From a7f28cf00406b525cb8862b01b618fc9f404d650 Mon Sep 17 00:00:00 2001 From: Nayrosk <105997554+nayrosk@users.noreply.github.com> Date: Wed, 8 Apr 2026 23:54:10 +0200 Subject: [PATCH 1/5] ci: add dependabot configuration for cargo and github-actions --- .github/dependabot.yml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c888e5b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,41 @@ +version: 2 +updates: + - package-ecosystem: "cargo" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + day: "monday" + labels: + - "dependencies" + - "cargo" + commit-message: + prefix: "deps" + include: "scope" + groups: + rust-dependencies: + patterns: + - "*" + open-pull-requests-limit: 10 + reviewers: + - "Nayrosk" + + - package-ecosystem: "github-actions" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + day: "monday" + labels: + - "dependencies" + - "ci" + commit-message: + prefix: "ci" + include: "scope" + groups: + github-actions: + patterns: + - "*" + open-pull-requests-limit: 5 + reviewers: + - "Nayrosk" From b10e76a4aee288170d5860f94d092b7a11118aaa Mon Sep 17 00:00:00 2001 From: Nayrosk <105997554+nayrosk@users.noreply.github.com> Date: Wed, 8 Apr 2026 23:54:13 +0200 Subject: [PATCH 2/5] ci: add codeql advanced analysis workflow for rust --- .github/workflows/codeql.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..c5a03ac --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,29 @@ +name: CodeQL + +on: + pull_request: + branches: [develop] + push: + branches: [develop] + schedule: + - cron: "0 6 * * 1" + +permissions: + security-events: write + contents: read + +jobs: + analyze: + name: Analyze Rust + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: github/codeql-action/init@v4 + with: + languages: rust + build-mode: none + + - uses: github/codeql-action/analyze@v4 + with: + category: "/language:rust" From 4768ae50fdd07193537d3700b973f2508e40e982 Mon Sep 17 00:00:00 2001 From: Nayrosk <105997554+nayrosk@users.noreply.github.com> Date: Wed, 8 Apr 2026 23:54:17 +0200 Subject: [PATCH 3/5] ci: add lint workflow with fmt, clippy, deny, audit and mutants --- .github/workflows/lint.yml | 90 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..c7a6316 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,90 @@ +name: Lint + +on: + pull_request: + branches: [develop] + +permissions: + contents: read + +env: + CARGO_TERM_COLOR: always + RUST_VERSION: "1.94.1" + +jobs: + fmt: + name: Rustfmt + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + components: rustfmt + + - run: cargo fmt --check + + clippy: + name: Clippy + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + components: clippy + + - uses: Swatinem/rust-cache@v2 + + - run: cargo clippy --all-targets --all-features -- -D warnings + + deny: + name: Cargo Deny + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: EmbarkStudios/cargo-deny-action@v2 + + audit: + name: Cargo Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: rustsec/audit-check@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + mutants: + name: Cargo Mutants + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + + - uses: Swatinem/rust-cache@v2 + + - uses: taiki-e/install-action@v2 + with: + tool: cargo-mutants + + - name: Generate diff + run: git diff origin/${{ github.base_ref }}.. | tee git.diff + + - name: Run mutation tests on diff + run: cargo mutants --no-shuffle -vV --in-diff git.diff + + - uses: actions/upload-artifact@v6 + if: always() + with: + name: mutants.out + path: mutants.out From 84a9e0c8bebfce724549cb7fa72e7c02a3318003 Mon Sep 17 00:00:00 2001 From: Nayrosk <105997554+nayrosk@users.noreply.github.com> Date: Wed, 8 Apr 2026 23:54:20 +0200 Subject: [PATCH 4/5] ci: add multi-arch build workflow for all mandatory toolchains --- .github/workflows/build.yml | 71 +++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..3efaf8c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,71 @@ +name: Build + +on: + pull_request: + branches: [develop] + +permissions: + contents: read + +env: + CARGO_TERM_COLOR: always + RUST_VERSION: "1.94.1" + +jobs: + build: + name: Build (${{ matrix.target }}) + runs-on: ${{ matrix.runner }} + strategy: + fail-fast: false + matrix: + include: + - target: x86_64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: false + - target: x86_64-unknown-linux-musl + runner: ubuntu-latest + use-cross: false + - target: aarch64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: true + - target: aarch64-unknown-linux-musl + runner: ubuntu-latest + use-cross: true + - target: aarch64-apple-darwin + runner: macos-latest + use-cross: false + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + targets: ${{ matrix.target }} + + - uses: Swatinem/rust-cache@v2 + with: + key: ${{ matrix.target }} + + - name: Install musl-tools + if: contains(matrix.target, 'musl') && !matrix.use-cross + run: sudo apt-get update && sudo apt-get install -y musl-tools + + - name: Install cross + if: matrix.use-cross + run: cargo install cross --locked + + - name: Build + run: | + if [ "${{ matrix.use-cross }}" = "true" ]; then + cross build --release --locked --target ${{ matrix.target }} + else + cargo build --release --locked --target ${{ matrix.target }} + fi + + - name: Run tests + run: | + if [ "${{ matrix.use-cross }}" = "true" ]; then + cross test --release --locked --target ${{ matrix.target }} + else + cargo test --release --locked --target ${{ matrix.target }} + fi From 20d4ba3d55d4f71a9cc3f392cb1fc1a346cc6c93 Mon Sep 17 00:00:00 2001 From: Nayrosk <105997554+nayrosk@users.noreply.github.com> Date: Wed, 8 Apr 2026 23:54:24 +0200 Subject: [PATCH 5/5] ci: add release workflow with binary packaging and checksums --- .github/workflows/release.yml | 105 ++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0d0bfd0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,105 @@ +name: Release + +on: + push: + tags: + - "v*" + +permissions: + contents: write + +env: + CARGO_TERM_COLOR: always + RUST_VERSION: "1.94.1" + +jobs: + build-release: + name: Build (${{ matrix.target }}) + runs-on: ${{ matrix.runner }} + strategy: + fail-fast: true + matrix: + include: + - target: x86_64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: false + - target: x86_64-unknown-linux-musl + runner: ubuntu-latest + use-cross: false + - target: aarch64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: true + - target: aarch64-unknown-linux-musl + runner: ubuntu-latest + use-cross: true + - target: aarch64-apple-darwin + runner: macos-latest + use-cross: false + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + targets: ${{ matrix.target }} + + - name: Install musl-tools + if: contains(matrix.target, 'musl') && !matrix.use-cross + run: sudo apt-get update && sudo apt-get install -y musl-tools + + - name: Install cross + if: matrix.use-cross + run: cargo install cross --locked + + - name: Build + run: | + if [ "${{ matrix.use-cross }}" = "true" ]; then + cross build --release --locked --target ${{ matrix.target }} + else + cargo build --release --locked --target ${{ matrix.target }} + fi + + - name: Package binary + run: | + BIN_NAME="dockermint" + TAG="${GITHUB_REF_NAME}" + ARCHIVE="${BIN_NAME}-${TAG}-${{ matrix.target }}.tar.gz" + tar -czf "${ARCHIVE}" \ + -C "target/${{ matrix.target }}/release" \ + "${BIN_NAME}" + echo "ARCHIVE=${ARCHIVE}" >> "$GITHUB_ENV" + + - uses: actions/upload-artifact@v6 + with: + name: release-${{ matrix.target }} + path: ${{ env.ARCHIVE }} + retention-days: 1 + + publish: + name: Publish Release + needs: build-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: actions/download-artifact@v7 + with: + pattern: release-* + merge-multiple: true + path: artifacts/ + + - name: Create source archive + run: | + TAG="${GITHUB_REF_NAME}" + git archive --format=tar.gz --prefix="dockermint-${TAG}/" \ + -o "artifacts/dockermint-${TAG}-src.tar.gz" HEAD + + - name: Generate checksums + working-directory: artifacts/ + run: sha256sum * > SHA256SUMS.txt + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + generate_release_notes: true + files: artifacts/*