diff --git a/.gitea/ISSUE_TEMPLATE/bug_report.md b/.gitea/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 79725f7..0000000 --- a/.gitea/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -name: Bug Report -about: Signaler un bug pour nous aider à améliorer sdk_signer -title: '[BUG] ' -labels: ['bug', 'needs-triage'] -assignees: '' ---- - -## 🐛 Description du Bug - -Description claire et concise du problème. - -## 🔄 Étapes pour Reproduire - -1. Aller à '...' -2. Cliquer sur '...' -3. Faire défiler jusqu'à '...' -4. Voir l'erreur - -## ✅ Comportement Attendu - -Description de ce qui devrait se passer. - -## ❌ Comportement Actuel - -Description de ce qui se passe actuellement. - -## 📸 Capture d'Écran - -Si applicable, ajoutez une capture d'écran pour expliquer votre problème. - -## 💻 Informations Système - -- **OS** : [ex: Ubuntu 20.04, macOS 12.0, Windows 11] -- **Docker** : [ex: 20.10.0] -- **Docker Compose** : [ex: 2.0.0] -- **Version sdk_signer** : [ex: v1.0.0] -- **Architecture** : [ex: x86_64, ARM64] - -## 📋 Configuration - -### Services Actifs -```bash -docker ps -``` - -### Variables d'Environnement -```bash -# Bitcoin Core -BITCOIN_NETWORK=signet -BITCOIN_RPC_PORT=18443 - -# Blindbit -BLINDBIT_PORT=8000 - -# SDK Relay -SDK_RELAY_PORTS=8090-8095 -``` - -## 📝 Logs - -### Logs Pertinents -``` -Logs pertinents ici -``` - -### Logs d'Erreur -``` -Logs d'erreur ici -``` - -### Logs de Debug -``` -Logs de debug ici (si RUST_LOG=debug) -``` - -## 🔧 Tentatives de Résolution - -- [ ] Redémarrage des services -- [ ] Nettoyage des volumes Docker -- [ ] Vérification de la connectivité réseau -- [ ] Mise à jour des dépendances -- [ ] Vérification de la configuration - -## 📚 Contexte Supplémentaire - -Toute autre information pertinente sur le problème. - -## 🔗 Liens Utiles - -- [Documentation](docs/) -- [Guide de Dépannage](docs/TROUBLESHOOTING.md) -- [Issues Similaires](https://git.4nkweb.com/4nk/4NK_node/issues?q=is%3Aissue+is%3Aopen+label%3Abug) - ---- - -**Merci de votre contribution !** 🙏 - diff --git a/.gitea/ISSUE_TEMPLATE/feature_request.md b/.gitea/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 408ea0b..0000000 --- a/.gitea/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -name: Feature Request -about: Proposer une nouvelle fonctionnalité pour sdk_signer -title: '[FEATURE] ' -labels: ['enhancement', 'needs-triage'] -assignees: '' ---- - -## 🚀 Résumé - -Description claire et concise de la fonctionnalité souhaitée. - -## 💡 Motivation - -Pourquoi cette fonctionnalité est-elle nécessaire ? Quels problèmes résout-elle ? - -### Problèmes Actuels -- Problème 1 -- Problème 2 -- Problème 3 - -### Avantages de la Solution -- Avantage 1 -- Avantage 2 -- Avantage 3 - -## 🎯 Proposition - -Description détaillée de la fonctionnalité proposée. - -### Fonctionnalités Principales -- [ ] Fonctionnalité 1 -- [ ] Fonctionnalité 2 -- [ ] Fonctionnalité 3 - -### Interface Utilisateur -Description de l'interface utilisateur si applicable. - -### API Changes -Description des changements d'API si applicable. - -## 🔄 Alternatives Considérées - -Autres solutions envisagées et pourquoi elles n'ont pas été choisies. - -### Alternative 1 -- **Description** : ... -- **Pourquoi rejetée** : ... - -### Alternative 2 -- **Description** : ... -- **Pourquoi rejetée** : ... - -## 📊 Impact - -### Impact sur les Utilisateurs -- Impact positif 1 -- Impact positif 2 -- Impact négatif potentiel (si applicable) - -### Impact sur l'Architecture -- Changements nécessaires -- Compatibilité avec l'existant -- Performance - -### Impact sur la Maintenance -- Complexité ajoutée -- Tests nécessaires -- Documentation requise - -## 💻 Exemples d'Utilisation - -### Cas d'Usage 1 -```bash -# Exemple de commande ou configuration -``` - -### Cas d'Usage 2 -```python -# Exemple de code Python -``` - -### Cas d'Usage 3 -```javascript -// Exemple de code JavaScript -``` - -## 🧪 Tests - -### Tests Nécessaires -- [ ] Tests unitaires -- [ ] Tests d'intégration -- [ ] Tests de performance -- [ ] Tests de sécurité -- [ ] Tests de compatibilité - -### Scénarios de Test -- Scénario 1 -- Scénario 2 -- Scénario 3 - -## 📚 Documentation - -### Documentation Requise -- [ ] Guide d'utilisation -- [ ] Documentation API -- [ ] Exemples de code -- [ ] Guide de migration -- [ ] FAQ - -## 🔧 Implémentation - -### Étapes Proposées -1. **Phase 1** : [Description] -2. **Phase 2** : [Description] -3. **Phase 3** : [Description] - -### Estimation de Temps -- **Développement** : X jours/semaines -- **Tests** : X jours/semaines -- **Documentation** : X jours/semaines -- **Total** : X jours/semaines - -### Ressources Nécessaires -- Développeur(s) -- Testeur(s) -- Documentateur(s) -- Infrastructure - -## 🎯 Critères de Succès - -Comment mesurer le succès de cette fonctionnalité ? - -- [ ] Critère 1 -- [ ] Critère 2 -- [ ] Critère 3 - -## 🔗 Liens Utiles - -- [Documentation existante](docs/) -- [Issues similaires](https://git.4nkweb.com/4nk/4NK_node/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) -- [Roadmap](https://git.4nkweb.com/4nk/4NK_node/projects) -- [Discussions](https://git.4nkweb.com/4nk/4NK_node/issues) - -## 📋 Checklist - -- [ ] J'ai vérifié que cette fonctionnalité n'existe pas déjà -- [ ] J'ai lu la documentation existante -- [ ] J'ai vérifié les issues similaires -- [ ] J'ai fourni des exemples d'utilisation -- [ ] J'ai considéré l'impact sur l'existant -- [ ] J'ai proposé des tests - ---- - -**Merci de votre contribution à l'amélioration de sdk_signer !** 🌟 - diff --git a/.gitea/PULL_REQUEST_TEMPLATE.md b/.gitea/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 86f8703..0000000 --- a/.gitea/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,181 +0,0 @@ -# Pull Request - sdk_signer - -## 📋 Description - -Description claire et concise des changements apportés. - -### Type de Changement -- [ ] 🐛 Bug fix -- [ ] ✨ Nouvelle fonctionnalité -- [ ] 📚 Documentation -- [ ] 🧪 Tests -- [ ] 🔧 Refactoring -- [ ] 🚀 Performance -- [ ] 🔒 Sécurité -- [ ] 🎨 Style/UI -- [ ] 🏗️ Architecture -- [ ] 📦 Build/CI - -### Composants Affectés -- [ ] Bitcoin Core -- [ ] Blindbit -- [ ] SDK Relay -- [ ] Tor -- [ ] Docker/Infrastructure -- [ ] Tests -- [ ] Documentation -- [ ] Scripts - -## 🔗 Issue(s) Liée(s) - -Fixes #(issue) -Relates to #(issue) - -## 🧪 Tests - -### Tests Exécutés -- [ ] Tests unitaires -- [ ] Tests d'intégration -- [ ] Tests de connectivité -- [ ] Tests externes -- [ ] Tests de performance - -### Commandes de Test -```bash -# Tests complets -./tests/run_all_tests.sh - -# Tests spécifiques -./tests/run_unit_tests.sh -./tests/run_integration_tests.sh -``` - -### Résultats des Tests -``` -Résultats des tests ici -``` - -## 📸 Captures d'Écran - -Si applicable, ajoutez des captures d'écran pour les changements visuels. - -## 🔧 Changements Techniques - -### Fichiers Modifiés -- `fichier1.rs` - Description des changements -- `fichier2.py` - Description des changements -- `docker-compose.yml` - Description des changements - -### Nouveaux Fichiers -- `nouveau_fichier.rs` - Description -- `nouveau_script.sh` - Description - -### Fichiers Supprimés -- `ancien_fichier.rs` - Raison de la suppression - -### Changements de Configuration -```yaml -# Exemple de changement de configuration -service: - new_option: value -``` - -## 📚 Documentation - -### Documentation Mise à Jour -- [ ] README.md -- [ ] docs/INSTALLATION.md -- [ ] docs/USAGE.md -- [ ] docs/API.md -- [ ] docs/ARCHITECTURE.md - -### Nouvelle Documentation -- [ ] Nouveau guide créé -- [ ] Exemples ajoutés -- [ ] API documentée - -## 🔍 Code Review Checklist - -### Code Quality -- [ ] Le code suit les standards du projet -- [ ] Les noms de variables/fonctions sont clairs -- [ ] Les commentaires sont appropriés -- [ ] Pas de code mort ou commenté -- [ ] Gestion d'erreurs appropriée - -### Performance -- [ ] Pas de régression de performance -- [ ] Optimisations appliquées si nécessaire -- [ ] Tests de performance ajoutés - -### Sécurité -- [ ] Pas de vulnérabilités introduites -- [ ] Validation des entrées utilisateur -- [ ] Gestion sécurisée des secrets - -### Tests -- [ ] Couverture de tests suffisante -- [ ] Tests pour les cas d'erreur -- [ ] Tests d'intégration si nécessaire - -### Documentation -- [ ] Code auto-documenté -- [ ] Documentation mise à jour -- [ ] Exemples fournis - -## 🚀 Déploiement - -### Impact sur le Déploiement -- [ ] Aucun impact -- [ ] Migration de données requise -- [ ] Changement de configuration -- [ ] Redémarrage des services - -### Étapes de Déploiement -```bash -# Étapes pour déployer les changements -``` - -## 📊 Métriques - -### Impact sur les Performances -- Temps de réponse : +/- X% -- Utilisation mémoire : +/- X% -- Utilisation CPU : +/- X% - -### Impact sur la Stabilité -- Taux d'erreur : +/- X% -- Disponibilité : +/- X% - -## 🔄 Compatibilité - -### Compatibilité Ascendante -- [ ] Compatible avec les versions précédentes -- [ ] Migration automatique -- [ ] Migration manuelle requise - -### Compatibilité Descendante -- [ ] Compatible avec les futures versions -- [ ] API stable -- [ ] Configuration stable - -## 🎯 Critères de Succès - -- [ ] Critère 1 -- [ ] Critère 2 -- [ ] Critère 3 - -## 📝 Notes Supplémentaires - -Informations supplémentaires importantes pour les reviewers. - -## 🔗 Liens Utiles - -- [Documentation](docs/) -- [Tests](tests/) -- [Issues liées](https://git.4nkweb.com/4nk/4NK_node/issues) - ---- - -**Merci pour votre contribution !** 🙏 - diff --git a/.gitea/README.md b/.gitea/README.md deleted file mode 100644 index 3a1b4d4..0000000 --- a/.gitea/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# .gitea - -Fichiers de configuration Gitea (issues, templates, workflows) à ajouter au besoin. - diff --git a/.gitea/workflows/LOCAL_OVERRIDES.yml b/.gitea/workflows/LOCAL_OVERRIDES.yml deleted file mode 100644 index 235d535..0000000 --- a/.gitea/workflows/LOCAL_OVERRIDES.yml +++ /dev/null @@ -1,15 +0,0 @@ -# LOCAL_OVERRIDES.yml — dérogations locales contrôlées -overrides: - - path: ".gitea/workflows/ci.yml" - reason: "spécificité d’environnement" - owner: "@maintainer_handle" - expires: "2025-12-31" - - path: "scripts/auto-ssh-push.sh" - reason: "flux particulier temporaire" - owner: "@maintainer_handle" - expires: "2025-10-01" -policy: - allow_only_listed_paths: true - require_expiry: true - audit_in_ci: true - diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml deleted file mode 100644 index 1787dce..0000000 --- a/.gitea/workflows/ci.yml +++ /dev/null @@ -1,486 +0,0 @@ -name: CI - 4NK Node - -on: - push: - branches: [ main, develop ] - tags: - - 'v*' - pull_request: - branches: [ main, develop ] - -env: - RUST_VERSION: '1.70' - DOCKER_COMPOSE_VERSION: '2.20.0' - CI_SKIP: 'true' - -jobs: - # Job de vérification du code - code-quality: - name: Code Quality - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Cache Rust dependencies - uses: actions/cache@v3 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo- - - - name: Run clippy - run: | - cd sdk_relay - cargo clippy --all-targets --all-features -- -D warnings - - - name: Run rustfmt - run: | - cd sdk_relay - cargo fmt --all -- --check - - - name: Check documentation - run: | - cd sdk_relay - cargo doc --no-deps - - - name: Check for TODO/FIXME - run: | - if grep -r "TODO\|FIXME" . --exclude-dir=.git --exclude-dir=target; then - echo "Found TODO/FIXME comments. Please address them." - exit 1 - fi - - # Job de tests unitaires - unit-tests: - name: Unit Tests - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Cache Rust dependencies - uses: actions/cache@v3 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo- - - - name: Run unit tests - run: | - cd sdk_relay - cargo test --lib --bins - - - name: Run integration tests - run: | - cd sdk_relay - cargo test --tests - - # Job de tests d'intégration - integration-tests: - name: Integration Tests - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - services: - docker: - image: docker:24.0.5 - options: >- - --health-cmd "docker info" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 2375:2375 - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build Docker images - run: | - docker build -t 4nk-node-bitcoin ./bitcoin - docker build -t 4nk-node-blindbit ./blindbit - docker build -t 4nk-node-sdk-relay -f ./sdk_relay/Dockerfile .. - - - name: Run integration tests - run: | - # Tests de connectivité de base - ./tests/run_connectivity_tests.sh || true - - # Tests d'intégration - ./tests/run_integration_tests.sh || true - - - name: Upload test results - uses: actions/upload-artifact@v3 - if: always() - with: - name: test-results - path: | - tests/logs/ - tests/reports/ - retention-days: 7 - - # Job de tests de sécurité - security-tests: - name: Security Tests - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Run cargo audit - run: | - cd sdk_relay - cargo audit --deny warnings - - - name: Check for secrets - run: | - # Vérifier les secrets potentiels - if grep -r "password\|secret\|key\|token" . --exclude-dir=.git --exclude-dir=target --exclude=*.md; then - echo "Potential secrets found. Please review." - exit 1 - fi - - - name: Check file permissions - run: | - # Vérifier les permissions sensibles - find . -type f -perm /0111 -name "*.conf" -o -name "*.key" -o -name "*.pem" | while read file; do - if [[ $(stat -c %a "$file") != "600" ]]; then - echo "Warning: $file has insecure permissions" - fi - done - - # Job de build et test Docker - docker-build: - name: Docker Build & Test - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - services: - docker: - image: docker:24.0.5 - options: >- - --health-cmd "docker info" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 2375:2375 - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and test Bitcoin Core - run: | - docker build -t 4nk-node-bitcoin:test ./bitcoin - docker run --rm 4nk-node-bitcoin:test bitcoin-cli --version - - - name: Build and test Blindbit - run: | - docker build -t 4nk-node-blindbit:test ./blindbit - docker run --rm 4nk-node-blindbit:test --version || true - - - name: Build and test SDK Relay - run: | - docker build -t 4nk-node-sdk-relay:test -f ./sdk_relay/Dockerfile .. - docker run --rm 4nk-node-sdk-relay:test --version || true - - - name: Test Docker Compose - run: | - docker-compose config - docker-compose build --no-cache - - # Job de tests de documentation - documentation-tests: - name: Documentation Tests - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Check markdown links - run: | - # Vérification basique des liens markdown - find . -name "*.md" -exec grep -l "\[.*\](" {} \; | while read file; do - echo "Checking links in $file" - done - - markdownlint: - name: Markdown Lint - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Run markdownlint - run: | - npm --version || (curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt-get install -y nodejs) - npx -y markdownlint-cli@0.42.0 "**/*.md" --ignore "archive/**" - - - name: Check documentation structure - run: | - # Vérifier la présence des fichiers de documentation essentiels - required_files=( - "README.md" - "LICENSE" - "CONTRIBUTING.md" - "CHANGELOG.md" - "CODE_OF_CONDUCT.md" - "SECURITY.md" - ) - - for file in "${required_files[@]}"; do - if [[ ! -f "$file" ]]; then - echo "Missing required documentation file: $file" - exit 1 - fi - done - - bash-required: - name: Bash Requirement - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Verify bash availability - run: | - if ! command -v bash >/dev/null 2>&1; then - echo "bash is required for agents and scripts"; exit 1; - fi - - name: Verify agents runner exists - run: | - if [ ! -f scripts/agents/run.sh ]; then - echo "scripts/agents/run.sh is missing"; exit 1; - fi - - agents-smoke: - name: Agents Smoke (no AI) - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Ensure agents scripts executable - run: | - chmod +x scripts/agents/*.sh || true - - name: Run agents without AI - env: - OPENAI_API_KEY: "" - run: | - scripts/agents/run.sh - - name: Upload agents reports - uses: actions/upload-artifact@v3 - with: - name: agents-reports - path: tests/reports/agents - - openia-agents: - name: Agents with OpenIA - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' && secrets.OPENAI_API_KEY != '' }} - env: - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - OPENAI_MODEL: ${{ vars.OPENAI_MODEL }} - OPENAI_API_BASE: ${{ vars.OPENAI_API_BASE }} - OPENAI_TEMPERATURE: ${{ vars.OPENAI_TEMPERATURE }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Ensure agents scripts executable - run: | - chmod +x scripts/agents/*.sh || true - - name: Run agents with AI - run: | - scripts/agents/run.sh - - name: Upload agents reports - uses: actions/upload-artifact@v3 - with: - name: agents-reports-ai - path: tests/reports/agents - - deployment-checks: - name: Deployment Checks - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Validate deployment documentation - run: | - if [ ! -f docs/DEPLOYMENT.md ]; then - echo "Missing docs/DEPLOYMENT.md"; exit 1; fi - if [ ! -f docs/SSH_UPDATE.md ]; then - echo "Missing docs/SSH_UPDATE.md"; exit 1; fi - - name: Ensure tests directories exist - run: | - mkdir -p tests/logs tests/reports || true - echo "OK" - - security-audit: - name: Security Audit - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Ensure scripts executable - run: | - chmod +x scripts/security/audit.sh || true - - name: Run template security audit - run: | - if [ -f scripts/security/audit.sh ]; then - ./scripts/security/audit.sh - else - echo "No security audit script (ok)" - fi - - # Job de release guard (cohérence release) - release-guard: - name: Release Guard - runs-on: [self-hosted, linux] - needs: [code-quality, unit-tests, documentation-tests, markdownlint, security-audit, deployment-checks, bash-required] - if: ${{ env.CI_SKIP != 'true' }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Ensure guard scripts are executable - run: | - chmod +x scripts/release/guard.sh || true - chmod +x scripts/checks/version_alignment.sh || true - - - name: Version alignment check - run: | - if [ -f scripts/checks/version_alignment.sh ]; then - ./scripts/checks/version_alignment.sh - else - echo "No version alignment script (ok)" - fi - - - name: Release guard (CI verify) - env: - RELEASE_TYPE: ci-verify - run: | - if [ -f scripts/release/guard.sh ]; then - ./scripts/release/guard.sh - else - echo "No guard script (ok)" - fi - - release-create: - name: Create Release (Gitea API) - runs-on: ubuntu-latest - needs: [release-guard] - if: ${{ env.CI_SKIP != 'true' && startsWith(github.ref, 'refs/tags/') }} - env: - RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} - BASE_URL: ${{ vars.BASE_URL }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Validate token and publish release - run: | - set -e - if [ -z "${RELEASE_TOKEN}" ]; then - echo "RELEASE_TOKEN secret is missing" >&2; exit 1; fi - if [ -z "${BASE_URL}" ]; then - BASE_URL="https://git.4nkweb.com"; fi - TAG="${GITHUB_REF##*/}" - REPO="${GITHUB_REPOSITORY}" - OWNER="${REPO%%/*}" - NAME="${REPO##*/}" - echo "Publishing release ${TAG} to ${BASE_URL}/${OWNER}/${NAME}" - curl -sSf -X POST \ - -H "Authorization: token ${RELEASE_TOKEN}" \ - -H "Content-Type: application/json" \ - -d "{\"tag_name\":\"${TAG}\",\"name\":\"${TAG}\",\"draft\":false,\"prerelease\":false}" \ - "${BASE_URL}/api/v1/repos/${OWNER}/${NAME}/releases" >/dev/null - echo "Release created" - - # Job de tests de performance - performance-tests: - name: Performance Tests - runs-on: [self-hosted, linux] - if: ${{ env.CI_SKIP != 'true' }} - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Run performance tests - run: | - cd sdk_relay - cargo test --release --test performance_tests || true - - - name: Check memory usage - run: | - # Tests de base de consommation mémoire - echo "Performance tests completed" - - # Job de notification - notify: - name: Notify - runs-on: [self-hosted, linux] - needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests] - if: ${{ env.CI_SKIP != 'true' && always() }} - - steps: - - name: Notify success - if: needs.code-quality.result == 'success' && needs.unit-tests.result == 'success' && needs.integration-tests.result == 'success' && needs.security-tests.result == 'success' && needs.docker-build.result == 'success' && needs.documentation-tests.result == 'success' - run: | - echo "✅ All tests passed successfully!" - - - name: Notify failure - if: needs.code-quality.result == 'failure' || needs.unit-tests.result == 'failure' || needs.integration-tests.result == 'failure' || needs.security-tests.result == 'failure' || needs.docker-build.result == 'failure' || needs.documentation-tests.result == 'failure' - run: | - echo "❌ Some tests failed!" - exit 1 diff --git a/.gitea/workflows/ci.yml.bak b/.gitea/workflows/ci.yml.bak deleted file mode 100644 index c24f0b7..0000000 --- a/.gitea/workflows/ci.yml.bak +++ /dev/null @@ -1,352 +0,0 @@ -name: CI - sdk_signer - -on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main, develop ] - -env: - RUST_VERSION: '1.70' - DOCKER_COMPOSE_VERSION: '2.20.0' - -jobs: - # Job de vérification du code - code-quality: - name: Code Quality - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Cache Rust dependencies - uses: actions/cache@v3 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo- - - - name: Run clippy - run: | - cargo clippy --all-targets --all-features -- -D warnings - - - name: Run rustfmt - run: | - cargo fmt --all -- --check - - - name: Check documentation - run: | - cargo doc --no-deps - - - name: Check for TODO/FIXME - run: | - if grep -r "TODO\|FIXME" . --exclude-dir=.git --exclude-dir=target; then - echo "Found TODO/FIXME comments. Please address them." - exit 1 - fi - - # Job de tests unitaires - unit-tests: - name: Unit Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Cache Rust dependencies - uses: actions/cache@v3 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo- - - - name: Run unit tests - run: | - cargo test --lib --bins - - - name: Run integration tests - run: | - cargo test --tests - - # Job de tests d'intégration - integration-tests: - name: Integration Tests - runs-on: ubuntu-latest - - services: - docker: - image: docker:24.0.5 - options: >- - --health-cmd "docker info" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 2375:2375 - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build Docker images - run: | - docker build -t 4nk-node-bitcoin ./bitcoin - docker build -t 4nk-node-blindbit ./blindbit - docker build -t 4nk-node-sdk-relay -f ./sdk_relay/Dockerfile .. - - - name: Run integration tests - run: | - # Tests de connectivité de base - ./tests/run_connectivity_tests.sh || true - - # Tests d'intégration - ./tests/run_integration_tests.sh || true - - - name: Upload test results - uses: actions/upload-artifact@v3 - if: always() - with: - name: test-results - path: | - tests/logs/ - tests/reports/ - retention-days: 7 - - # Job de tests de sécurité - security-tests: - name: Security Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Run cargo audit - run: | - cargo audit --deny warnings - - - name: Check for secrets - run: | - # Vérifier les secrets potentiels - if grep -r "password\|secret\|key\|token" . --exclude-dir=.git --exclude-dir=target --exclude=*.md; then - echo "Potential secrets found. Please review." - exit 1 - fi - - - name: Check file permissions - run: | - # Vérifier les permissions sensibles - find . -type f -perm /0111 -name "*.conf" -o -name "*.key" -o -name "*.pem" | while read file; do - if [[ $(stat -c %a "$file") != "600" ]]; then - echo "Warning: $file has insecure permissions" - fi - done - - # Job de build et test Docker - docker-build: - name: Docker Build & Test - runs-on: ubuntu-latest - - services: - docker: - image: docker:24.0.5 - options: >- - --health-cmd "docker info" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - ports: - - 2375:2375 - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and test Bitcoin Core - run: | - docker build -t 4nk-node-bitcoin:test ./bitcoin - docker run --rm 4nk-node-bitcoin:test bitcoin-cli --version - - - name: Build and test Blindbit - run: | - docker build -t 4nk-node-blindbit:test ./blindbit - docker run --rm 4nk-node-blindbit:test --version || true - - - name: Build and test SDK Relay - run: | - docker build -t 4nk-node-sdk-relay:test -f ./sdk_relay/Dockerfile .. - docker run --rm 4nk-node-sdk-relay:test --version || true - - - name: Test Docker Compose - run: | - docker-compose config - docker-compose build --no-cache - - # Job de tests de documentation - documentation-tests: - name: Documentation Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Check markdown links - run: | - # Vérification basique des liens markdown - find . -name "*.md" -exec grep -l "\[.*\](" {} \; | while read file; do - echo "Checking links in $file" - done - - - name: Check documentation structure - run: | - # Vérifier la présence des fichiers de documentation essentiels - required_files=( - "README.md" - "LICENSE" - "CONTRIBUTING.md" - "CHANGELOG.md" - "CODE_OF_CONDUCT.md" - "SECURITY.md" - "docs/INDEX.md" - "docs/INSTALLATION.md" - "docs/USAGE.md" - ) - - for file in "${required_files[@]}"; do - if [[ ! -f "$file" ]]; then - echo "Missing required documentation file: $file" - exit 1 - fi - done - - - name: Validate documentation - run: | - echo "Documentation checks completed" - - security-audit: - name: Security Audit - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Ensure scripts executable - run: | - chmod +x scripts/security/audit.sh || true - - name: Run template security audit - run: | - if [ -f scripts/security/audit.sh ]; then - ./scripts/security/audit.sh - else - echo "No security audit script (ok)" - fi - - # Job de release guard (cohérence release) - release-guard: - name: Release Guard - runs-on: ubuntu-latest - needs: [code-quality, unit-tests, documentation-tests, security-audit] - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Ensure guard scripts are executable - run: | - chmod +x scripts/release/guard.sh || true - chmod +x scripts/checks/version_alignment.sh || true - - - name: Version alignment check - run: | - if [ -f scripts/checks/version_alignment.sh ]; then - ./scripts/checks/version_alignment.sh - else - echo "No version alignment script (ok)" - fi - - - name: Release guard (CI verify) - env: - RELEASE_TYPE: ci-verify - run: | - if [ -f scripts/release/guard.sh ]; then - ./scripts/release/guard.sh - else - echo "No guard script (ok)" - fi - - # Job de tests de performance - performance-tests: - name: Performance Tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Setup Rust - uses: actions-rs/toolchain@v1 - with: - toolchain: ${{ env.RUST_VERSION }} - override: true - - - name: Run performance tests - run: | - cd sdk_relay - cargo test --release --test performance_tests || true - - - name: Check memory usage - run: | - # Tests de base de consommation mémoire - echo "Performance tests completed" - - # Job de notification - notify: - name: Notify - runs-on: ubuntu-latest - needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests] - if: always() - - steps: - - name: Notify success - if: needs.code-quality.result == 'success' && needs.unit-tests.result == 'success' && needs.integration-tests.result == 'success' && needs.security-tests.result == 'success' && needs.docker-build.result == 'success' && needs.documentation-tests.result == 'success' - run: | - echo "✅ All tests passed successfully!" - - - name: Notify failure - if: needs.code-quality.result == 'failure' || needs.unit-tests.result == 'failure' || needs.integration-tests.result == 'failure' || needs.security-tests.result == 'failure' || needs.docker-build.result == 'failure' || needs.documentation-tests.result == 'failure' - run: | - echo "❌ Some tests failed!" - exit 1 diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml deleted file mode 100644 index 8e21a14..0000000 --- a/.gitea/workflows/release.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Release - -on: - push: - tags: - - 'v*.*.*' - -jobs: - docker-release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: '20' - - name: Login to DockerHub - if: ${{ secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Extract version - id: vars - run: echo "version=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - - name: Build image - run: docker build -t ${DOCKER_IMAGE:-sdk-signer}:${{ steps.vars.outputs.version }} . - - name: Push image - if: ${{ secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN }} - run: | - IMAGE=${DOCKER_IMAGE:-sdk-signer} - docker tag $IMAGE:${{ steps.vars.outputs.version }} $IMAGE:latest - docker push $IMAGE:${{ steps.vars.outputs.version }} - docker push $IMAGE:latest - diff --git a/.gitea/workflows/template-sync.yml b/.gitea/workflows/template-sync.yml deleted file mode 100644 index b1dba5f..0000000 --- a/.gitea/workflows/template-sync.yml +++ /dev/null @@ -1,40 +0,0 @@ -# .gitea/workflows/template-sync.yml — synchronisation et contrôles d’intégrité -name: 4NK Template Sync -on: - schedule: # planification régulière - - cron: "0 4 * * 1" # exécution hebdomadaire (UTC) - workflow_dispatch: {} # déclenchement manuel - -jobs: - check-and-sync: - runs-on: linux - steps: - - name: Lire TEMPLATE_VERSION et .4nk-sync.yml - # Doit charger ref courant, source_repo et périmètre paths - - - name: Récupérer la version publiée du template/4NK_rules - # Doit comparer TEMPLATE_VERSION avec ref amont - - - name: Créer branche de synchronisation si divergence - # Doit créer chore/template-sync- et préparer un commit - - - name: Synchroniser les chemins autoritatifs - # Doit mettre à jour .cursor/**, .gitea/**, AGENTS.md, scripts/**, docs/SSH_UPDATE.md - - - name: Contrôles post-sync (bloquants) - # 1) Vérifier présence et exécutable des scripts/*.sh - # 2) Vérifier mise à jour CHANGELOG.md et docs/INDEX.md - # 3) Vérifier docs/SSH_UPDATE.md si scripts/** a changé - # 4) Vérifier absence de secrets en clair dans scripts/** - # 5) Vérifier manifest_checksum si publié - - - name: Tests, lint, sécurité statique - # Doit exiger un état vert - - - name: Ouvrir PR de synchronisation - # Titre: "[template-sync] chore: aligner .cursor/.gitea/AGENTS.md/scripts" - # Doit inclure résumé des fichiers modifiés et la version appliquée - - - name: Mettre à jour TEMPLATE_VERSION (dans PR) - # Doit remplacer la valeur par la ref appliquée - diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..784e0ba --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,44 @@ +name: Build and Push to Registry + +on: + push: + branches: [ dev ] + +env: + REGISTRY: git.4nkweb.com + IMAGE_NAME: 4nk/sdk_signer + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up SSH agent + uses: webfactory/ssh-agent@v0.9.1 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.USER }} + password: ${{ secrets.TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: true + ssh: default + build-args: | + ENV_VARS=${{ secrets.ENV_VARS }} + tags: | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:dev + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ gitea.sha }} \ No newline at end of file