116 lines
3.1 KiB
YAML
116 lines
3.1 KiB
YAML
|
# Advanced Woodpecker CI with self-hosted features
|
||
|
|
# Requires: Multiple agents (Linux/macOS/Windows), S3 cache, SonarQube
|
||
|
|
|
||
|
|
when:
|
||
|
|
event: [push, pull_request]
|
||
|
|
branch: [main, develop]
|
||
|
|
|
||
|
|
# === MATRIX BUILDS (Multi-OS) ===
|
||
|
|
# Requires Woodpecker agents on each platform
|
||
|
|
|
||
|
|
matrix:
|
||
|
|
PLATFORM:
|
||
|
|
- linux/amd64
|
||
|
|
- darwin/amd64
|
||
|
|
- windows/amd64
|
||
|
|
|
||
|
|
steps:
|
||
|
|
# Lint (parallel, Linux only for tools availability)
|
||
|
|
lint:
|
||
|
|
image: rust:latest
|
||
|
|
when:
|
||
|
|
matrix:
|
||
|
|
PLATFORM: linux/amd64
|
||
|
|
commands:
|
||
|
|
- curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
|
||
|
|
- rustup component add clippy
|
||
|
|
- just ci::lint-all
|
||
|
|
cache:
|
||
|
|
- ~/.cargo/registry
|
||
|
|
- ~/.cargo/git
|
||
|
|
|
||
|
|
# Test (all platforms)
|
||
|
|
test:
|
||
|
|
image: rust:latest
|
||
|
|
platform: ${PLATFORM}
|
||
|
|
commands:
|
||
|
|
- curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
|
||
|
|
- just ci::test-all
|
||
|
|
cache:
|
||
|
|
- ~/.cargo/registry
|
||
|
|
- ~/.cargo/git
|
||
|
|
- target/
|
||
|
|
depends_on:
|
||
|
|
- lint
|
||
|
|
|
||
|
|
# Coverage (Linux only, upload to SonarQube)
|
||
|
|
coverage:
|
||
|
|
image: rust:latest
|
||
|
|
when:
|
||
|
|
matrix:
|
||
|
|
PLATFORM: linux/amd64
|
||
|
|
secrets: [sonar_token]
|
||
|
|
commands:
|
||
|
|
- cargo install cargo-llvm-cov
|
||
|
|
- cargo llvm-cov --lcov --output-path lcov.info
|
||
|
|
- |
|
||
|
|
curl -sSL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip -o sonar.zip
|
||
|
|
unzip -q sonar.zip
|
||
|
|
sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner \
|
||
|
|
-Dsonar.host.url=${SONAR_URL} \
|
||
|
|
-Dsonar.login=${SONAR_TOKEN} \
|
||
|
|
-Dsonar.projectKey=typedialog \
|
||
|
|
-Dsonar.sources=. \
|
||
|
|
-Dsonar.rust.lcov.reportPaths=lcov.info
|
||
|
|
depends_on:
|
||
|
|
- test
|
||
|
|
|
||
|
|
# Benchmark (on PRs, post results as comment)
|
||
|
|
benchmark:
|
||
|
|
image: rust:latest
|
||
|
|
when:
|
||
|
|
event: pull_request
|
||
|
|
matrix:
|
||
|
|
PLATFORM: linux/amd64
|
||
|
|
secrets: [gitea_token]
|
||
|
|
commands:
|
||
|
|
- cargo install cargo-criterion
|
||
|
|
- cargo criterion --message-format json > bench.json || true
|
||
|
|
- apk add --no-cache curl jq
|
||
|
|
- |
|
||
|
|
SUMMARY=$(cat bench.json | jq -r 'select(.reason=="benchmark-complete") | "\(.id): \(.mean.estimate)ns"' | head -10)
|
||
|
|
COMMENT="## 📊 Benchmark Results\n\`\`\`\n${SUMMARY}\n\`\`\`"
|
||
|
|
curl -X POST "${GITEA_URL}/api/v1/repos/${CI_REPO}/issues/${CI_PULL_REQUEST}/comments" \
|
||
|
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||
|
|
-H "Content-Type: application/json" \
|
||
|
|
-d "{\"body\": \"${COMMENT}\"}"
|
||
|
|
depends_on:
|
||
|
|
- test
|
||
|
|
|
||
|
|
# Security audit (all platforms)
|
||
|
|
security:
|
||
|
|
image: rust:latest
|
||
|
|
platform: ${PLATFORM}
|
||
|
|
commands:
|
||
|
|
- cargo install cargo-audit --locked
|
||
|
|
- cargo audit
|
||
|
|
cache:
|
||
|
|
- ~/.cargo/bin
|
||
|
|
depends_on:
|
||
|
|
- lint
|
||
|
|
|
||
|
|
# Build (all platforms)
|
||
|
|
build:
|
||
|
|
image: rust:latest
|
||
|
|
platform: ${PLATFORM}
|
||
|
|
commands:
|
||
|
|
- curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
|
||
|
|
- just ci::build-release
|
||
|
|
cache:
|
||
|
|
- ~/.cargo/registry
|
||
|
|
- ~/.cargo/git
|
||
|
|
- target/
|
||
|
|
depends_on:
|
||
|
|
- test
|
||
|
|
- security
|