473 lines
13 KiB
YAML
473 lines
13 KiB
YAML
name: CI - 4NK Node
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
tags:
|
|
- 'v*'
|
|
pull_request:
|
|
branches: [ main, develop ]
|
|
|
|
env:
|
|
RUST_VERSION: '1.70'
|
|
DOCKER_COMPOSE_VERSION: '2.20.0'
|
|
|
|
jobs:
|
|
# Job de vérification du code
|
|
code-quality:
|
|
name: Code Quality
|
|
runs-on: [self-hosted, linux]
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup Rust
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: ${{ env.RUST_VERSION }}
|
|
override: true
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
target
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-
|
|
|
|
- name: Run clippy
|
|
run: |
|
|
cd sdk_relay
|
|
cargo clippy --all-targets --all-features -- -D warnings
|
|
|
|
- name: Run rustfmt
|
|
run: |
|
|
cd sdk_relay
|
|
cargo fmt --all -- --check
|
|
|
|
- name: Check documentation
|
|
run: |
|
|
cd sdk_relay
|
|
cargo doc --no-deps
|
|
|
|
- name: Check for TODO/FIXME
|
|
run: |
|
|
if grep -r "TODO\|FIXME" . --exclude-dir=.git --exclude-dir=target; then
|
|
echo "Found TODO/FIXME comments. Please address them."
|
|
exit 1
|
|
fi
|
|
|
|
# Job de tests unitaires
|
|
unit-tests:
|
|
name: Unit Tests
|
|
runs-on: [self-hosted, linux]
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup Rust
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: ${{ env.RUST_VERSION }}
|
|
override: true
|
|
|
|
- name: Cache Rust dependencies
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
target
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-
|
|
|
|
- name: Run unit tests
|
|
run: |
|
|
cd sdk_relay
|
|
cargo test --lib --bins
|
|
|
|
- name: Run integration tests
|
|
run: |
|
|
cd sdk_relay
|
|
cargo test --tests
|
|
|
|
# Job de tests d'intégration
|
|
integration-tests:
|
|
name: Integration Tests
|
|
runs-on: [self-hosted, linux]
|
|
|
|
services:
|
|
docker:
|
|
image: docker:24.0.5
|
|
options: >-
|
|
--health-cmd "docker info"
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
ports:
|
|
- 2375:2375
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build Docker images
|
|
run: |
|
|
docker build -t 4nk-node-bitcoin ./bitcoin
|
|
docker build -t 4nk-node-blindbit ./blindbit
|
|
docker build -t 4nk-node-sdk-relay -f ./sdk_relay/Dockerfile ..
|
|
|
|
- name: Run integration tests
|
|
run: |
|
|
# Tests de connectivité de base
|
|
./tests/run_connectivity_tests.sh || true
|
|
|
|
# Tests d'intégration
|
|
./tests/run_integration_tests.sh || true
|
|
|
|
- name: Upload test results
|
|
uses: actions/upload-artifact@v3
|
|
if: always()
|
|
with:
|
|
name: test-results
|
|
path: |
|
|
tests/logs/
|
|
tests/reports/
|
|
retention-days: 7
|
|
|
|
# Job de tests de sécurité
|
|
security-tests:
|
|
name: Security Tests
|
|
runs-on: [self-hosted, linux]
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup Rust
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: ${{ env.RUST_VERSION }}
|
|
override: true
|
|
|
|
- name: Run cargo audit
|
|
run: |
|
|
cd sdk_relay
|
|
cargo audit --deny warnings
|
|
|
|
- name: Check for secrets
|
|
run: |
|
|
# Vérifier les secrets potentiels
|
|
if grep -r "password\|secret\|key\|token" . --exclude-dir=.git --exclude-dir=target --exclude=*.md; then
|
|
echo "Potential secrets found. Please review."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check file permissions
|
|
run: |
|
|
# Vérifier les permissions sensibles
|
|
find . -type f -perm /0111 -name "*.conf" -o -name "*.key" -o -name "*.pem" | while read file; do
|
|
if [[ $(stat -c %a "$file") != "600" ]]; then
|
|
echo "Warning: $file has insecure permissions"
|
|
fi
|
|
done
|
|
|
|
# Job de build et test Docker
|
|
docker-build:
|
|
name: Docker Build & Test
|
|
runs-on: [self-hosted, linux]
|
|
|
|
services:
|
|
docker:
|
|
image: docker:24.0.5
|
|
options: >-
|
|
--health-cmd "docker info"
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
ports:
|
|
- 2375:2375
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build and test Bitcoin Core
|
|
run: |
|
|
docker build -t 4nk-node-bitcoin:test ./bitcoin
|
|
docker run --rm 4nk-node-bitcoin:test bitcoin-cli --version
|
|
|
|
- name: Build and test Blindbit
|
|
run: |
|
|
docker build -t 4nk-node-blindbit:test ./blindbit
|
|
docker run --rm 4nk-node-blindbit:test --version || true
|
|
|
|
- name: Build and test SDK Relay
|
|
run: |
|
|
docker build -t 4nk-node-sdk-relay:test -f ./sdk_relay/Dockerfile ..
|
|
docker run --rm 4nk-node-sdk-relay:test --version || true
|
|
|
|
- name: Test Docker Compose
|
|
run: |
|
|
docker-compose config
|
|
docker-compose build --no-cache
|
|
|
|
# Job de tests de documentation
|
|
documentation-tests:
|
|
name: Documentation Tests
|
|
runs-on: [self-hosted, linux]
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Check markdown links
|
|
run: |
|
|
# Vérification basique des liens markdown
|
|
find . -name "*.md" -exec grep -l "\[.*\](" {} \; | while read file; do
|
|
echo "Checking links in $file"
|
|
done
|
|
|
|
markdownlint:
|
|
name: Markdown Lint
|
|
runs-on: [self-hosted, linux]
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Run markdownlint
|
|
run: |
|
|
npm --version || (curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs)
|
|
npx -y markdownlint-cli@0.42.0 "**/*.md" --ignore "archive/**"
|
|
|
|
- name: Check documentation structure
|
|
run: |
|
|
# Vérifier la présence des fichiers de documentation essentiels
|
|
required_files=(
|
|
"README.md"
|
|
"LICENSE"
|
|
"CONTRIBUTING.md"
|
|
"CHANGELOG.md"
|
|
"CODE_OF_CONDUCT.md"
|
|
"SECURITY.md"
|
|
)
|
|
|
|
for file in "${required_files[@]}"; do
|
|
if [[ ! -f "$file" ]]; then
|
|
echo "Missing required documentation file: $file"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
bash-required:
|
|
name: Bash Requirement
|
|
runs-on: [self-hosted, linux]
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Verify bash availability
|
|
run: |
|
|
if ! command -v bash >/dev/null 2>&1; then
|
|
echo "bash is required for agents and scripts"; exit 1;
|
|
fi
|
|
- name: Verify agents runner exists
|
|
run: |
|
|
if [ ! -f scripts/agents/run.sh ]; then
|
|
echo "scripts/agents/run.sh is missing"; exit 1;
|
|
fi
|
|
|
|
agents-smoke:
|
|
name: Agents Smoke (no AI)
|
|
runs-on: [self-hosted, linux]
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Ensure agents scripts executable
|
|
run: |
|
|
chmod +x scripts/agents/*.sh || true
|
|
- name: Run agents without AI
|
|
env:
|
|
OPENAI_API_KEY: ""
|
|
run: |
|
|
scripts/agents/run.sh
|
|
- name: Upload agents reports
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: agents-reports
|
|
path: tests/reports/agents
|
|
|
|
openia-agents:
|
|
name: Agents with OpenIA
|
|
runs-on: [self-hosted, linux]
|
|
if: ${{ secrets.OPENAI_API_KEY != '' }}
|
|
env:
|
|
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
|
OPENAI_MODEL: ${{ vars.OPENAI_MODEL }}
|
|
OPENAI_API_BASE: ${{ vars.OPENAI_API_BASE }}
|
|
OPENAI_TEMPERATURE: ${{ vars.OPENAI_TEMPERATURE }}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Ensure agents scripts executable
|
|
run: |
|
|
chmod +x scripts/agents/*.sh || true
|
|
- name: Run agents with AI
|
|
run: |
|
|
scripts/agents/run.sh
|
|
- name: Upload agents reports
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: agents-reports-ai
|
|
path: tests/reports/agents
|
|
|
|
deployment-checks:
|
|
name: Deployment Checks
|
|
runs-on: [self-hosted, linux]
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Validate deployment documentation
|
|
run: |
|
|
if [ ! -f docs/DEPLOYMENT.md ]; then
|
|
echo "Missing docs/DEPLOYMENT.md"; exit 1; fi
|
|
if [ ! -f docs/SSH_UPDATE.md ]; then
|
|
echo "Missing docs/SSH_UPDATE.md"; exit 1; fi
|
|
- name: Ensure tests directories exist
|
|
run: |
|
|
mkdir -p tests/logs tests/reports || true
|
|
echo "OK"
|
|
|
|
security-audit:
|
|
name: Security Audit
|
|
runs-on: [self-hosted, linux]
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Ensure scripts executable
|
|
run: |
|
|
chmod +x scripts/security/audit.sh || true
|
|
- name: Run template security audit
|
|
run: |
|
|
if [ -f scripts/security/audit.sh ]; then
|
|
./scripts/security/audit.sh
|
|
else
|
|
echo "No security audit script (ok)"
|
|
fi
|
|
|
|
# Job de release guard (cohérence release)
|
|
release-guard:
|
|
name: Release Guard
|
|
runs-on: [self-hosted, linux]
|
|
needs: [code-quality, unit-tests, documentation-tests, markdownlint, security-audit, deployment-checks, bash-required]
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Ensure guard scripts are executable
|
|
run: |
|
|
chmod +x scripts/release/guard.sh || true
|
|
chmod +x scripts/checks/version_alignment.sh || true
|
|
|
|
- name: Version alignment check
|
|
run: |
|
|
if [ -f scripts/checks/version_alignment.sh ]; then
|
|
./scripts/checks/version_alignment.sh
|
|
else
|
|
echo "No version alignment script (ok)"
|
|
fi
|
|
|
|
- name: Release guard (CI verify)
|
|
env:
|
|
RELEASE_TYPE: ci-verify
|
|
run: |
|
|
if [ -f scripts/release/guard.sh ]; then
|
|
./scripts/release/guard.sh
|
|
else
|
|
echo "No guard script (ok)"
|
|
fi
|
|
|
|
release-create:
|
|
name: Create Release (Gitea API)
|
|
runs-on: ubuntu-latest
|
|
needs: [release-guard]
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
env:
|
|
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
|
|
BASE_URL: ${{ vars.BASE_URL }}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Validate token and publish release
|
|
run: |
|
|
set -e
|
|
if [ -z "${RELEASE_TOKEN}" ]; then
|
|
echo "RELEASE_TOKEN secret is missing" >&2; exit 1; fi
|
|
if [ -z "${BASE_URL}" ]; then
|
|
BASE_URL="https://git.4nkweb.com"; fi
|
|
TAG="${GITHUB_REF##*/}"
|
|
REPO="${GITHUB_REPOSITORY}"
|
|
OWNER="${REPO%%/*}"
|
|
NAME="${REPO##*/}"
|
|
echo "Publishing release ${TAG} to ${BASE_URL}/${OWNER}/${NAME}"
|
|
curl -sSf -X POST \
|
|
-H "Authorization: token ${RELEASE_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"tag_name\":\"${TAG}\",\"name\":\"${TAG}\",\"draft\":false,\"prerelease\":false}" \
|
|
"${BASE_URL}/api/v1/repos/${OWNER}/${NAME}/releases" >/dev/null
|
|
echo "Release created"
|
|
|
|
# Job de tests de performance
|
|
performance-tests:
|
|
name: Performance Tests
|
|
runs-on: [self-hosted, linux]
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup Rust
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: ${{ env.RUST_VERSION }}
|
|
override: true
|
|
|
|
- name: Run performance tests
|
|
run: |
|
|
cd sdk_relay
|
|
cargo test --release --test performance_tests || true
|
|
|
|
- name: Check memory usage
|
|
run: |
|
|
# Tests de base de consommation mémoire
|
|
echo "Performance tests completed"
|
|
|
|
# Job de notification
|
|
notify:
|
|
name: Notify
|
|
runs-on: [self-hosted, linux]
|
|
needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests]
|
|
if: always()
|
|
|
|
steps:
|
|
- name: Notify success
|
|
if: needs.code-quality.result == 'success' && needs.unit-tests.result == 'success' && needs.integration-tests.result == 'success' && needs.security-tests.result == 'success' && needs.docker-build.result == 'success' && needs.documentation-tests.result == 'success'
|
|
run: |
|
|
echo "✅ All tests passed successfully!"
|
|
|
|
- name: Notify failure
|
|
if: needs.code-quality.result == 'failure' || needs.unit-tests.result == 'failure' || needs.integration-tests.result == 'failure' || needs.security-tests.result == 'failure' || needs.docker-build.result == 'failure' || needs.documentation-tests.result == 'failure'
|
|
run: |
|
|
echo "❌ Some tests failed!"
|
|
exit 1
|