diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8df7b9a..de2be43 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ on: branches: [main] jobs: - lint-and-audit: + build-test-audit: runs-on: ubuntu-latest steps: - name: Checkout @@ -25,6 +25,16 @@ jobs: with: node-version: 22 + - name: Cache dependencies + uses: actions/cache@v4 + with: + path: | + ~/.bun/install/cache + node_modules + key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock') }} + restore-keys: | + ${{ runner.os }}-bun- + - name: Install dependencies run: bun install --frozen-lockfile @@ -35,10 +45,13 @@ jobs: run: bun run build - name: Test suite - run: bun run test + run: bun run test:fast + + - name: Build docs + run: bun run docs:build - name: Security audit - run: bun audit + run: bun audit --audit-level high continue-on-error: true - name: Build Bun subminer wrapper diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 82eb50e..2ccd332 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,11 +5,15 @@ on: tags: - 'v*' +concurrency: + group: release-${{ github.ref }} + cancel-in-progress: false + permissions: contents: write jobs: - build-linux: + quality-gate: runs-on: ubuntu-latest steps: - name: Checkout @@ -27,6 +31,54 @@ jobs: with: node-version: 22 + - name: Cache dependencies + uses: actions/cache@v4 + with: + path: | + ~/.bun/install/cache + node_modules + key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock') }} + restore-keys: | + ${{ runner.os }}-bun- + + - name: Install dependencies + run: bun install --frozen-lockfile + + - name: Build + test + run: | + bun run build + bun run test:fast + + build-linux: + needs: [quality-gate] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: true + + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: 1.3.5 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + + - name: Cache dependencies + uses: actions/cache@v4 + with: + path: | + ~/.bun/install/cache + node_modules + vendor/texthooker-ui/node_modules + key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock', 'vendor/texthooker-ui/package.json') }} + restore-keys: | + ${{ runner.os }}-bun- + - name: Install dependencies run: bun install --frozen-lockfile @@ -48,6 +100,7 @@ jobs: path: release/*.AppImage build-macos: + needs: [quality-gate] runs-on: macos-latest steps: - name: Checkout @@ -65,6 +118,17 @@ jobs: with: node-version: 22 + - name: Cache dependencies + uses: actions/cache@v4 + with: + path: | + ~/.bun/install/cache + node_modules + vendor/texthooker-ui/node_modules + key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock', 'vendor/texthooker-ui/package.json') }} + restore-keys: | + ${{ runner.os }}-bun- + - name: Validate macOS signing/notarization secrets run: | missing=0 @@ -144,6 +208,16 @@ jobs: - name: Verify Bun subminer wrapper run: ./subminer --help >/dev/null + - name: Generate checksums + run: | + shopt -s nullglob + files=(release/*.AppImage release/*.dmg release/*.zip subminer) + if [ "${#files[@]}" -eq 0 ]; then + echo "No release artifacts found for checksum generation." + exit 1 + fi + sha256sum "${files[@]}" > release/SHA256SUMS.txt + - name: Get version from tag id: version run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT @@ -194,6 +268,7 @@ jobs: release/*.AppImage release/*.dmg release/*.zip + release/SHA256SUMS.txt subminer draft: false prerelease: false