name: CI/CD
on:
push:
pull_request:
types:
- opened
workflow_dispatch:
jobs:
check-repo:
name: Check git repository
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
check-code-style:
name: Check code style
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
- uses: Swatinem/rust-cache@v2
- name: Check the code style
run: cargo fmt --all -- --check
check-code:
name: Check rust code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
- uses: Swatinem/rust-cache@v2
- name: Verify code
run: cargo clippy
test:
name: Run application tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
- uses: Swatinem/rust-cache@v2
- name: Test code
run: cargo test
check-unused-dependencies:
name: Check for unused deps
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
- uses: Swatinem/rust-cache@v2 continue-on-error: true
- uses: cargo-bins/cargo-binstall@main
- name: Install cargo-udeps
run: cargo binstall --no-confirm --force cargo-udeps
- name: Analyze dependencies
run: cargo update && cargo +nightly udeps
build:
name: Build executable
needs: [ check-repo, check-code-style, check-code, test ]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: default
toolchain: stable
- uses: Swatinem/rust-cache@v2
- name: Build application
run: |
cargo build --release --target x86_64-unknown-linux-gnu
cp target/x86_64-unknown-linux-gnu/release/chwp ./chwp-linux-x86-64
- name: Upload artifact
uses: actions/upload-artifact@v7
with:
name: artifact-linux-x86_64
path: chwp-linux-x86-64
release:
name: Create release
runs-on: ubuntu-latest
needs: [ build ]
if: github.ref_name == 'main' steps:
- uses: actions/checkout@v6
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: 24
- name: Install Dependencies
run: |
npm install -g \
semantic-release \
@semantic-release/git \
@semantic-release/gitlab \
@semantic-release/changelog \
@semantic-release/exec \
@semantic-release/commit-analyzer \
@semantic-release-cargo/semantic-release-cargo
- name: Generate Semantic Release Notes and Create Release
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: npx semantic-release
build-deb-package:
name: Build deb package
needs: [ release ]
runs-on: ubuntu-latest
steps:
- name: Detect and set latest github release VERSION
shell: bash
run: |
REPO="RouHim/chwp"
LATEST_RELEASE=$(curl --silent "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
echo "Latest release is $LATEST_RELEASE"
echo "VERSION=$LATEST_RELEASE" >> $GITHUB_ENV
- name: Download previously built application
uses: actions/download-artifact@v8
with:
name: artifact-linux-x86_64
path: .
- name: Prepare deb build
run: |
mkdir -p .pkg/usr/bin/
cp chwp-linux-x86-64 .pkg/usr/bin/chwp
chmod +x .pkg/usr/bin/chwp
- name: Build deb file
uses: jiro4989/build-deb-action@v4
with:
package: chwp
package_root: .pkg
maintainer: Rouven Himmelstein
version: ${{ env.VERSION }}
arch: 'amd64'
desc: 'Changes the wallpaper from the command line.'
- name: Rename deb file
run: |
mv *.deb chwp-x86-64.deb
- name: Upload deb artifact
uses: actions/upload-artifact@v7
with:
name: artifact-deb-x86_64
path: |
chwp-x86-64.deb
build-rpm-package:
name: Build rpm package
needs: [ release ]
runs-on: ubuntu-latest
steps:
- name: Detect and set latest github release VERSION
shell: bash
run: |
REPO="RouHim/chwp"
LATEST_RELEASE=$(curl --silent "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
echo "Latest release is $LATEST_RELEASE"
echo "VERSION=$LATEST_RELEASE" >> $GITHUB_ENV
- name: Download previously built application
uses: actions/download-artifact@v8
with:
name: artifact-linux-x86_64
path: .
- name: Prepare rpm build
run: |
mkdir -p .pkg/usr/bin/
cp chwp-linux-x86-64 .pkg/usr/bin/chwp
chmod +x .pkg/usr/bin/chwp
- name: Build rpm file
uses: jiro4989/build-rpm-action@v2
with:
package: chwp
package_root: .pkg
maintainer: Rouven Himmelstein
version: ${{ env.VERSION }}
arch: 'x86_64'
desc: 'Changes the wallpaper from the command line.'
- name: Rename rpm file
run: |
rm *debuginfo*.rpm
mv *.rpm chwp-x86-64.rpm
- name: Upload rpm artifact
uses: actions/upload-artifact@v7
with:
name: artifact-rpm-x86_64
path: |
chwp-x86-64.rpm
upload-assets:
name: Upload assets to release
runs-on: ubuntu-latest
needs: [ release, build-deb-package, build-rpm-package ]
if: github.ref_name == 'main' steps:
- uses: actions/checkout@v6
- name: Download previous built application
uses: actions/download-artifact@v8
with:
name: artifact-linux-x86_64
path: .
- name: Download previous built deb asset
uses: actions/download-artifact@v8
with:
name: artifact-deb-x86_64
path: .
- name: Download previous built rpm asset
uses: actions/download-artifact@v8
with:
name: artifact-rpm-x86_64
path: .
- name: Upload plain linux-x86_64 asset
run: |
bash .github/scripts/upload-asset-to-release.sh \
${{ secrets.RELEASE_TOKEN }} \
"chwp-linux-x86-64" \
"chwp-linux-x86-64"
- name: Upload debian x86_64 asset
run: |
bash .github/scripts/upload-asset-to-release.sh \
${{ secrets.RELEASE_TOKEN }} \
"chwp-x86-64.deb" \
"chwp-x86-64.deb"
- name: Upload rpm x86_64 asset
run: |
bash .github/scripts/upload-asset-to-release.sh \
${{ secrets.RELEASE_TOKEN }} \
"chwp-x86-64.rpm" \
"chwp-x86-64.rpm"
- name: Delete old releases
uses: dev-drprasad/delete-older-releases@v0.3.4
with:
keep_latest: 50
delete_tags: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-aur-git:
name: Publish AUR Git package
needs: [ release ]
runs-on: ubuntu-latest
if: github.ref_name == 'main' steps:
- name: Detect and set latest github release VERSION
shell: bash
run: |
REPO="RouHim/chwp"
LATEST_RELEASE=$(curl --silent "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
echo "Latest release is $LATEST_RELEASE"
echo "VERSION=$LATEST_RELEASE" >> $GITHUB_ENV
- name: Set up AUR git environment
run: |
mkdir -p ~/.ssh
ssh-keyscan -t rsa aur.archlinux.org >> ~/.ssh/known_hosts
echo "${{ secrets.AUR_SSH_PRIVATE_KEY }}" >> ~/.ssh/aur
chmod 600 ~/.ssh/aur
echo "${{ secrets.AUR_SSH_CONFIG }}" >> ~/.ssh/config
git config --global user.email "${{ secrets.AUR_EMAIL }}"
git config --global user.name "${{ secrets.AUR_USERNAME }}"
- name: Checkout AUR repo
run: |
git clone ssh://aur@aur.archlinux.org/chwp-git.git chwp-aur
- name: Set version to PKGBUILD
run: |
cd chwp-aur
sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
cat PKGBUILD
- name: Create SRCINFO
run: |
cd chwp-aur
docker run -v $PWD:/pkg -w /pkg -u 1001 rouhim/archlinux-binutils makepkg --printsrcinfo > .SRCINFO
- name: Push to AUR
run: |
cd chwp-aur
git commit -am "v{{ env.VERSION }}"
git push
publish-aur-bin:
name: Publish AUR Bin package
needs: [ release ]
runs-on: ubuntu-latest
if: github.ref_name == 'main' steps:
- name: Detect and set latest github release VERSION
shell: bash
run: |
REPO="RouHim/chwp"
LATEST_RELEASE=$(curl --silent "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
echo "Latest release is $LATEST_RELEASE"
echo "VERSION=$LATEST_RELEASE" >> $GITHUB_ENV
- name: Set up AUR git environment
run: |
mkdir -p ~/.ssh
ssh-keyscan -t rsa aur.archlinux.org >> ~/.ssh/known_hosts
echo "${{ secrets.AUR_SSH_PRIVATE_KEY }}" >> ~/.ssh/aur
chmod 600 ~/.ssh/aur
echo "${{ secrets.AUR_SSH_CONFIG }}" >> ~/.ssh/config
git config --global user.email "${{ secrets.AUR_EMAIL }}"
git config --global user.name "${{ secrets.AUR_USERNAME }}"
- name: Checkout AUR repo
run: |
git clone ssh://aur@aur.archlinux.org/chwp-bin.git chwp-aur
- name: Set version to PKGBUILD
run: |
cd chwp-aur
sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
cat PKGBUILD
- name: Create SRCINFO
run: |
cd chwp-aur
docker run -v $PWD:/pkg -w /pkg -u 1001 rouhim/archlinux-binutils makepkg --printsrcinfo > .SRCINFO
- name: Push to AUR
run: |
cd chwp-aur
git commit -am "v{{ env.VERSION }}"
git push