
          ~/.cargo/git
          target
        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
        restore-keys: |
          ${{ runner.os }}-cargo-

    - name: Run clippy
      run: |
        cd sdk_relay
        cargo clippy --all-targets --all-features -- -D warnings

    - name: Run rustfmt
      run: |
        cd sdk_relay
        cargo fmt --all -- --check

    - name: Check documentation
      run: |
        cd sdk_relay
        cargo doc --no-deps

    - name: Check for TODO/FIXME
      run: |
        if grep -r "TODO\|FIXME" . --exclude-dir=.git --exclude-dir=target; then
          echo "Found TODO/FIXME comments. Please address them."
          exit 1
        fi

  # Job de tests unitaires
  unit-tests:
    name: Unit Tests
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Setup Rust
      uses: actions-rs/toolchain@v1
      with:
        toolchain: ${{ env.RUST_VERSION }}
        override: true

    - name: Cache Rust dependencies
      uses: actions/cache@v3
      with:
        path: |
          ~/.cargo/registry
          ~/.cargo/git
          target
        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
        restore-keys: |
          ${{ runner.os }}-cargo-

    - name: Run unit tests
      run: |
        cd sdk_relay
        cargo test --lib --bins

    - name: Run integration tests
      run: |
        cd sdk_relay
        cargo test --tests

  # Job de tests d'intégration
  integration-tests:
    name: Integration Tests
    runs-on: ubuntu-latest

    services:
      docker:
        image: docker:24.0.5
        options: >-
          --health-cmd "docker info"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 2375:2375

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Setup Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Build Docker images
      run: |
        docker build -t 4nk-node-bitcoin ./bitcoin
        docker build -t 4nk-node-blindbit ./blindbit
        docker build -t 4nk-node-sdk-relay -f ./sdk_relay/Dockerfile ..

    - name: Run integration tests
      run: |
        # Tests de connectivité de base
        ./tests/run_connectivity_tests.sh || true

        # Tests d'intégration
        ./tests/run_integration_tests.sh || true

    - name: Upload test results
      uses: actions/upload-artifact@v3
      if: always()
      with:
        name: test-results
        path: |
          tests/logs/
          tests/reports/
        retention-days: 7

  # Job de tests de sécurité
  security-tests:
    name: Security Tests
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Setup Rust
      uses: actions-rs/toolchain@v1
      with:
        toolchain: ${{ env.RUST_VERSION }}
        override: true

    - name: Run cargo audit
      run: |
        cd sdk_relay
        cargo audit --deny warnings

    - name: Check for secrets
      run: |
        # Vérifier les secrets potentiels
        if grep -r "password\|secret\|key\|token" . --exclude-dir=.git --exclude-dir=target --exclude=*.md; then
          echo "Potential secrets found. Please review."
          exit 1
        fi

    - name: Check file permissions
      run: |
        # Vérifier les permissions sensibles
        find . -type f -perm /0111 -name "*.conf" -o -name "*.key" -o -name "*.pem" | while read file; do
          if [[ $(stat -c %a "$file") != "600" ]]; then
            echo "Warning: $file has insecure permissions"
          fi
        done

  # Job de build et test Docker
  docker-build:
    name: Docker Build & Test
    runs-on: ubuntu-latest

    services:
      docker:
        image: docker:24.0.5
        options: >-
          --health-cmd "docker info"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 2375:2375

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Setup Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Build and test Bitcoin Core
      run: |
        docker build -t 4nk-node-bitcoin:test ./bitcoin
        docker run --rm 4nk-node-bitcoin:test bitcoin-cli --version

    - name: Build and test Blindbit
      run: |
        docker build -t 4nk-node-blindbit:test ./blindbit
        docker run --rm 4nk-node-blindbit:test --version || true

    - name: Build and test SDK Relay
      run: |
        docker build -t 4nk-node-sdk-relay:test -f ./sdk_relay/Dockerfile ..
        docker run --rm 4nk-node-sdk-relay:test --version || true

    - name: Test Docker Compose
      run: |
        docker-compose config
        docker-compose build --no-cache

  # Job de tests de documentation
  documentation-tests:
    name: Documentation Tests
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Check markdown links
      run: |
        # Vérification basique des liens markdown
        find . -name "*.md" -exec grep -l "\[.*\](" {} \; | while read file; do
          echo "Checking links in $file"
        done

    - name: Check documentation structure
      run: |
        # Vérifier la présence des fichiers de documentation essentiels
        required_files=(
          "README.md"
          "LICENSE"
          "CONTRIBUTING.md"
          "CHANGELOG.md"
          "CODE_OF_CONDUCT.md"
          "SECURITY.md"
          "docs/INDEX.md"
          "docs/INSTALLATION.md"
          "docs/USAGE.md"
        )

        for file in "${required_files[@]}"; do
          if [[ ! -f "$file" ]]; then
            echo "Missing required documentation file: $file"
            exit 1
          fi
        done

    - name: Validate documentation
      run: |
        # Vérifier la cohérence de la documentation
        if ! grep -q "4NK_node" README.md; then
          echo "README.md should mention '4NK_node'"
          exit 1
        fi

  security-audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Ensure scripts executable
        run: |
          chmod +x scripts/security/audit.sh || true
      - name: Run template security audit
        run: |
          if [ -f scripts/security/audit.sh ]; then
            ./scripts/security/audit.sh
          else
            echo "No security audit script (ok)"
          fi

  # Job de release guard (cohérence release)
  release-guard:
    name: Release Guard
    runs-on: ubuntu-latest
    needs: [code-quality, unit-tests, documentation-tests, security-audit]
    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Ensure guard scripts are executable
      run: |
        chmod +x scripts/release/guard.sh || true
        chmod +x scripts/checks/version_alignment.sh || true

    - name: Version alignment check
      run: |
        if [ -f scripts/checks/version_alignment.sh ]; then
          ./scripts/checks/version_alignment.sh
        else
          echo "No version alignment script (ok)"
        fi

    - name: Release guard (CI verify)
      env:
        RELEASE_TYPE: ci-verify
      run: |
        if [ -f scripts/release/guard.sh ]; then
          ./scripts/release/guard.sh
        else
          echo "No guard script (ok)"
        fi

  # Job de tests de performance
  performance-tests:
    name: Performance Tests
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Setup Rust
      uses: actions-rs/toolchain@v1
      with:
        toolchain: ${{ env.RUST_VERSION }}
        override: true

    - name: Run performance tests
      run: |
        cd sdk_relay
        cargo test --release --test performance_tests || true

    - name: Check memory usage
      run: |
        # Tests de base de consommation mémoire
        echo "Performance tests completed"

  # Job de notification
  notify:
    name: Notify
    runs-on: ubuntu-latest
    needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests]
    if: always()

    steps:
    - name: Notify success
      if: needs.code-quality.result == 'success' && needs.unit-tests.result == 'success' && needs.integration-tests.result == 'success' && needs.security-tests.result == 'success' && needs.docker-build.result == 'success' && needs.documentation-tests.result == 'success'
      run: |
        echo "✅ All tests passed successfully!"

    - name: Notify failure
      if: needs.code-quality.result == 'failure' || needs.unit-tests.result == 'failure' || needs.integration-tests.result == 'failure' || needs.security-tests.result == 'failure' || needs.docker-build.result == 'failure' || needs.documentation-tests.result == 'failure'
      run: |
        echo "❌ Some tests failed!"
        exit 1