diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..dd5f3ea --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,26 @@ +--- +name: Audit Rust dependencies +on: + pull_request: + paths: + - .github/workflows/audit.yml + - '**/Cargo.toml' + - '**/Cargo.lock' + + schedule: + - cron: '0 0 * * *' + workflow_dispatch: + +jobs: + security_audit: + runs-on: ubuntu-latest + + permissions: + issues: write + checks: write + + steps: + - uses: actions/checkout@v4 + - uses: rustsec/audit-check@v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/cargo.yml b/.github/workflows/cargo.yml new file mode 100644 index 0000000..3734770 --- /dev/null +++ b/.github/workflows/cargo.yml @@ -0,0 +1,69 @@ +--- +name: Rust Cargo validator + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +env: + DATABASE_URL: postgresql://zns:zns@localhost/zns + +jobs: + test: + + runs-on: ubuntu-latest + services: + postgres: + image: postgres + env: + POSTGRES_DB: "zns_test" + POSTGRES_USER: "zns" + POSTGRES_PASSWORD: "zns" + ports: + - 5432:5432 + steps: + - uses: actions/checkout@v4 + - name: Install latest rust toolchain + uses: actions-rs/toolchain@v1 + - name: Install system dependencies + run: sudo apt install libpq5 + - name: Cache compiled dependencies + uses: actions/cache@v3 + with: + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + path: | + ~/.cargo/registry + ~/.cargo/git + target + - name: Run tests + run: RUST_BACKTRACE=1 cargo test --verbose + + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install latest rust toolchain + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: stable + components: rustfmt + override: true + + - name: Check formatting + run: cargo fmt -- --check + + clipy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install latest rust toolchain + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: stable + components: clippy + override: true + - name: Clippy check + run: cargo clippy --locked --all-targets --all-features diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..8b3ff18 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,30 @@ +name: Docker main build + +on: + push: + branches: + - main + +concurrency: + group: docker-main + cancel-in-progress: true + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build the new image + run: docker build . -t ghcr.io/zeuswpi/zns:${{ github.sha }} + - name: Tag the new image with latest + run: docker tag ghcr.io/zeuswpi/zns:${{ github.sha }} ghcr.io/zeuswpi/zns:latest + - name: Push Docker image + run: docker push --all-tags ghcr.io/zeuswpi/zns diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..6ae4f6c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +FROM docker.io/rust:latest AS builder + +WORKDIR /zns + +RUN cargo install diesel_cli --no-default-features --features postgres +COPY . . +RUN cargo install --locked --path zns-daemon + +FROM docker.io/debian:bookworm-slim + +WORKDIR /zns + +COPY --from=builder /usr/local/cargo/bin/diesel /usr/local/cargo/bin/zns-daemon /usr/local/bin +COPY zns-daemon/diesel.toml . +COPY zns-daemon/migrations/ migrations/ + +RUN apt update && apt install libpq5 ca-certificates --yes + +CMD diesel migration run && zns-daemon