name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
jobs:
test:
name: Test Suite
runs-on: ubuntu-latest
strategy:
matrix:
rust: [1.70, stable, nightly]
include:
- rust: 1.70
toolchain: 1.70
- rust: stable
toolchain: stable
- rust: nightly
toolchain: nightly
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: ${{ matrix.toolchain }}
override: true
components: rustfmt, clippy
- name: Cache dependencies
uses: actions/cache@v3
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Install dependencies
run: |
cargo install cargo-audit
cargo install cargo-tarpaulin
- name: Check formatting
run: cargo fmt --all -- --check
- name: Run clippy
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Run tests
run: cargo test --all-features
- name: Run security audit
run: cargo audit
- name: Generate test coverage
run: cargo tarpaulin --out Xml --output-dir coverage
if: matrix.rust == 'stable'
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
file: ./coverage/cobertura.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
if: matrix.rust == 'stable'
python-test:
name: Python Bindings Test
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install maturin
run: pip install maturin
- name: Build and test Python bindings
run: |
maturin build --release
maturin test --release
wasm-test:
name: WebAssembly Test
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
target: wasm32-unknown-unknown
- name: Install wasm-pack
run: cargo install wasm-pack
- name: Build WebAssembly
run: cargo build --target wasm32-unknown-unknown --release
- name: Test WebAssembly
run: wasm-pack test --headless --firefox
lint:
name: Linting and Code Quality
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Run cargo check
run: cargo check --all-targets --all-features
- name: Check for unused dependencies
run: cargo udeps --all-targets
- name: Check for outdated dependencies
run: cargo outdated
security:
name: Security Scan
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'
build:
name: Build Artifacts
runs-on: ubuntu-latest
needs: [test, python-test, wasm-test, lint, security]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Build release artifacts
run: |
cargo build --release
cargo build --release --target wasm32-unknown-unknown
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: release-artifacts
path: |
target/release/
target/wasm32-unknown-unknown/release/
publish:
name: Publish to Crates.io
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
environment:
name: production
url: https://crates.io/crates/genesis-protocol
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Publish to crates.io
run: cargo publish
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
notify:
name: Notify Success
runs-on: ubuntu-latest
needs: [test, python-test, wasm-test, lint, security]
if: always() && (needs.test.result == 'success' && needs.python-test.result == 'success' && needs.wasm-test.result == 'success' && needs.lint.result == 'success' && needs.security.result == 'success')
steps:
- name: Notify success
run: |
echo "✅ All CI checks passed successfully!"
echo "🚀 Genesis Protocol is ready for deployment"