januskey/.github/workflows/e2e.yml at main · hyperpolymath/januskey · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# SPDX-License-Identifier: PMPL-1.0-or-later
# JanusKey E2E + P2P + Aspect + Bench + Panic-Attack CI
name: E2E + Aspect + Bench + Security

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

permissions: read-all

jobs:
  rust-build-test:
    name: Rust Build + Unit Tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
      - name: Build
        run: cargo build --release
      - name: Unit + P2P tests
        run: cargo test --all -- --test-threads=1
      - name: Clippy
        run: cargo clippy --all -- -D warnings || true
      - name: Format check
        run: cargo fmt --all -- --check || true

  benchmarks:
    name: Criterion Benchmarks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
      - name: Run benchmarks
        run: cargo bench -- --output-format bencher 2>/dev/null || echo "Benchmarks completed"

  e2e-lifecycle:
    name: E2E Lifecycle Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
      - name: Build release
        run: cargo build --release
      - name: Run E2E tests
        run: bash tests/e2e/lifecycle_e2e.sh

  aspect-tests:
    name: Aspect Tests (Cross-Cutting)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - name: Run aspect tests
        run: bash tests/aspect/cross_cutting_test.sh

  zig-ffi:
    name: Zig FFI Build + Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - name: Install Zig
        run: |
          wget -q https://ziglang.org/download/0.13.0/zig-linux-x86_64-0.13.0.tar.xz
          tar -xf zig-linux-x86_64-0.13.0.tar.xz
          echo "$PWD/zig-linux-x86_64-0.13.0" >> $GITHUB_PATH
      - name: Build Zig FFI
        run: cd ffi/zig && zig build
      - name: Run Zig tests
        run: cd ffi/zig && zig build test

  panic-attack:
    name: Panic Attack Security Scan
    runs-on: ubuntu-latest
    if: github.event_name == 'push'
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      - uses: dtolnay/rust-toolchain@4be9e76fd7c4901c61fb841f559994984270fce7 # stable
      - name: Install panic-attack
        run: cargo install --git https://github.com/hyperpolymath/panic-attacker.git 2>/dev/null || echo "panic-attack unavailable"
      - name: Run assail scan
        run: |
          if command -v panic-attack >/dev/null 2>&1; then
            panic-attack assail . --output-format json --output panic-report.json --quiet || true
            python3 -c "import json; d=json.load(open('panic-report.json')); print(f'Weak points: {len(d.get(\"weak_points\",[]))}')" || true
          fi