16930dca70
Dockerfiles: - Merge rustup target add and component add into one chained RUN with || true guard, making it safe if rustfmt/clippy are already present in the base image's default toolchain profile (rust:1.88-slim default profile includes both; the guard is belt-and-suspenders) test.yml: - Add --locked to cargo clippy and cargo test to enforce Cargo.lock during CI, preventing silent dependency upgrades Not addressed (accepted/out of scope): - git in images: already installed in all three Dockerfiles (lines 19, 13, 15 respectively) — reviewer finding was incorrect - HTTP registry: accepted risk for air-gapped self-hosted infrastructure - Image signing (Cosign): no infrastructure in place yet - Hardcoded registry IP: consistent with project-wide pattern
179 lines
6.5 KiB
YAML
179 lines
6.5 KiB
YAML
name: Test
|
|
|
|
on:
|
|
pull_request:
|
|
|
|
jobs:
|
|
rust-fmt-check:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
set -eux
|
|
git init
|
|
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
|
|
if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then
|
|
echo "Fetched commit SHA: $GITHUB_SHA"
|
|
elif [ -n "${GITHUB_REF_NAME:-}" ] && git fetch --depth=1 origin "$GITHUB_REF_NAME"; then
|
|
echo "Fetched ref name: $GITHUB_REF_NAME"
|
|
elif [ -n "${GITHUB_REF:-}" ]; then
|
|
REF_NAME="${GITHUB_REF#refs/heads/}"
|
|
git fetch --depth=1 origin "$REF_NAME"
|
|
echo "Fetched ref from GITHUB_REF: $REF_NAME"
|
|
else
|
|
git fetch --depth=1 origin master
|
|
echo "Fetched fallback ref: master"
|
|
fi
|
|
git checkout FETCH_HEAD
|
|
- name: Cache cargo registry
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cargo/registry/index
|
|
~/.cargo/registry/cache
|
|
~/.cargo/git/db
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-
|
|
- run: cargo fmt --manifest-path src-tauri/Cargo.toml --check
|
|
|
|
rust-clippy:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
set -eux
|
|
git init
|
|
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
|
|
if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then
|
|
echo "Fetched commit SHA: $GITHUB_SHA"
|
|
elif [ -n "${GITHUB_REF_NAME:-}" ] && git fetch --depth=1 origin "$GITHUB_REF_NAME"; then
|
|
echo "Fetched ref name: $GITHUB_REF_NAME"
|
|
elif [ -n "${GITHUB_REF:-}" ]; then
|
|
REF_NAME="${GITHUB_REF#refs/heads/}"
|
|
git fetch --depth=1 origin "$REF_NAME"
|
|
echo "Fetched ref from GITHUB_REF: $REF_NAME"
|
|
else
|
|
git fetch --depth=1 origin master
|
|
echo "Fetched fallback ref: master"
|
|
fi
|
|
git checkout FETCH_HEAD
|
|
- name: Cache cargo registry
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cargo/registry/index
|
|
~/.cargo/registry/cache
|
|
~/.cargo/git/db
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-
|
|
- run: cargo clippy --locked --manifest-path src-tauri/Cargo.toml -- -D warnings
|
|
|
|
rust-tests:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: 172.0.0.29:3000/sarman/trcaa-linux-amd64:rust1.88-node22
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
set -eux
|
|
git init
|
|
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
|
|
if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then
|
|
echo "Fetched commit SHA: $GITHUB_SHA"
|
|
elif [ -n "${GITHUB_REF_NAME:-}" ] && git fetch --depth=1 origin "$GITHUB_REF_NAME"; then
|
|
echo "Fetched ref name: $GITHUB_REF_NAME"
|
|
elif [ -n "${GITHUB_REF:-}" ]; then
|
|
REF_NAME="${GITHUB_REF#refs/heads/}"
|
|
git fetch --depth=1 origin "$REF_NAME"
|
|
echo "Fetched ref from GITHUB_REF: $REF_NAME"
|
|
else
|
|
git fetch --depth=1 origin master
|
|
echo "Fetched fallback ref: master"
|
|
fi
|
|
git checkout FETCH_HEAD
|
|
- name: Cache cargo registry
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cargo/registry/index
|
|
~/.cargo/registry/cache
|
|
~/.cargo/git/db
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-cargo-
|
|
- run: cargo test --locked --manifest-path src-tauri/Cargo.toml -- --test-threads=1
|
|
|
|
frontend-typecheck:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: node:22-alpine
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
set -eux
|
|
apk add --no-cache git
|
|
git init
|
|
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
|
|
if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then
|
|
echo "Fetched commit SHA: $GITHUB_SHA"
|
|
elif [ -n "${GITHUB_REF_NAME:-}" ] && git fetch --depth=1 origin "$GITHUB_REF_NAME"; then
|
|
echo "Fetched ref name: $GITHUB_REF_NAME"
|
|
elif [ -n "${GITHUB_REF:-}" ]; then
|
|
REF_NAME="${GITHUB_REF#refs/heads/}"
|
|
git fetch --depth=1 origin "$REF_NAME"
|
|
echo "Fetched ref from GITHUB_REF: $REF_NAME"
|
|
else
|
|
git fetch --depth=1 origin master
|
|
echo "Fetched fallback ref: master"
|
|
fi
|
|
git checkout FETCH_HEAD
|
|
- name: Cache npm
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-npm-
|
|
- run: npm ci --legacy-peer-deps
|
|
- run: npx tsc --noEmit
|
|
|
|
frontend-tests:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: node:22-alpine
|
|
steps:
|
|
- name: Checkout
|
|
run: |
|
|
set -eux
|
|
apk add --no-cache git
|
|
git init
|
|
git remote add origin http://172.0.0.29:3000/sarman/tftsr-devops_investigation.git
|
|
if [ -n "${GITHUB_SHA:-}" ] && git fetch --depth=1 origin "$GITHUB_SHA"; then
|
|
echo "Fetched commit SHA: $GITHUB_SHA"
|
|
elif [ -n "${GITHUB_REF_NAME:-}" ] && git fetch --depth=1 origin "$GITHUB_REF_NAME"; then
|
|
echo "Fetched ref name: $GITHUB_REF_NAME"
|
|
elif [ -n "${GITHUB_REF:-}" ]; then
|
|
REF_NAME="${GITHUB_REF#refs/heads/}"
|
|
git fetch --depth=1 origin "$REF_NAME"
|
|
echo "Fetched ref from GITHUB_REF: $REF_NAME"
|
|
else
|
|
git fetch --depth=1 origin master
|
|
echo "Fetched fallback ref: master"
|
|
fi
|
|
git checkout FETCH_HEAD
|
|
- name: Cache npm
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-npm-
|
|
- run: npm ci --legacy-peer-deps
|
|
- run: npm run test:run
|