|
| 1 | +# lind-wasm |
| 2 | + |
| 3 | +Its pipeline covers both code validation on pull requests and Docker image builds. |
| 4 | + |
| 5 | +## Overview |
| 6 | + |
| 7 | +This repository uses both GHA and GCP. GHA validates code on every pull request, |
| 8 | +while GCP handles the scheduled Docker image build that publishes the development image to Docker Hub. |
| 9 | + |
| 10 | +| Platform | Role | |
| 11 | +| --- | --- | |
| 12 | +| GitHub Actions | Runs lint, end-to-end tests, and security scans on pull requests targeting `main`; publishes the release image | |
| 13 | +| Google Cloud Platform | Builds and publishes `securesystemslab/lind-wasm-dev` to Docker Hub on a daily schedule | |
| 14 | + |
| 15 | +## GitHub Actions |
| 16 | + |
| 17 | +Workflow files are located under `.github/workflows/` in the repository. |
| 18 | + |
| 19 | +### Workflows |
| 20 | + |
| 21 | +- **`lint.yml`** — Runs `cargo fmt --check` and `cargo clippy` for code formatting |
| 22 | +and static analysis. |
| 23 | + |
| 24 | +- **`e2e.yml`** — Builds and runs the full test suite inside a container. Uploads |
| 25 | +HTML and JSON test reports as artifacts and posts a summary comment to the PR. |
| 26 | + |
| 27 | + - [Testing](../testing.md) for details on test. |
| 28 | + - [End-to-End Testing](../e2e-testing.md) for details on e2e structure. |
| 29 | + |
| 30 | +- **`zizmor.yml`** — Scans GHA workflow files for security vulnerabilities such as |
| 31 | +script injection and overly broad permissions. |
| 32 | + |
| 33 | +- **`docs.yml`** — Builds and deploys the project documentation site to GitHub Pages. |
| 34 | + |
| 35 | +- **`pr-cache-cleanup.yml`** — Removes the GHA build cache associated with a closed |
| 36 | +PR to keep storage usage under control. |
| 37 | + |
| 38 | +- **`release.yml`** — Builds and pushes the `release` stage as `securesystemslab/lind-wasm` to Docker Hub. |
| 39 | + |
| 40 | +### Workflow Triggers |
| 41 | + |
| 42 | +| Event | Workflows Triggered | |
| 43 | +| --- | --- | |
| 44 | +| PR opened or updated (non-draft, targeting `main`) | `lint.yml`, `e2e.yml`, `zizmor.yml` | |
| 45 | +| Push to `main` | `lint.yml`, `docs.yml`, `release.yml` | |
| 46 | +| PR closed | `pr-cache-cleanup.yml` | |
| 47 | + |
| 48 | + |
| 49 | +## GCP Cloud Build |
| 50 | + |
| 51 | +Build configuration files are located under `scripts/` in the repository. |
| 52 | + |
| 53 | +### Workflows |
| 54 | + |
| 55 | +**`dev-build`** — Cloning the `main` branch at the time of execution. Builds `Docker/Dockerfile.dev` and publishes the resulting image to Docker Hub as `securesystemslab/lind-wasm-dev`. |
| 56 | + |
| 57 | +## Docker Images |
| 58 | + |
| 59 | +The `lind-wasm` pipeline publishes two Docker images to Docker Hub. |
| 60 | + |
| 61 | +### `securesystemslab/lind-wasm-dev` |
| 62 | + |
| 63 | +The development image containing the full Lind toolchain for building and running WASM applications. Used as the base image for `lind-wasm-apps` and `lind-wasm-example-grates`. |
| 64 | + |
| 65 | +| Property | Detail | |
| 66 | +| --- | --- | |
| 67 | +| Source | `Docker/Dockerfile.dev` | |
| 68 | +| Published by | GCP `dev-build` (daily) | |
| 69 | +| Tags | `latest` — most recent build; `sha-<commit>` — immutable snapshot for rollback | |
| 70 | +| Update frequency | Daily at 08:00 America/New_York | |
| 71 | + |
| 72 | +### `securesystemslab/lind-wasm` |
| 73 | + |
| 74 | +| Property | Detail | |
| 75 | +| --- | --- | |
| 76 | +| Source | `Docker/Dockerfile.e2e` (`release` stage) | |
| 77 | +| Published by | GHA `release.yml` (on push to `main`) | |
| 78 | +| Tags | `latest` — most recent build; `sha-<commit>` — immutable snapshot for rollback | |
| 79 | +| Version tags | `vX.Y.Z` — manually applied after a corresponding GitHub Release is created (e.g. `v0.1.0`) | |
| 80 | +| Update frequency | On every push to `main` | |
| 81 | + |
| 82 | +### Pulling the Images |
| 83 | + |
| 84 | +```bash |
| 85 | +# Latest development image |
| 86 | +docker pull securesystemslab/lind-wasm-dev:latest |
| 87 | + |
| 88 | +# Latest release image |
| 89 | +docker pull securesystemslab/lind-wasm:latest |
| 90 | +``` |
0 commit comments