sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

fix: remove GitHub-specific files and fix remaining URLs
Some checks failed
Test / rust-fmt-check (pull_request) Failing after 10s
Details
Test / rust-clippy (pull_request) Failing after 13s
Details
Test / rust-tests (pull_request) Failing after 17s
Details
Test / frontend-tests (pull_request) Failing after 1m22s
Details
Test / frontend-typecheck (pull_request) Successful in 1m31s
Details
PR Review Automation / review (pull_request) Successful in 2m54s
Details

Browse Source 
Critical fixes for Gitea compatibility:

1. **Removed .github/ directory completely**
   - dependabot.yml (GitHub-only, not supported by Gitea)
   - GitHub workflows (replaced by .gitea/workflows)
   - CODEOWNERS, AZURE_BOARDS_INTEGRATION.md, COPILOT_SETUP.md
   - These files are GitHub-specific and won't work in Gitea

2. **Fixed remaining URLs to use internal IP**
   - pr-review.yml: LITELLM_URL gitea.tftsr.com:11434 → 172.0.0.29:11434
   - build-images.yml: Updated comments with correct IP
   - All CI runners MUST use 172.0.0.29 (internal IP)

3. **Verified branch naming**
   - This repo uses 'master' (not 'main')
   - All workflows correctly reference 'master'

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Shaun Arman 2026-06-05 15:01:11 -05:00
parent a6348d206a
commit b059da6daa
9 changed files with 2 additions and 1090 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/build-images.yml
View File

@ -7,7 +7,7 @@ name: Build CI Docker Images
# - Automatically: whenever a Dockerfile under .docker/ changes on master.
# - Manually: via workflow_dispatch (e.g. first-time setup, forced rebuild).
#
# ONE-TIME SERVER PREREQUISITE (run once on gitea.tftsr.com before first use):
# ONE-TIME SERVER PREREQUISITE (run once on 172.0.0.29 before first use):
# echo '{"insecure-registries":["172.0.0.29:3000"]}' \
# | sudo tee /etc/docker/daemon.json
# sudo systemctl restart docker

2
.gitea/workflows/pr-review.yml
View File

@ -141,7 +141,7 @@ jobs:
if: steps.context.outputs.diff_size != '0'
shell: bash
env:
LITELLM_URL: http://gitea.tftsr.com:11434/v1
LITELLM_URL: http://172.0.0.29:11434/v1
LITELLM_API_KEY: ${{ secrets.OLLAMA_API_KEY }}
PR_TITLE: ${{ github.event.pull_request.title }}
PR_NUMBER: ${{ github.event.pull_request.number }}

234
.github/AZURE_BOARDS_INTEGRATION.md vendored
View File

@ -1,234 +0,0 @@
# Azure Boards + GitHub Integration
## Issue
When using `AB#727547` syntax in PR titles or commit messages, the work item reference is **not** automatically converted to a clickable link to Azure DevOps.
## Root Cause
The `AB#` syntax requires the **Azure Boards GitHub App** to be installed and configured for this repository.
## Current Status
**Azure Boards app not installed** on `tftsr/apollo_nxt-trcaa`
- `AB#` references in titles/commits are not linked
- Manual URL links work: `https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547`
## How Azure Boards + GitHub Integration Works
When properly configured:
1. `AB#727547` in PR title → Automatically converted to clickable link
2. `AB#727547` in commit message → Linked to work item
3. PR/commit status → Appears in ADO work item "Development" tab
4. PR merge → Can auto-transition work item state
## Setup Instructions
### Step 1: Install Azure Boards GitHub App
**Option A: Organization-Level Installation** (Recommended)
1. Go to: https://github.com/marketplace/azure-boards
2. Click **"Set up a plan"** or **"Install it for free"**
3. Select **tftsr** organization
4. Choose **"All repositories"** or select specific repos
5. Click **"Install"**
**Option B: Repository-Level Installation**
1. Go to: https://github.com/apps/azure-boards
2. Click **"Configure"**
3. Select **tftsr** organization
4. Under "Repository access", select **"Only select repositories"**
5. Choose **apollo_nxt-trcaa**
6. Click **"Save"**
### Step 2: Connect to Azure DevOps
1. After installation, you'll be redirected to Azure DevOps
2. Sign in with your TFTSR account: `VFK387@tftsr.com`
3. Select **Azure DevOps organization**: `dev.azure.com/tftsr`
4. Select **Project**: `Apollo`
5. Authorize the connection
### Step 3: Configure Repository Mapping
1. In Azure DevOps, go to: `https://dev.azure.com/tftsr/Apollo/_settings/boards-external-integration`
2. Click **"+ Add connection"**
3. Select **GitHub** as the source
4. Choose the repository: **tftsr/apollo_nxt-trcaa**
5. Configure settings:
- ✅ Enable **automatic work item linking**
- ✅ Enable **state transition on PR merge**
- ✅ Enable **mentions validation**
### Step 4: Verify Integration
After setup, test the integration:
```bash
# Create a test branch
git checkout -b test/azure-boards-link
# Create a commit with AB# reference
git commit --allow-empty -m "test: verify Azure Boards linking AB#727547"
# Push and create PR
git push -u origin test/azure-boards-link
gh pr create --title "Test: Azure Boards Integration AB#727547" --body "Testing AB# linking"
```
Expected results:
- ✅ `AB#727547` in PR title is a clickable link
- ✅ PR appears in ADO work item 727547 "Development" tab
- ✅ Commit with `AB#` appears in work item history
## Available Syntax
Once installed, these formats work:
### In PR Titles and Descriptions
```
AB#727547 # Basic link
Fixes AB#727547 # Closes work item on merge
Resolves AB#727547 # Closes work item on merge
Closes AB#727547 # Closes work item on merge
```
### In Commit Messages
```
git commit -m "feat: add feature AB#727547"
git commit -m "fix: resolve bug (fixes AB#727547)"
```
### Multiple Work Items
```
feat: implement features AB#727547 AB#744142
```
## State Transitions
Configure automatic state transitions on PR events:
| GitHub Event | ADO Work Item State Transition |
|--------------|--------------------------------|
| PR created with `AB#` | No change (or → Active) |
| PR merged with `Fixes AB#` | → Resolved or Closed |
| PR merged with `AB#` | No change (configurable) |
| PR closed without merge | No change |
## Current Workaround
Until Azure Boards app is installed, use full URLs:
**In PR Description** (already done in PR #27):
```markdown
**Work Item**: https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547
```
**In Commits**:
```bash
git commit -m "feat: add feature
Work Item: https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547"
```
## Benefits of Azure Boards Integration
### For Developers
- ✅ Quick navigation from PR to work item
- ✅ See all PRs/commits linked to a work item
- ✅ Automatic work item state updates
- ✅ Reduced manual ADO updates
### For Project Management
- ✅ Visibility into code changes per work item
- ✅ Traceability from requirement → code → deployment
- ✅ Automated status updates
- ✅ Better sprint velocity tracking
### For Compliance
- ✅ Audit trail of code changes per work item
- ✅ Traceability for security/compliance requirements
- ✅ Automated documentation of development activity
## Verification Commands
After installation, verify with:
```bash
# Check if Azure Boards app is installed
gh api repos/tftsr/apollo_nxt-trcaa/installation
# View PR with AB# reference
gh pr view 27
# Check work item in ADO for linked PRs
az boards work-item show --id 727547 --org https://dev.azure.com/tftsr | jq '.relations'
```
## Troubleshooting
### AB# Not Linking
**Problem**: `AB#727547` shows as plain text, not a link
**Solutions**:
1. Verify Azure Boards app is installed for the repo
2. Check Azure DevOps connection is active
3. Ensure repo is mapped in ADO project settings
4. Verify `AB#` format is correct (no spaces)
### PRs Not Appearing in ADO
**Problem**: PR created but doesn't show in work item "Development" tab
**Solutions**:
1. Check if `AB#` was in PR title or description
2. Verify ADO project connection is active
3. Wait 5-10 minutes for sync (can be delayed)
4. Manually link PR in ADO if needed
### State Transitions Not Working
**Problem**: PR merged but work item state unchanged
**Solutions**:
1. Verify state transition rules are configured in ADO
2. Check if `Fixes AB#` syntax was used (not just `AB#`)
3. Ensure PR was merged (not closed without merge)
4. Check ADO project settings for transition rules
## Security Considerations
- Azure Boards app requires **read/write** access to repos
- OAuth token is stored in Azure DevOps
- App can read PR content and commit messages
- All activity is logged in both GitHub and ADO audit logs
## References
- [Azure Boards GitHub App](https://github.com/marketplace/azure-boards)
- [Azure Boards + GitHub Integration Docs](https://learn.microsoft.com/en-us/azure/devops/boards/github/)
- [Work Item Linking Syntax](https://learn.microsoft.com/en-us/azure/devops/boards/github/link-to-from-github)
## Action Items
To enable `AB#` linking on this repo:
1. [ ] Install Azure Boards GitHub app on tftsr organization or apollo_nxt-trcaa repo
2. [ ] Connect to Azure DevOps (dev.azure.com/tftsr)
3. [ ] Map repository in Apollo project settings
4. [ ] Configure state transition rules (optional)
5. [ ] Test with a sample PR using `AB#` syntax
6. [ ] Update team documentation with `AB#` syntax usage
## Contact
For questions about Azure Boards integration or GitHub app installation:
- GitHub Organization Admins: @tftsr admins
- Azure DevOps Project Admins: Apollo project leads
- DevOps Team
---
**Last Updated**: 2026-06-02
**Status**: Azure Boards app not installed - manual URL links required
**Repository**: tftsr/apollo_nxt-trcaa
**ADO Organization**: dev.azure.com/tftsr
**ADO Project**: Apollo

11
.github/CODEOWNERS vendored
View File

@ -1,11 +0,0 @@
# All files require review from owner
# GitHub Copilot code reviews are enabled via GitHub Advanced Security settings
# (not via CODEOWNERS - see repo Settings -> Security -> Code security and analysis)
* @Shaun-Arman-VFK387_moto
# Rust backend
src-tauri/ @Shaun-Arman-VFK387_moto
# CI/CD pipelines and Docker build configs
.github/workflows/ @Shaun-Arman-VFK387_moto
.docker/ @Shaun-Arman-VFK387_moto

145
.github/COPILOT_SETUP.md vendored
View File

@ -1,145 +0,0 @@
# GitHub Copilot Code Review Setup
## Overview
GitHub Copilot can automatically review pull requests when properly configured. This document explains how to enable Copilot code reviews for this repository.
## Current Status
**Workflows Active**: GitHub shows Copilot workflows are active:
- `Copilot` (pull-request-reviewer)
- `Copilot cloud agent` (copilot-swe-agent)
- `CodeQL` (code scanning)
⚠️ **Configuration Needed**: Copilot code reviews must be enabled through GitHub Advanced Security settings.
## How GitHub Copilot Code Reviews Work
GitHub Copilot code reviews are **not** triggered via CODEOWNERS file (unlike human reviewers). Instead, they are configured through:
1. **GitHub Advanced Security** (requires GitHub Enterprise or GitHub Team plan)
2. **Repository Settings****Security** → **Code security and analysis**
3. **Copilot Autofix** (for security vulnerabilities)
4. **Copilot Code Review** (manual opt-in feature)
## Setup Steps
### Step 1: Enable GitHub Advanced Security
1. Navigate to: `https://github.com/tftsr/apollo_nxt-trcaa/settings/security_analysis`
2. Enable **GitHub Advanced Security** (if available with your plan)
3. Enable **Dependabot alerts**
4. Enable **Code scanning** (CodeQL)
5. Enable **Secret scanning**
### Step 2: Enable Copilot Code Review
As of 2024-2026, GitHub Copilot code reviews can be enabled via:
**Option A: Copilot Autofix (Security-focused)**
1. Go to repository **Settings** → **Code security and analysis**
2. Enable **Copilot Autofix** under "Code scanning"
3. Copilot will suggest fixes for CodeQL alerts in pull requests
**Option B: Copilot Workspace (Preview Feature)**
1. Ensure your organization has Copilot Business or Enterprise
2. Navigate to: `https://github.com/tftsr/apollo_nxt-trcaa/settings/copilot`
3. Enable **Copilot Code Review** (if available)
4. Configure review triggers:
- On all pull requests
- On pull requests targeting protected branches
- Manual trigger only
### Step 3: Configure Review Rules
Add Copilot as a required check in branch protection:
```bash
# Via GitHub CLI
gh api repos/tftsr/apollo_nxt-trcaa/branches/main/protection/required_status_checks \
--method PATCH \
--field strict=true \
--field contexts[]='rust-test' \
--field contexts[]='frontend-test' \
--field contexts[]='copilot-code-review' # Add this line
```
Or via GitHub UI:
1. Go to **Settings****Branches****Branch protection rules** → **main**
2. Under "Require status checks to pass before merging"
3. Add **copilot-code-review** to required checks
## Verification
To verify Copilot is reviewing PRs:
```bash
# Check if Copilot workflow ran on a PR
gh pr checks 27
# Check for Copilot comments on a PR
gh pr view 27 --comments | grep -i copilot
```
## Triggering Manual Review
If Copilot code review is enabled but not automatic, you can trigger it manually:
1. Add a comment to the PR: `@github-copilot review`
2. Or use GitHub CLI: `gh pr review 27 --request-changes --body "@github-copilot please review"`
## Current Configuration
**Branch Protection** (as of 2026-06-02):
- ✅ Required status checks: `rust-test`, `frontend-test`
- ✅ Require code owner reviews: Yes
- ✅ Required approving review count: 1
- ⚠️ Copilot code review: Not configured as required check
**CODEOWNERS**:
- Owner: @sarman
- Note: `@github-copilot` removed from CODEOWNERS (not a valid reviewer)
## Limitations
- **Plan Requirement**: GitHub Advanced Security requires GitHub Enterprise or Team plan
- **Private Repos**: May have limited Copilot features depending on plan
- **Availability**: Copilot code review features are gradually rolling out
- **Manual Trigger**: Some orgs require manual trigger via comments
## Alternative: CodeQL Analysis
If Copilot code review is not available, CodeQL provides automated code analysis:
1. CodeQL workflow is already active (`.github/workflows/codeql-analysis.yml` - dynamic)
2. Runs on every push to main and pull request
3. Scans for security vulnerabilities and code quality issues
4. Results appear in **Security** → **Code scanning alerts**
## References
- [GitHub Advanced Security Documentation](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security)
- [GitHub Copilot for Business](https://docs.github.com/en/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise)
- [CodeQL Documentation](https://codeql.github.com/)
## Action Items
To fully enable Copilot code reviews on this repo:
1. [ ] Verify GitHub plan includes Advanced Security features
2. [ ] Enable GitHub Advanced Security in repo settings
3. [ ] Enable Copilot Autofix (if available)
4. [ ] Configure Copilot code review triggers (if feature is available)
5. [ ] Add `copilot-code-review` to required status checks
6. [ ] Test on a sample PR to verify functionality
## Contact
For questions about GitHub Advanced Security or Copilot features for the TFTSR organization, contact:
- GitHub Organization Admins
- DevOps Team
---
**Last Updated**: 2026-06-02
**Status**: Configuration pending - awaiting Advanced Security setup

40
.github/dependabot.yml vendored
View File

@ -1,40 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
labels:
- "dependencies"
- "ci"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
labels:
- "dependencies"
- "frontend"
ignore:
# Tauri requires tight version alignment — let Tauri control its own deps
- dependency-name: "@tauri-apps/*"
update-types: ["version-update:semver-major"]
- package-ecosystem: "cargo"
directory: "/src-tauri"
schedule:
interval: "weekly"
day: "monday"
labels:
- "dependencies"
- "rust"
ignore:
# Tauri workspace crates — major bumps require coordinated migration
- dependency-name: "tauri"
update-types: ["version-update:semver-major"]
- dependency-name: "tauri-build"
update-types: ["version-update:semver-major"]
- dependency-name: "tauri-plugin-*"
update-types: ["version-update:semver-major"]

84
.github/workflows/build-images.yml vendored
View File

@ -1,84 +0,0 @@
name: Build CI Docker Images
# Rebuilds the pre-baked builder images and pushes them to ghcr.io.
#
# WHEN TO RUN:
# - Automatically: whenever a Dockerfile under .docker/ changes on main.
# - Manually: via workflow_dispatch (e.g. first-time setup, forced rebuild).
#
# Images produced:
# ghcr.io/tftsr/trcaa-linux-amd64:rust1.88-node22
# ghcr.io/tftsr/trcaa-windows-cross:rust1.88-node22
# ghcr.io/tftsr/trcaa-linux-arm64:rust1.88-node22
on:
push:
branches:
- main
paths:
- '.docker/**'
workflow_dispatch:
concurrency:
group: build-ci-images
cancel-in-progress: false
env:
REGISTRY: ghcr.io
REGISTRY_OWNER: tftsr
permissions:
contents: read
packages: write
jobs:
linux-amd64:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Log in to ghcr.io
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and push linux-amd64 builder
run: |
docker build \
-t $REGISTRY/$REGISTRY_OWNER/trcaa-linux-amd64:rust1.88-node22 \
-f .docker/Dockerfile.linux-amd64 .
docker push $REGISTRY/$REGISTRY_OWNER/trcaa-linux-amd64:rust1.88-node22
echo "✓ Pushed $REGISTRY/$REGISTRY_OWNER/trcaa-linux-amd64:rust1.88-node22"
windows-cross:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Log in to ghcr.io
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and push windows-cross builder
run: |
docker build \
-t $REGISTRY/$REGISTRY_OWNER/trcaa-windows-cross:rust1.88-node22 \
-f .docker/Dockerfile.windows-cross .
docker push $REGISTRY/$REGISTRY_OWNER/trcaa-windows-cross:rust1.88-node22
echo "✓ Pushed $REGISTRY/$REGISTRY_OWNER/trcaa-windows-cross:rust1.88-node22"
linux-arm64:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Log in to ghcr.io
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and push linux-arm64 builder
run: |
docker build \
-t $REGISTRY/$REGISTRY_OWNER/trcaa-linux-arm64:rust1.88-node22 \
-f .docker/Dockerfile.linux-arm64 .
docker push $REGISTRY/$REGISTRY_OWNER/trcaa-linux-arm64:rust1.88-node22
echo "✓ Pushed $REGISTRY/$REGISTRY_OWNER/trcaa-linux-arm64:rust1.88-node22"

499
.github/workflows/release.yml vendored
View File

@ -1,499 +0,0 @@
name: Release
# Runs on every merge to main — reads the latest semver tag, increments
# the patch version, pushes a new tag, generates a changelog, then builds
# multi-platform release artifacts and uploads them to GitHub Releases.
# workflow_dispatch allows manual triggering.
on:
push:
branches:
- main
paths-ignore:
- CHANGELOG.md
workflow_dispatch:
concurrency:
group: release-main
cancel-in-progress: false
permissions:
contents: write
packages: read
jobs:
autotag:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.bump.outputs.release_tag }}
steps:
- name: Checkout (full history + all tags)
uses: actions/checkout@v6
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Bump patch version and create tag
id: bump
run: |
set -eu
# Read the version declared in Cargo.toml
CARGO_VERSION=$(grep '^version' src-tauri/Cargo.toml | head -1 | sed 's/version = "//;s/"//')
CARGO_TAG="v${CARGO_VERSION}"
echo "Cargo.toml declares: $CARGO_TAG"
# Get the latest clean semver tag (vX.Y.Z only)
LATEST=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -1 || echo "")
echo "Latest git tag: ${LATEST:-none}"
# Version resolution:
# 1. Cargo.toml > latest tag → use Cargo.toml (major/minor bump)
# 2. Cargo.toml == latest tag → reuse for builds (already tagged)
# 3. Cargo.toml < latest tag → auto-increment patch on latest tag
if [ -z "$LATEST" ]; then
NEXT="$CARGO_TAG"
elif [ "$(printf '%s\n' "$LATEST" "$CARGO_TAG" | sort -V | tail -1)" = "$CARGO_TAG" ]; then
NEXT="$CARGO_TAG"
if [ "$CARGO_TAG" = "$LATEST" ]; then
echo "Cargo.toml matches latest tag — reusing $NEXT for builds"
else
echo "Cargo.toml version $CARGO_TAG is ahead of $LATEST — using Cargo.toml"
fi
else
MAJOR=$(echo "$LATEST" | cut -d. -f1 | tr -d 'v')
MINOR=$(echo "$LATEST" | cut -d. -f2)
PATCH=$(echo "$LATEST" | cut -d. -f3)
NEXT="v${MAJOR}.${MINOR}.$((PATCH + 1))"
fi
echo "Latest tag: ${LATEST:-none} → Next: $NEXT"
if git ls-remote --exit-code --tags origin "refs/tags/$NEXT" >/dev/null 2>&1; then
echo "Tag $NEXT already exists; builds will target this tag."
else
git tag -a "$NEXT" -m "Release $NEXT"
git push origin "refs/tags/$NEXT"
echo "Tag $NEXT pushed successfully"
fi
echo "release_tag=$NEXT" >> "$GITHUB_OUTPUT"
changelog:
needs: autotag
runs-on: ubuntu-latest
steps:
- name: Checkout (full history + all tags)
uses: actions/checkout@v6
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Install git-cliff
run: |
set -eu
CLIFF_VER="2.7.0"
curl -fsSL \
"https://github.com/orhun/git-cliff/releases/download/v${CLIFF_VER}/git-cliff-${CLIFF_VER}-x86_64-unknown-linux-musl.tar.gz" \
| tar -xz --strip-components=1 -C /usr/local/bin \
"git-cliff-${CLIFF_VER}/git-cliff"
- name: Generate changelog
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
CURRENT_TAG="${RELEASE_TAG}"
echo "Building changelog for $CURRENT_TAG"
if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then
echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch"
exit 1
fi
git-cliff --config cliff.toml --output CHANGELOG.md
PREV_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \
| grep -v "^${CURRENT_TAG}$" | head -1 || echo "")
if [ -n "$PREV_TAG" ]; then
# Generate changelog for ONLY this version (from previous tag to current tag)
git-cliff --config cliff.toml "${PREV_TAG}..${CURRENT_TAG}" --strip all > /tmp/release_body.md || true
else
echo "No previous tag found, generating from all git commits"
git-cliff --config cliff.toml --unreleased --strip all > /tmp/release_body.md || true
fi
echo "=== Release body preview ==="
cat /tmp/release_body.md
- name: Create or update GitHub release
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -eu
TAG="${RELEASE_TAG}"
BODY=$(cat /tmp/release_body.md)
if gh release view "$TAG" >/dev/null 2>&1; then
echo "Updating existing release $TAG..."
gh release edit "$TAG" --notes "$BODY"
echo "✓ Release body updated"
else
echo "Creating release $TAG..."
gh release create "$TAG" \
--title "TRCAA $TAG" \
--notes "$BODY"
echo "✓ Release created"
fi
- name: Commit CHANGELOG.md to main
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
TAG="${RELEASE_TAG}"
if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "ERROR: Unexpected tag format: $TAG"
exit 1
fi
git add CHANGELOG.md
if git diff --staged --quiet; then
echo "No CHANGELOG.md changes to commit"
else
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]"
if git push origin HEAD:main; then
echo "✓ CHANGELOG.md committed to main"
else
echo "⚠ Could not push CHANGELOG.md to main (branch protection requires PR)."
echo " The changelog is still available as a release asset and in the release notes."
fi
fi
- name: Upload CHANGELOG.md as release asset
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -eu
TAG="${RELEASE_TAG}"
# Remove existing asset if present to allow re-upload
gh release delete-asset "$TAG" CHANGELOG.md --yes 2>/dev/null || true
gh release upload "$TAG" CHANGELOG.md
echo "✓ CHANGELOG.md uploaded"
wiki-sync:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Configure git
run: |
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
- name: Clone and sync wiki
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cd /tmp
WIKI_URL="https://x-access-token:${GH_TOKEN}@github.com/tftsr/apollo_nxt-trcaa.wiki.git"
if ! git clone "$WIKI_URL" wiki 2>/dev/null; then
echo "Wiki doesn't exist yet, creating initial structure..."
mkdir -p wiki
cd wiki
git init
git checkout -b master
echo "# Wiki" > Home.md
git add Home.md
git commit -m "Initial wiki commit"
git remote add origin "$WIKI_URL"
fi
cd /tmp/wiki
if [ -d "$GITHUB_WORKSPACE/docs/wiki" ]; then
cp -v "$GITHUB_WORKSPACE"/docs/wiki/*.md . 2>/dev/null || echo "No wiki files to copy"
fi
git add -A
if ! git diff --staged --quiet; then
git commit -m "docs: sync from docs/wiki/ at commit ${GITHUB_SHA:0:8}"
if git push origin master; then
echo "✓ Wiki successfully synced"
else
echo "⚠ Wiki push failed"
exit 1
fi
else
echo "No wiki changes to commit"
fi
build-linux-amd64:
needs: autotag
runs-on: ubuntu-latest
container:
image: ghcr.io/tftsr/trcaa-linux-amd64:rust1.88-node22
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Mark workspace as safe for git
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Cache cargo registry
uses: actions/cache@v5
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-linux-amd64-
- name: Cache npm
uses: actions/cache@v5
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Download kubectl binaries
run: |
chmod +x scripts/download-kubectl.sh
./scripts/download-kubectl.sh
- name: Build
env:
APPIMAGE_EXTRACT_AND_RUN: "1"
run: |
npm ci --legacy-peer-deps
CI=true npx tauri build --target x86_64-unknown-linux-gnu
- name: Upload artifacts to GitHub release
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -eu
TAG="${RELEASE_TAG}"
ARTIFACTS=$(find src-tauri/target/x86_64-unknown-linux-gnu/release/bundle -type f \
\( -name "*.deb" -o -name "*.rpm" \))
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No Linux amd64 artifacts found."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME="linux-amd64-$(basename "$f")"
echo "Uploading $NAME..."
gh release upload "$TAG" "$f#$NAME" --clobber
echo "✓ Uploaded $NAME"
done
build-windows-amd64:
needs: autotag
runs-on: ubuntu-latest
container:
image: ghcr.io/tftsr/trcaa-windows-cross:rust1.88-node22
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Mark workspace as safe for git
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Cache cargo registry
uses: actions/cache@v5
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-windows-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-windows-
- name: Cache npm
uses: actions/cache@v5
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Download kubectl binaries
run: |
chmod +x scripts/download-kubectl.sh
./scripts/download-kubectl.sh
- name: Build
env:
CC_x86_64_pc_windows_gnu: x86_64-w64-mingw32-gcc
CXX_x86_64_pc_windows_gnu: x86_64-w64-mingw32-g++
AR_x86_64_pc_windows_gnu: x86_64-w64-mingw32-ar
CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER: x86_64-w64-mingw32-gcc
OPENSSL_NO_VENDOR: "0"
OPENSSL_STATIC: "1"
SODIUM_LIB_DIR: /usr/x86_64-w64-mingw32/lib
SODIUM_STATIC: "1"
run: |
npm ci --legacy-peer-deps
CI=true npx tauri build --target x86_64-pc-windows-gnu
- name: Upload artifacts to GitHub release
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -eu
TAG="${RELEASE_TAG}"
ARTIFACTS=$(find src-tauri/target/x86_64-pc-windows-gnu/release/bundle -type f \
\( -name "*.exe" -o -name "*.msi" \) 2>/dev/null)
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No Windows amd64 artifacts found."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME="windows-amd64-$(basename "$f")"
echo "Uploading $NAME..."
gh release upload "$TAG" "$f#$NAME" --clobber
echo "✓ Uploaded $NAME"
done
build-macos-arm64:
needs: autotag
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Download kubectl binaries
run: |
chmod +x scripts/download-kubectl.sh
./scripts/download-kubectl.sh
- name: Build
env:
MACOSX_DEPLOYMENT_TARGET: "11.0"
run: |
npm ci --legacy-peer-deps
rustup target add aarch64-apple-darwin
CI=true npx tauri build --target aarch64-apple-darwin --bundles app
APP=$(find src-tauri/target/aarch64-apple-darwin/release/bundle/macos -maxdepth 1 -type d -name "*.app" | head -n 1)
if [ -z "$APP" ]; then
echo "ERROR: Could not find macOS app bundle"
exit 1
fi
APP_NAME=$(basename "$APP" .app)
codesign --deep --force --sign - "$APP"
mkdir -p src-tauri/target/aarch64-apple-darwin/release/bundle/dmg
DMG=src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/${APP_NAME}.dmg
hdiutil create -volname "$APP_NAME" -srcfolder "$APP" -ov -format UDZO "$DMG"
- name: Upload artifacts to GitHub release
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -eu
TAG="${RELEASE_TAG}"
ARTIFACTS=$(find src-tauri/target/aarch64-apple-darwin/release/bundle -type f -name "*.dmg")
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No macOS arm64 DMG artifacts found."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME="macos-arm64-$(basename "$f")"
echo "Uploading $NAME..."
gh release upload "$TAG" "$f#$NAME" --clobber
echo "✓ Uploaded $NAME"
done
build-linux-arm64:
needs: autotag
runs-on: ubuntu-latest
container:
image: ghcr.io/tftsr/trcaa-linux-arm64:rust1.88-node22
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Mark workspace as safe for git
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Cache cargo registry
uses: actions/cache@v5
with:
path: |
/root/.cargo/registry/index
/root/.cargo/registry/cache
/root/.cargo/git/db
key: ${{ runner.os }}-cargo-arm64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-arm64-
- name: Cache npm
uses: actions/cache@v5
with:
path: /root/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Set Rust toolchain default
env:
RUSTUP_HOME: /root/.rustup
CARGO_HOME: /root/.cargo
run: |
rustup default 1.88.0
rustup target add aarch64-unknown-linux-gnu
- name: Download kubectl binaries
run: |
chmod +x scripts/download-kubectl.sh
./scripts/download-kubectl.sh
- name: Build
env:
RUSTUP_HOME: /root/.rustup
CARGO_HOME: /root/.cargo
CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc
CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++
AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu
PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig
PKG_CONFIG_ALLOW_CROSS: "1"
OPENSSL_NO_VENDOR: "0"
OPENSSL_STATIC: "1"
APPIMAGE_EXTRACT_AND_RUN: "1"
run: |
npm ci --legacy-peer-deps
CI=true npx tauri build --target aarch64-unknown-linux-gnu --bundles deb,rpm
- name: Upload artifacts to GitHub release
env:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -eu
TAG="${RELEASE_TAG}"
ARTIFACTS=$(find src-tauri/target/aarch64-unknown-linux-gnu/release/bundle -type f \
\( -name "*.deb" -o -name "*.rpm" -o -name "*.AppImage" \))
if [ -z "$ARTIFACTS" ]; then
echo "ERROR: No Linux arm64 artifacts found."
exit 1
fi
printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do
NAME="linux-arm64-$(basename "$f")"
echo "Uploading $NAME..."
gh release upload "$TAG" "$f#$NAME" --clobber
echo "✓ Uploaded $NAME"
done

75
.github/workflows/test.yml vendored
View File

@ -1,75 +0,0 @@
name: Test
on:
push:
branches:
- main
- 'feature/**'
- 'bug/**'
- 'fix/**'
pull_request:
branches:
- main
jobs:
rust-test:
runs-on: ubuntu-latest
container:
image: ghcr.io/tftsr/trcaa-linux-amd64:rust1.88-node22
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Cache cargo registry
uses: actions/cache@v5
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-linux-amd64-
- name: Install npm dependencies
run: npm ci --legacy-peer-deps
- name: Update version from Git
run: node scripts/update-version.mjs
- name: Download kubectl binaries
run: |
chmod +x scripts/download-kubectl.sh
./scripts/download-kubectl.sh
- name: Generate lockfile
run: cargo generate-lockfile --manifest-path src-tauri/Cargo.toml
- name: Rust fmt check
run: cargo fmt --manifest-path src-tauri/Cargo.toml --check
- name: Rust clippy
run: cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings
- name: Rust tests
run: cargo test --manifest-path src-tauri/Cargo.toml -- --test-threads=1
frontend-test:
runs-on: ubuntu-latest
container:
image: node:22-alpine
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 1
- name: Cache npm
uses: actions/cache@v5
with:
path: ~/.npm
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-npm-
- name: Install dependencies
run: npm ci --legacy-peer-deps
- name: TypeScript type check
run: npx tsc --noEmit
- name: Run frontend tests
run: npm run test:run