diff --git a/.gitea/workflows/build-images.yml b/.gitea/workflows/build-images.yml index 51c9c418..5bf6abc3 100644 --- a/.gitea/workflows/build-images.yml +++ b/.gitea/workflows/build-images.yml @@ -7,7 +7,7 @@ name: Build CI Docker Images # - Automatically: whenever a Dockerfile under .docker/ changes on master. # - Manually: via workflow_dispatch (e.g. first-time setup, forced rebuild). # -# ONE-TIME SERVER PREREQUISITE (run once on gitea.tftsr.com before first use): +# ONE-TIME SERVER PREREQUISITE (run once on 172.0.0.29 before first use): # echo '{"insecure-registries":["172.0.0.29:3000"]}' \ # | sudo tee /etc/docker/daemon.json # sudo systemctl restart docker diff --git a/.gitea/workflows/pr-review.yml b/.gitea/workflows/pr-review.yml index 9fff5b7e..5d3c39cd 100644 --- a/.gitea/workflows/pr-review.yml +++ b/.gitea/workflows/pr-review.yml @@ -141,7 +141,7 @@ jobs: if: steps.context.outputs.diff_size != '0' shell: bash env: - LITELLM_URL: http://gitea.tftsr.com:11434/v1 + LITELLM_URL: http://172.0.0.29:11434/v1 LITELLM_API_KEY: ${{ secrets.OLLAMA_API_KEY }} PR_TITLE: ${{ github.event.pull_request.title }} PR_NUMBER: ${{ github.event.pull_request.number }} diff --git a/.github/AZURE_BOARDS_INTEGRATION.md b/.github/AZURE_BOARDS_INTEGRATION.md deleted file mode 100644 index 85174766..00000000 --- a/.github/AZURE_BOARDS_INTEGRATION.md +++ /dev/null @@ -1,234 +0,0 @@ -# Azure Boards + GitHub Integration - -## Issue - -When using `AB#727547` syntax in PR titles or commit messages, the work item reference is **not** automatically converted to a clickable link to Azure DevOps. - -## Root Cause - -The `AB#` syntax requires the **Azure Boards GitHub App** to be installed and configured for this repository. - -## Current Status - -❌ **Azure Boards app not installed** on `tftsr/apollo_nxt-trcaa` -- `AB#` references in titles/commits are not linked -- Manual URL links work: `https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547` - -## How Azure Boards + GitHub Integration Works - -When properly configured: -1. `AB#727547` in PR title → Automatically converted to clickable link -2. `AB#727547` in commit message → Linked to work item -3. PR/commit status → Appears in ADO work item "Development" tab -4. PR merge → Can auto-transition work item state - -## Setup Instructions - -### Step 1: Install Azure Boards GitHub App - -**Option A: Organization-Level Installation** (Recommended) -1. Go to: https://github.com/marketplace/azure-boards -2. Click **"Set up a plan"** or **"Install it for free"** -3. Select **tftsr** organization -4. Choose **"All repositories"** or select specific repos -5. Click **"Install"** - -**Option B: Repository-Level Installation** -1. Go to: https://github.com/apps/azure-boards -2. Click **"Configure"** -3. Select **tftsr** organization -4. Under "Repository access", select **"Only select repositories"** -5. Choose **apollo_nxt-trcaa** -6. Click **"Save"** - -### Step 2: Connect to Azure DevOps - -1. After installation, you'll be redirected to Azure DevOps -2. Sign in with your TFTSR account: `VFK387@tftsr.com` -3. Select **Azure DevOps organization**: `dev.azure.com/tftsr` -4. Select **Project**: `Apollo` -5. Authorize the connection - -### Step 3: Configure Repository Mapping - -1. In Azure DevOps, go to: `https://dev.azure.com/tftsr/Apollo/_settings/boards-external-integration` -2. Click **"+ Add connection"** -3. Select **GitHub** as the source -4. Choose the repository: **tftsr/apollo_nxt-trcaa** -5. Configure settings: - - ✅ Enable **automatic work item linking** - - ✅ Enable **state transition on PR merge** - - ✅ Enable **mentions validation** - -### Step 4: Verify Integration - -After setup, test the integration: - -```bash -# Create a test branch -git checkout -b test/azure-boards-link - -# Create a commit with AB# reference -git commit --allow-empty -m "test: verify Azure Boards linking AB#727547" - -# Push and create PR -git push -u origin test/azure-boards-link -gh pr create --title "Test: Azure Boards Integration AB#727547" --body "Testing AB# linking" -``` - -Expected results: -- ✅ `AB#727547` in PR title is a clickable link -- ✅ PR appears in ADO work item 727547 "Development" tab -- ✅ Commit with `AB#` appears in work item history - -## Available Syntax - -Once installed, these formats work: - -### In PR Titles and Descriptions -``` -AB#727547 # Basic link -Fixes AB#727547 # Closes work item on merge -Resolves AB#727547 # Closes work item on merge -Closes AB#727547 # Closes work item on merge -``` - -### In Commit Messages -``` -git commit -m "feat: add feature AB#727547" -git commit -m "fix: resolve bug (fixes AB#727547)" -``` - -### Multiple Work Items -``` -feat: implement features AB#727547 AB#744142 -``` - -## State Transitions - -Configure automatic state transitions on PR events: - -| GitHub Event | ADO Work Item State Transition | -|--------------|--------------------------------| -| PR created with `AB#` | No change (or → Active) | -| PR merged with `Fixes AB#` | → Resolved or Closed | -| PR merged with `AB#` | No change (configurable) | -| PR closed without merge | No change | - -## Current Workaround - -Until Azure Boards app is installed, use full URLs: - -**In PR Description** (already done in PR #27): -```markdown -**Work Item**: https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547 -``` - -**In Commits**: -```bash -git commit -m "feat: add feature - -Work Item: https://dev.azure.com/tftsr/Apollo/_workitems/edit/727547" -``` - -## Benefits of Azure Boards Integration - -### For Developers -- ✅ Quick navigation from PR to work item -- ✅ See all PRs/commits linked to a work item -- ✅ Automatic work item state updates -- ✅ Reduced manual ADO updates - -### For Project Management -- ✅ Visibility into code changes per work item -- ✅ Traceability from requirement → code → deployment -- ✅ Automated status updates -- ✅ Better sprint velocity tracking - -### For Compliance -- ✅ Audit trail of code changes per work item -- ✅ Traceability for security/compliance requirements -- ✅ Automated documentation of development activity - -## Verification Commands - -After installation, verify with: - -```bash -# Check if Azure Boards app is installed -gh api repos/tftsr/apollo_nxt-trcaa/installation - -# View PR with AB# reference -gh pr view 27 - -# Check work item in ADO for linked PRs -az boards work-item show --id 727547 --org https://dev.azure.com/tftsr | jq '.relations' -``` - -## Troubleshooting - -### AB# Not Linking -**Problem**: `AB#727547` shows as plain text, not a link - -**Solutions**: -1. Verify Azure Boards app is installed for the repo -2. Check Azure DevOps connection is active -3. Ensure repo is mapped in ADO project settings -4. Verify `AB#` format is correct (no spaces) - -### PRs Not Appearing in ADO -**Problem**: PR created but doesn't show in work item "Development" tab - -**Solutions**: -1. Check if `AB#` was in PR title or description -2. Verify ADO project connection is active -3. Wait 5-10 minutes for sync (can be delayed) -4. Manually link PR in ADO if needed - -### State Transitions Not Working -**Problem**: PR merged but work item state unchanged - -**Solutions**: -1. Verify state transition rules are configured in ADO -2. Check if `Fixes AB#` syntax was used (not just `AB#`) -3. Ensure PR was merged (not closed without merge) -4. Check ADO project settings for transition rules - -## Security Considerations - -- Azure Boards app requires **read/write** access to repos -- OAuth token is stored in Azure DevOps -- App can read PR content and commit messages -- All activity is logged in both GitHub and ADO audit logs - -## References - -- [Azure Boards GitHub App](https://github.com/marketplace/azure-boards) -- [Azure Boards + GitHub Integration Docs](https://learn.microsoft.com/en-us/azure/devops/boards/github/) -- [Work Item Linking Syntax](https://learn.microsoft.com/en-us/azure/devops/boards/github/link-to-from-github) - -## Action Items - -To enable `AB#` linking on this repo: - -1. [ ] Install Azure Boards GitHub app on tftsr organization or apollo_nxt-trcaa repo -2. [ ] Connect to Azure DevOps (dev.azure.com/tftsr) -3. [ ] Map repository in Apollo project settings -4. [ ] Configure state transition rules (optional) -5. [ ] Test with a sample PR using `AB#` syntax -6. [ ] Update team documentation with `AB#` syntax usage - -## Contact - -For questions about Azure Boards integration or GitHub app installation: -- GitHub Organization Admins: @tftsr admins -- Azure DevOps Project Admins: Apollo project leads -- DevOps Team - ---- - -**Last Updated**: 2026-06-02 -**Status**: Azure Boards app not installed - manual URL links required -**Repository**: tftsr/apollo_nxt-trcaa -**ADO Organization**: dev.azure.com/tftsr -**ADO Project**: Apollo diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index 768538f9..00000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1,11 +0,0 @@ -# All files require review from owner -# GitHub Copilot code reviews are enabled via GitHub Advanced Security settings -# (not via CODEOWNERS - see repo Settings -> Security -> Code security and analysis) -* @Shaun-Arman-VFK387_moto - -# Rust backend -src-tauri/ @Shaun-Arman-VFK387_moto - -# CI/CD pipelines and Docker build configs -.github/workflows/ @Shaun-Arman-VFK387_moto -.docker/ @Shaun-Arman-VFK387_moto diff --git a/.github/COPILOT_SETUP.md b/.github/COPILOT_SETUP.md deleted file mode 100644 index 93f1865e..00000000 --- a/.github/COPILOT_SETUP.md +++ /dev/null @@ -1,145 +0,0 @@ -# GitHub Copilot Code Review Setup - -## Overview - -GitHub Copilot can automatically review pull requests when properly configured. This document explains how to enable Copilot code reviews for this repository. - -## Current Status - -✅ **Workflows Active**: GitHub shows Copilot workflows are active: -- `Copilot` (pull-request-reviewer) -- `Copilot cloud agent` (copilot-swe-agent) -- `CodeQL` (code scanning) - -⚠️ **Configuration Needed**: Copilot code reviews must be enabled through GitHub Advanced Security settings. - -## How GitHub Copilot Code Reviews Work - -GitHub Copilot code reviews are **not** triggered via CODEOWNERS file (unlike human reviewers). Instead, they are configured through: - -1. **GitHub Advanced Security** (requires GitHub Enterprise or GitHub Team plan) -2. **Repository Settings** → **Security** → **Code security and analysis** -3. **Copilot Autofix** (for security vulnerabilities) -4. **Copilot Code Review** (manual opt-in feature) - -## Setup Steps - -### Step 1: Enable GitHub Advanced Security - -1. Navigate to: `https://github.com/tftsr/apollo_nxt-trcaa/settings/security_analysis` -2. Enable **GitHub Advanced Security** (if available with your plan) -3. Enable **Dependabot alerts** -4. Enable **Code scanning** (CodeQL) -5. Enable **Secret scanning** - -### Step 2: Enable Copilot Code Review - -As of 2024-2026, GitHub Copilot code reviews can be enabled via: - -**Option A: Copilot Autofix (Security-focused)** -1. Go to repository **Settings** → **Code security and analysis** -2. Enable **Copilot Autofix** under "Code scanning" -3. Copilot will suggest fixes for CodeQL alerts in pull requests - -**Option B: Copilot Workspace (Preview Feature)** -1. Ensure your organization has Copilot Business or Enterprise -2. Navigate to: `https://github.com/tftsr/apollo_nxt-trcaa/settings/copilot` -3. Enable **Copilot Code Review** (if available) -4. Configure review triggers: - - On all pull requests - - On pull requests targeting protected branches - - Manual trigger only - -### Step 3: Configure Review Rules - -Add Copilot as a required check in branch protection: - -```bash -# Via GitHub CLI -gh api repos/tftsr/apollo_nxt-trcaa/branches/main/protection/required_status_checks \ - --method PATCH \ - --field strict=true \ - --field contexts[]='rust-test' \ - --field contexts[]='frontend-test' \ - --field contexts[]='copilot-code-review' # Add this line -``` - -Or via GitHub UI: -1. Go to **Settings** → **Branches** → **Branch protection rules** → **main** -2. Under "Require status checks to pass before merging" -3. Add **copilot-code-review** to required checks - -## Verification - -To verify Copilot is reviewing PRs: - -```bash -# Check if Copilot workflow ran on a PR -gh pr checks 27 - -# Check for Copilot comments on a PR -gh pr view 27 --comments | grep -i copilot -``` - -## Triggering Manual Review - -If Copilot code review is enabled but not automatic, you can trigger it manually: - -1. Add a comment to the PR: `@github-copilot review` -2. Or use GitHub CLI: `gh pr review 27 --request-changes --body "@github-copilot please review"` - -## Current Configuration - -**Branch Protection** (as of 2026-06-02): -- ✅ Required status checks: `rust-test`, `frontend-test` -- ✅ Require code owner reviews: Yes -- ✅ Required approving review count: 1 -- ⚠️ Copilot code review: Not configured as required check - -**CODEOWNERS**: -- Owner: @sarman -- Note: `@github-copilot` removed from CODEOWNERS (not a valid reviewer) - -## Limitations - -- **Plan Requirement**: GitHub Advanced Security requires GitHub Enterprise or Team plan -- **Private Repos**: May have limited Copilot features depending on plan -- **Availability**: Copilot code review features are gradually rolling out -- **Manual Trigger**: Some orgs require manual trigger via comments - -## Alternative: CodeQL Analysis - -If Copilot code review is not available, CodeQL provides automated code analysis: - -1. CodeQL workflow is already active (`.github/workflows/codeql-analysis.yml` - dynamic) -2. Runs on every push to main and pull request -3. Scans for security vulnerabilities and code quality issues -4. Results appear in **Security** → **Code scanning alerts** - -## References - -- [GitHub Advanced Security Documentation](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) -- [GitHub Copilot for Business](https://docs.github.com/en/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise) -- [CodeQL Documentation](https://codeql.github.com/) - -## Action Items - -To fully enable Copilot code reviews on this repo: - -1. [ ] Verify GitHub plan includes Advanced Security features -2. [ ] Enable GitHub Advanced Security in repo settings -3. [ ] Enable Copilot Autofix (if available) -4. [ ] Configure Copilot code review triggers (if feature is available) -5. [ ] Add `copilot-code-review` to required status checks -6. [ ] Test on a sample PR to verify functionality - -## Contact - -For questions about GitHub Advanced Security or Copilot features for the TFTSR organization, contact: -- GitHub Organization Admins -- DevOps Team - ---- - -**Last Updated**: 2026-06-02 -**Status**: Configuration pending - awaiting Advanced Security setup diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index f6618883..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - day: "monday" - labels: - - "dependencies" - - "ci" - - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" - day: "monday" - labels: - - "dependencies" - - "frontend" - ignore: - # Tauri requires tight version alignment — let Tauri control its own deps - - dependency-name: "@tauri-apps/*" - update-types: ["version-update:semver-major"] - - - package-ecosystem: "cargo" - directory: "/src-tauri" - schedule: - interval: "weekly" - day: "monday" - labels: - - "dependencies" - - "rust" - ignore: - # Tauri workspace crates — major bumps require coordinated migration - - dependency-name: "tauri" - update-types: ["version-update:semver-major"] - - dependency-name: "tauri-build" - update-types: ["version-update:semver-major"] - - dependency-name: "tauri-plugin-*" - update-types: ["version-update:semver-major"] diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml deleted file mode 100644 index 06563dc4..00000000 --- a/.github/workflows/build-images.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: Build CI Docker Images - -# Rebuilds the pre-baked builder images and pushes them to ghcr.io. -# -# WHEN TO RUN: -# - Automatically: whenever a Dockerfile under .docker/ changes on main. -# - Manually: via workflow_dispatch (e.g. first-time setup, forced rebuild). -# -# Images produced: -# ghcr.io/tftsr/trcaa-linux-amd64:rust1.88-node22 -# ghcr.io/tftsr/trcaa-windows-cross:rust1.88-node22 -# ghcr.io/tftsr/trcaa-linux-arm64:rust1.88-node22 - -on: - push: - branches: - - main - paths: - - '.docker/**' - workflow_dispatch: - -concurrency: - group: build-ci-images - cancel-in-progress: false - -env: - REGISTRY: ghcr.io - REGISTRY_OWNER: tftsr - -permissions: - contents: read - packages: write - -jobs: - linux-amd64: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Log in to ghcr.io - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - name: Build and push linux-amd64 builder - run: | - docker build \ - -t $REGISTRY/$REGISTRY_OWNER/trcaa-linux-amd64:rust1.88-node22 \ - -f .docker/Dockerfile.linux-amd64 . - docker push $REGISTRY/$REGISTRY_OWNER/trcaa-linux-amd64:rust1.88-node22 - echo "✓ Pushed $REGISTRY/$REGISTRY_OWNER/trcaa-linux-amd64:rust1.88-node22" - - windows-cross: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Log in to ghcr.io - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - name: Build and push windows-cross builder - run: | - docker build \ - -t $REGISTRY/$REGISTRY_OWNER/trcaa-windows-cross:rust1.88-node22 \ - -f .docker/Dockerfile.windows-cross . - docker push $REGISTRY/$REGISTRY_OWNER/trcaa-windows-cross:rust1.88-node22 - echo "✓ Pushed $REGISTRY/$REGISTRY_OWNER/trcaa-windows-cross:rust1.88-node22" - - linux-arm64: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Log in to ghcr.io - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - name: Build and push linux-arm64 builder - run: | - docker build \ - -t $REGISTRY/$REGISTRY_OWNER/trcaa-linux-arm64:rust1.88-node22 \ - -f .docker/Dockerfile.linux-arm64 . - docker push $REGISTRY/$REGISTRY_OWNER/trcaa-linux-arm64:rust1.88-node22 - echo "✓ Pushed $REGISTRY/$REGISTRY_OWNER/trcaa-linux-arm64:rust1.88-node22" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index ec5947ca..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,499 +0,0 @@ -name: Release - -# Runs on every merge to main — reads the latest semver tag, increments -# the patch version, pushes a new tag, generates a changelog, then builds -# multi-platform release artifacts and uploads them to GitHub Releases. -# workflow_dispatch allows manual triggering. - -on: - push: - branches: - - main - paths-ignore: - - CHANGELOG.md - workflow_dispatch: - -concurrency: - group: release-main - cancel-in-progress: false - -permissions: - contents: write - packages: read - -jobs: - autotag: - runs-on: ubuntu-latest - outputs: - release_tag: ${{ steps.bump.outputs.release_tag }} - steps: - - name: Checkout (full history + all tags) - uses: actions/checkout@v6 - with: - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Configure git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Bump patch version and create tag - id: bump - run: | - set -eu - - # Read the version declared in Cargo.toml - CARGO_VERSION=$(grep '^version' src-tauri/Cargo.toml | head -1 | sed 's/version = "//;s/"//') - CARGO_TAG="v${CARGO_VERSION}" - echo "Cargo.toml declares: $CARGO_TAG" - - # Get the latest clean semver tag (vX.Y.Z only) - LATEST=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -1 || echo "") - echo "Latest git tag: ${LATEST:-none}" - - # Version resolution: - # 1. Cargo.toml > latest tag → use Cargo.toml (major/minor bump) - # 2. Cargo.toml == latest tag → reuse for builds (already tagged) - # 3. Cargo.toml < latest tag → auto-increment patch on latest tag - if [ -z "$LATEST" ]; then - NEXT="$CARGO_TAG" - elif [ "$(printf '%s\n' "$LATEST" "$CARGO_TAG" | sort -V | tail -1)" = "$CARGO_TAG" ]; then - NEXT="$CARGO_TAG" - if [ "$CARGO_TAG" = "$LATEST" ]; then - echo "Cargo.toml matches latest tag — reusing $NEXT for builds" - else - echo "Cargo.toml version $CARGO_TAG is ahead of $LATEST — using Cargo.toml" - fi - else - MAJOR=$(echo "$LATEST" | cut -d. -f1 | tr -d 'v') - MINOR=$(echo "$LATEST" | cut -d. -f2) - PATCH=$(echo "$LATEST" | cut -d. -f3) - NEXT="v${MAJOR}.${MINOR}.$((PATCH + 1))" - fi - - echo "Latest tag: ${LATEST:-none} → Next: $NEXT" - - if git ls-remote --exit-code --tags origin "refs/tags/$NEXT" >/dev/null 2>&1; then - echo "Tag $NEXT already exists; builds will target this tag." - else - git tag -a "$NEXT" -m "Release $NEXT" - git push origin "refs/tags/$NEXT" - echo "Tag $NEXT pushed successfully" - fi - - echo "release_tag=$NEXT" >> "$GITHUB_OUTPUT" - - changelog: - needs: autotag - runs-on: ubuntu-latest - steps: - - name: Checkout (full history + all tags) - uses: actions/checkout@v6 - with: - fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Configure git - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - - name: Install git-cliff - run: | - set -eu - CLIFF_VER="2.7.0" - curl -fsSL \ - "https://github.com/orhun/git-cliff/releases/download/v${CLIFF_VER}/git-cliff-${CLIFF_VER}-x86_64-unknown-linux-musl.tar.gz" \ - | tar -xz --strip-components=1 -C /usr/local/bin \ - "git-cliff-${CLIFF_VER}/git-cliff" - - - name: Generate changelog - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - run: | - set -eu - CURRENT_TAG="${RELEASE_TAG}" - echo "Building changelog for $CURRENT_TAG" - - if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then - echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch" - exit 1 - fi - - git-cliff --config cliff.toml --output CHANGELOG.md - PREV_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \ - | grep -v "^${CURRENT_TAG}$" | head -1 || echo "") - if [ -n "$PREV_TAG" ]; then - # Generate changelog for ONLY this version (from previous tag to current tag) - git-cliff --config cliff.toml "${PREV_TAG}..${CURRENT_TAG}" --strip all > /tmp/release_body.md || true - else - echo "No previous tag found, generating from all git commits" - git-cliff --config cliff.toml --unreleased --strip all > /tmp/release_body.md || true - fi - echo "=== Release body preview ===" - cat /tmp/release_body.md - - - name: Create or update GitHub release - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -eu - TAG="${RELEASE_TAG}" - BODY=$(cat /tmp/release_body.md) - - if gh release view "$TAG" >/dev/null 2>&1; then - echo "Updating existing release $TAG..." - gh release edit "$TAG" --notes "$BODY" - echo "✓ Release body updated" - else - echo "Creating release $TAG..." - gh release create "$TAG" \ - --title "TRCAA $TAG" \ - --notes "$BODY" - echo "✓ Release created" - fi - - - name: Commit CHANGELOG.md to main - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - run: | - TAG="${RELEASE_TAG}" - if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then - echo "ERROR: Unexpected tag format: $TAG" - exit 1 - fi - git add CHANGELOG.md - if git diff --staged --quiet; then - echo "No CHANGELOG.md changes to commit" - else - git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]" - if git push origin HEAD:main; then - echo "✓ CHANGELOG.md committed to main" - else - echo "⚠ Could not push CHANGELOG.md to main (branch protection requires PR)." - echo " The changelog is still available as a release asset and in the release notes." - fi - fi - - - name: Upload CHANGELOG.md as release asset - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -eu - TAG="${RELEASE_TAG}" - # Remove existing asset if present to allow re-upload - gh release delete-asset "$TAG" CHANGELOG.md --yes 2>/dev/null || true - gh release upload "$TAG" CHANGELOG.md - echo "✓ CHANGELOG.md uploaded" - - wiki-sync: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - - name: Configure git - run: | - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - - - name: Clone and sync wiki - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - cd /tmp - WIKI_URL="https://x-access-token:${GH_TOKEN}@github.com/tftsr/apollo_nxt-trcaa.wiki.git" - - if ! git clone "$WIKI_URL" wiki 2>/dev/null; then - echo "Wiki doesn't exist yet, creating initial structure..." - mkdir -p wiki - cd wiki - git init - git checkout -b master - echo "# Wiki" > Home.md - git add Home.md - git commit -m "Initial wiki commit" - git remote add origin "$WIKI_URL" - fi - - cd /tmp/wiki - if [ -d "$GITHUB_WORKSPACE/docs/wiki" ]; then - cp -v "$GITHUB_WORKSPACE"/docs/wiki/*.md . 2>/dev/null || echo "No wiki files to copy" - fi - - git add -A - if ! git diff --staged --quiet; then - git commit -m "docs: sync from docs/wiki/ at commit ${GITHUB_SHA:0:8}" - if git push origin master; then - echo "✓ Wiki successfully synced" - else - echo "⚠ Wiki push failed" - exit 1 - fi - else - echo "No wiki changes to commit" - fi - - build-linux-amd64: - needs: autotag - runs-on: ubuntu-latest - container: - image: ghcr.io/tftsr/trcaa-linux-amd64:rust1.88-node22 - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Mark workspace as safe for git - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Cache cargo registry - uses: actions/cache@v5 - with: - path: | - ~/.cargo/registry/index - ~/.cargo/registry/cache - ~/.cargo/git/db - key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-linux-amd64- - - name: Cache npm - uses: actions/cache@v5 - with: - path: ~/.npm - key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-npm- - - name: Download kubectl binaries - run: | - chmod +x scripts/download-kubectl.sh - ./scripts/download-kubectl.sh - - name: Build - env: - APPIMAGE_EXTRACT_AND_RUN: "1" - run: | - npm ci --legacy-peer-deps - CI=true npx tauri build --target x86_64-unknown-linux-gnu - - name: Upload artifacts to GitHub release - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -eu - TAG="${RELEASE_TAG}" - ARTIFACTS=$(find src-tauri/target/x86_64-unknown-linux-gnu/release/bundle -type f \ - \( -name "*.deb" -o -name "*.rpm" \)) - if [ -z "$ARTIFACTS" ]; then - echo "ERROR: No Linux amd64 artifacts found." - exit 1 - fi - printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do - NAME="linux-amd64-$(basename "$f")" - echo "Uploading $NAME..." - gh release upload "$TAG" "$f#$NAME" --clobber - echo "✓ Uploaded $NAME" - done - - build-windows-amd64: - needs: autotag - runs-on: ubuntu-latest - container: - image: ghcr.io/tftsr/trcaa-windows-cross:rust1.88-node22 - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Mark workspace as safe for git - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Cache cargo registry - uses: actions/cache@v5 - with: - path: | - ~/.cargo/registry/index - ~/.cargo/registry/cache - ~/.cargo/git/db - key: ${{ runner.os }}-cargo-windows-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-windows- - - name: Cache npm - uses: actions/cache@v5 - with: - path: ~/.npm - key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-npm- - - name: Download kubectl binaries - run: | - chmod +x scripts/download-kubectl.sh - ./scripts/download-kubectl.sh - - name: Build - env: - CC_x86_64_pc_windows_gnu: x86_64-w64-mingw32-gcc - CXX_x86_64_pc_windows_gnu: x86_64-w64-mingw32-g++ - AR_x86_64_pc_windows_gnu: x86_64-w64-mingw32-ar - CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER: x86_64-w64-mingw32-gcc - OPENSSL_NO_VENDOR: "0" - OPENSSL_STATIC: "1" - SODIUM_LIB_DIR: /usr/x86_64-w64-mingw32/lib - SODIUM_STATIC: "1" - run: | - npm ci --legacy-peer-deps - CI=true npx tauri build --target x86_64-pc-windows-gnu - - name: Upload artifacts to GitHub release - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -eu - TAG="${RELEASE_TAG}" - ARTIFACTS=$(find src-tauri/target/x86_64-pc-windows-gnu/release/bundle -type f \ - \( -name "*.exe" -o -name "*.msi" \) 2>/dev/null) - if [ -z "$ARTIFACTS" ]; then - echo "ERROR: No Windows amd64 artifacts found." - exit 1 - fi - printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do - NAME="windows-amd64-$(basename "$f")" - echo "Uploading $NAME..." - gh release upload "$TAG" "$f#$NAME" --clobber - echo "✓ Uploaded $NAME" - done - - build-macos-arm64: - needs: autotag - runs-on: macos-latest - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Download kubectl binaries - run: | - chmod +x scripts/download-kubectl.sh - ./scripts/download-kubectl.sh - - name: Build - env: - MACOSX_DEPLOYMENT_TARGET: "11.0" - run: | - npm ci --legacy-peer-deps - rustup target add aarch64-apple-darwin - CI=true npx tauri build --target aarch64-apple-darwin --bundles app - APP=$(find src-tauri/target/aarch64-apple-darwin/release/bundle/macos -maxdepth 1 -type d -name "*.app" | head -n 1) - if [ -z "$APP" ]; then - echo "ERROR: Could not find macOS app bundle" - exit 1 - fi - APP_NAME=$(basename "$APP" .app) - codesign --deep --force --sign - "$APP" - mkdir -p src-tauri/target/aarch64-apple-darwin/release/bundle/dmg - DMG=src-tauri/target/aarch64-apple-darwin/release/bundle/dmg/${APP_NAME}.dmg - hdiutil create -volname "$APP_NAME" -srcfolder "$APP" -ov -format UDZO "$DMG" - - name: Upload artifacts to GitHub release - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -eu - TAG="${RELEASE_TAG}" - ARTIFACTS=$(find src-tauri/target/aarch64-apple-darwin/release/bundle -type f -name "*.dmg") - if [ -z "$ARTIFACTS" ]; then - echo "ERROR: No macOS arm64 DMG artifacts found." - exit 1 - fi - printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do - NAME="macos-arm64-$(basename "$f")" - echo "Uploading $NAME..." - gh release upload "$TAG" "$f#$NAME" --clobber - echo "✓ Uploaded $NAME" - done - - build-linux-arm64: - needs: autotag - runs-on: ubuntu-latest - container: - image: ghcr.io/tftsr/trcaa-linux-arm64:rust1.88-node22 - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Mark workspace as safe for git - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Cache cargo registry - uses: actions/cache@v5 - with: - path: | - /root/.cargo/registry/index - /root/.cargo/registry/cache - /root/.cargo/git/db - key: ${{ runner.os }}-cargo-arm64-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-arm64- - - name: Cache npm - uses: actions/cache@v5 - with: - path: /root/.npm - key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-npm- - - name: Set Rust toolchain default - env: - RUSTUP_HOME: /root/.rustup - CARGO_HOME: /root/.cargo - run: | - rustup default 1.88.0 - rustup target add aarch64-unknown-linux-gnu - - name: Download kubectl binaries - run: | - chmod +x scripts/download-kubectl.sh - ./scripts/download-kubectl.sh - - name: Build - env: - RUSTUP_HOME: /root/.rustup - CARGO_HOME: /root/.cargo - CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc - CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ - AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar - CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc - PKG_CONFIG_SYSROOT_DIR: /usr/aarch64-linux-gnu - PKG_CONFIG_PATH: /usr/lib/aarch64-linux-gnu/pkgconfig - PKG_CONFIG_ALLOW_CROSS: "1" - OPENSSL_NO_VENDOR: "0" - OPENSSL_STATIC: "1" - APPIMAGE_EXTRACT_AND_RUN: "1" - run: | - npm ci --legacy-peer-deps - CI=true npx tauri build --target aarch64-unknown-linux-gnu --bundles deb,rpm - - name: Upload artifacts to GitHub release - env: - RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -eu - TAG="${RELEASE_TAG}" - ARTIFACTS=$(find src-tauri/target/aarch64-unknown-linux-gnu/release/bundle -type f \ - \( -name "*.deb" -o -name "*.rpm" -o -name "*.AppImage" \)) - if [ -z "$ARTIFACTS" ]; then - echo "ERROR: No Linux arm64 artifacts found." - exit 1 - fi - printf '%s\n' "$ARTIFACTS" | while IFS= read -r f; do - NAME="linux-arm64-$(basename "$f")" - echo "Uploading $NAME..." - gh release upload "$TAG" "$f#$NAME" --clobber - echo "✓ Uploaded $NAME" - done diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 95075dbb..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Test - -on: - push: - branches: - - main - - 'feature/**' - - 'bug/**' - - 'fix/**' - pull_request: - branches: - - main - -jobs: - rust-test: - runs-on: ubuntu-latest - container: - image: ghcr.io/tftsr/trcaa-linux-amd64:rust1.88-node22 - credentials: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Cache cargo registry - uses: actions/cache@v5 - with: - path: | - ~/.cargo/registry/index - ~/.cargo/registry/cache - ~/.cargo/git/db - key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-linux-amd64- - - name: Install npm dependencies - run: npm ci --legacy-peer-deps - - name: Update version from Git - run: node scripts/update-version.mjs - - name: Download kubectl binaries - run: | - chmod +x scripts/download-kubectl.sh - ./scripts/download-kubectl.sh - - name: Generate lockfile - run: cargo generate-lockfile --manifest-path src-tauri/Cargo.toml - - name: Rust fmt check - run: cargo fmt --manifest-path src-tauri/Cargo.toml --check - - name: Rust clippy - run: cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings - - name: Rust tests - run: cargo test --manifest-path src-tauri/Cargo.toml -- --test-threads=1 - - frontend-test: - runs-on: ubuntu-latest - container: - image: node:22-alpine - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Cache npm - uses: actions/cache@v5 - with: - path: ~/.npm - key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-npm- - - name: Install dependencies - run: npm ci --legacy-peer-deps - - name: TypeScript type check - run: npx tsc --noEmit - - name: Run frontend tests - run: npm run test:run