name: CI - sdk_signer on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] env: RUST_VERSION: '1.70' DOCKER_COMPOSE_VERSION: '2.20.0' jobs: # Job de vérification du code code-quality: name: Code Quality runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Cache Rust dependencies uses: actions/cache@v3 with: path: | ~/.cargo/registry ~/.cargo/git target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Run clippy run: | cargo clippy --all-targets --all-features -- -D warnings - name: Run rustfmt run: | cargo fmt --all -- --check - name: Check documentation run: | cargo doc --no-deps - name: Check for TODO/FIXME run: | if grep -r "TODO\|FIXME" . --exclude-dir=.git --exclude-dir=target; then echo "Found TODO/FIXME comments. Please address them." exit 1 fi # Job de tests unitaires unit-tests: name: Unit Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Cache Rust dependencies uses: actions/cache@v3 with: path: | ~/.cargo/registry ~/.cargo/git target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Run unit tests run: | cargo test --lib --bins - name: Run integration tests run: | cargo test --tests # Job de tests d'intégration integration-tests: name: Integration Tests runs-on: ubuntu-latest services: docker: image: docker:24.0.5 options: >- --health-cmd "docker info" --health-interval 10s --health-timeout 5s --health-retries 5 ports: - 2375:2375 steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker images run: | docker build -t 4nk-node-bitcoin ./bitcoin docker build -t 4nk-node-blindbit ./blindbit docker build -t 4nk-node-sdk-relay -f ./sdk_relay/Dockerfile .. - name: Run integration tests run: | # Tests de connectivité de base ./tests/run_connectivity_tests.sh || true # Tests d'intégration ./tests/run_integration_tests.sh || true - name: Upload test results uses: actions/upload-artifact@v3 if: always() with: name: test-results path: | tests/logs/ tests/reports/ retention-days: 7 # Job de tests de sécurité security-tests: name: Security Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Run cargo audit run: | cargo audit --deny warnings - name: Check for secrets run: | # Vérifier les secrets potentiels if grep -r "password\|secret\|key\|token" . --exclude-dir=.git --exclude-dir=target --exclude=*.md; then echo "Potential secrets found. Please review." exit 1 fi - name: Check file permissions run: | # Vérifier les permissions sensibles find . -type f -perm /0111 -name "*.conf" -o -name "*.key" -o -name "*.pem" | while read file; do if [[ $(stat -c %a "$file") != "600" ]]; then echo "Warning: $file has insecure permissions" fi done # Job de build et test Docker docker-build: name: Docker Build & Test runs-on: ubuntu-latest services: docker: image: docker:24.0.5 options: >- --health-cmd "docker info" --health-interval 10s --health-timeout 5s --health-retries 5 ports: - 2375:2375 steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build and test Bitcoin Core run: | docker build -t 4nk-node-bitcoin:test ./bitcoin docker run --rm 4nk-node-bitcoin:test bitcoin-cli --version - name: Build and test Blindbit run: | docker build -t 4nk-node-blindbit:test ./blindbit docker run --rm 4nk-node-blindbit:test --version || true - name: Build and test SDK Relay run: | docker build -t 4nk-node-sdk-relay:test -f ./sdk_relay/Dockerfile .. docker run --rm 4nk-node-sdk-relay:test --version || true - name: Test Docker Compose run: | docker-compose config docker-compose build --no-cache # Job de tests de documentation documentation-tests: name: Documentation Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Check markdown links run: | # Vérification basique des liens markdown find . -name "*.md" -exec grep -l "\[.*\](" {} \; | while read file; do echo "Checking links in $file" done - name: Check documentation structure run: | # Vérifier la présence des fichiers de documentation essentiels required_files=( "README.md" "LICENSE" "CONTRIBUTING.md" "CHANGELOG.md" "CODE_OF_CONDUCT.md" "SECURITY.md" "docs/INDEX.md" "docs/INSTALLATION.md" "docs/USAGE.md" ) for file in "${required_files[@]}"; do if [[ ! -f "$file" ]]; then echo "Missing required documentation file: $file" exit 1 fi done - name: Validate documentation run: | echo "Documentation checks completed" security-audit: name: Security Audit runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Ensure scripts executable run: | chmod +x scripts/security/audit.sh || true - name: Run template security audit run: | if [ -f scripts/security/audit.sh ]; then ./scripts/security/audit.sh else echo "No security audit script (ok)" fi # Job de release guard (cohérence release) release-guard: name: Release Guard runs-on: ubuntu-latest needs: [code-quality, unit-tests, documentation-tests, security-audit] steps: - name: Checkout code uses: actions/checkout@v3 - name: Ensure guard scripts are executable run: | chmod +x scripts/release/guard.sh || true chmod +x scripts/checks/version_alignment.sh || true - name: Version alignment check run: | if [ -f scripts/checks/version_alignment.sh ]; then ./scripts/checks/version_alignment.sh else echo "No version alignment script (ok)" fi - name: Release guard (CI verify) env: RELEASE_TYPE: ci-verify run: | if [ -f scripts/release/guard.sh ]; then ./scripts/release/guard.sh else echo "No guard script (ok)" fi # Job de tests de performance performance-tests: name: Performance Tests runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Setup Rust uses: actions-rs/toolchain@v1 with: toolchain: ${{ env.RUST_VERSION }} override: true - name: Run performance tests run: | cd sdk_relay cargo test --release --test performance_tests || true - name: Check memory usage run: | # Tests de base de consommation mémoire echo "Performance tests completed" # Job de notification notify: name: Notify runs-on: ubuntu-latest needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests] if: always() steps: - name: Notify success if: needs.code-quality.result == 'success' && needs.unit-tests.result == 'success' && needs.integration-tests.result == 'success' && needs.security-tests.result == 'success' && needs.docker-build.result == 'success' && needs.documentation-tests.result == 'success' run: | echo "✅ All tests passed successfully!" - name: Notify failure if: needs.code-quality.result == 'failure' || needs.unit-tests.result == 'failure' || needs.integration-tests.result == 'failure' || needs.security-tests.result == 'failure' || needs.docker-build.result == 'failure' || needs.documentation-tests.result == 'failure' run: | echo "❌ Some tests failed!" exit 1