release: v0.14.0 #379
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['v*'] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install protobuf compiler | |
| run: sudo apt-get update && sudo apt-get install -y protobuf-compiler | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache cargo registry | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo- | |
| - name: Run tests | |
| run: cargo test --features test-utils | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install protobuf compiler | |
| run: sudo apt-get update && sudo apt-get install -y protobuf-compiler | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Check formatting | |
| run: cargo fmt --check | |
| - name: Run clippy | |
| run: cargo clippy -- -D warnings | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install protobuf compiler | |
| run: sudo apt-get update && sudo apt-get install -y protobuf-compiler | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache cargo registry | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-release-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-release- | |
| - name: Build release binary | |
| run: cargo build --release | |
| - name: Upload binary artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: prefixd-linux-amd64 | |
| path: target/release/prefixd | |
| - name: Generate SBOM | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| cargo install cargo-cyclonedx --quiet | |
| cargo cyclonedx --format json --override-filename prefixd-sbom.cdx | |
| - name: Upload SBOM | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: prefixd-sbom | |
| path: prefixd-sbom.cdx.json | |
| security: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Audit Rust dependencies | |
| uses: actions-rust-lang/audit@v1 | |
| with: | |
| # RUSTSEC-2023-0071: rsa crate (from sqlx-mysql, not used - we use postgres only) | |
| # RUSTSEC-2025-0111: tokio-tar (from testcontainers, dev dependency only) | |
| # RUSTSEC-2025-0134: rustls-pemfile unmaintained (transitive dep, awaiting upstream fix) | |
| ignore: RUSTSEC-2023-0071, RUSTSEC-2025-0111, RUSTSEC-2025-0134 | |
| createIssues: false | |
| - name: Install bun | |
| uses: oven-sh/setup-bun@v2 | |
| - name: Audit frontend dependencies | |
| working-directory: frontend | |
| run: bun install --frozen-lockfile && bun audit | |
| docker: | |
| name: Docker | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, security] | |
| if: github.event_name == 'push' | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| matrix: | |
| include: | |
| - image: prefixd | |
| context: . | |
| file: ./Dockerfile | |
| - image: prefixd-dashboard | |
| context: ./frontend | |
| file: ./frontend/Dockerfile | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ghcr.io/${{ github.repository_owner }}/${{ matrix.image }} | |
| tags: | | |
| type=sha,prefix= | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and push | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: ${{ matrix.context }} | |
| file: ${{ matrix.file }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=${{ matrix.image }} | |
| cache-to: type=gha,scope=${{ matrix.image }},mode=max |