Release v1.0.0: Stable CLI with security hardening #88
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - "**/*.md" | |
| - "CLAUDE.md" | |
| - "LICENSE" | |
| - ".beads/**" | |
| pull_request: | |
| branches: [main] | |
| paths-ignore: | |
| - "**/*.md" | |
| - "CLAUDE.md" | |
| - "LICENSE" | |
| - ".beads/**" | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| check: | |
| name: Check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo check --workspace | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo clippy --workspace -- -D warnings -A dead_code | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo test --workspace | |
| sonar: | |
| name: SonarCloud | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarqube-scan-action@v6 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| # Cross-platform build smoke test | |
| build: | |
| name: Build (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo build --release | |
| e2e: | |
| name: E2E Tests | |
| runs-on: ubuntu-latest | |
| needs: [check] | |
| permissions: | |
| contents: read | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_DB: artifact_registry_test | |
| POSTGRES_USER: registry | |
| POSTGRES_PASSWORD: registry | |
| ports: | |
| - 30433:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U registry -d artifact_registry_test" | |
| --health-interval 2s | |
| --health-timeout 5s | |
| --health-retries 15 | |
| meilisearch: | |
| image: getmeili/meilisearch:v1.12 | |
| env: | |
| MEILI_ENV: development | |
| ports: | |
| - 7701:7700 | |
| options: >- | |
| --health-cmd "curl -f http://localhost:7700/health" | |
| --health-interval 2s | |
| --health-timeout 5s | |
| --health-retries 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Start backend | |
| run: | | |
| docker run -d --name e2e-backend \ | |
| --network ${{ job.services.postgres.network }} \ | |
| -e DATABASE_URL="postgresql://registry:registry@postgres:5432/artifact_registry_test" \ | |
| -e MEILI_URL="http://meilisearch:7700" \ | |
| -e ADMIN_PASSWORD="admin123" \ | |
| -e JWT_SECRET="e2e-test-secret-key-not-for-production" \ | |
| -p 8081:8080 \ | |
| ghcr.io/artifact-keeper/artifact-keeper-backend:latest | |
| - name: Wait for backend | |
| run: | | |
| for i in $(seq 1 60); do | |
| if curl -sf http://localhost:8081/health > /dev/null 2>&1; then | |
| echo "Backend healthy after $i attempts" | |
| exit 0 | |
| fi | |
| sleep 2 | |
| done | |
| docker logs e2e-backend | |
| exit 1 | |
| - name: Run E2E tests | |
| env: | |
| E2E_BACKEND_URL: http://localhost:8081 | |
| run: cargo test --test 'e2e_*' -- --include-ignored --test-threads=1 | |
| - name: Backend logs (on failure) | |
| if: failure() | |
| run: docker logs e2e-backend |