xevion/byte-me
1
0
Fork 0
mirror of https://github.com/Xevion/byte-me.git synced 2025-12-06 15:14:36 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: add ci & security audit workflows

Browse Source
This commit is contained in:
Xevion
2025-07-14 13:45:06 -05:00
parent a6573a3054
commit 1dda507f41
2 changed files with 178 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,123 @@
name: CI
on:
pull_request:
push:
branches: [master]
env:
CARGO_TERM_COLOR: always
jobs:
# Frontend checks
frontend-check:
name: Frontend Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "pnpm"
- name: Install dependencies
run: pnpm install
- name: Check TypeScript
run: pnpm run build
- name: Format check
run: pnpm exec prettier --check .
continue-on-error: true
# Rust backend checks
rust-check:
name: Rust Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Linux dependencies
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
- name: Format check
run: cargo fmt --manifest-path src-tauri/Cargo.toml --all -- --check
- name: Clippy
run: cargo clippy --manifest-path src-tauri/Cargo.toml --all-targets --all-features -- -D warnings
- name: Run tests
run: cargo test --manifest-path src-tauri/Cargo.toml --all-features
# Security audit
security-audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run security audit
run: cargo audit --file src-tauri/Cargo.lock
# Check if Tauri app builds successfully
build-check:
name: Build Check
runs-on: ubuntu-latest
needs: [frontend-check, rust-check]
steps:
- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 10
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "pnpm"
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Rust Cache
uses: Swatinem/rust-cache@v2
with:
workspaces: src-tauri
- name: Install Linux dependencies
run: |
sudo apt-get update
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
- name: Install frontend dependencies
run: pnpm install
- name: Build Tauri app
run: pnpm tauri build --no-bundle

55
.github/workflows/security-audit.yml vendored Normal file
View File

@@ -0,0 +1,55 @@
name: Security Audit
on:
workflow_dispatch: # Allow manual triggering
push:
paths:
- "**/Cargo.toml"
- "**/Cargo.lock"
- "**/package.json"
- "**/pnpm-lock.yaml"
jobs:
rust-audit:
name: Rust Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run cargo audit
run: cargo audit --file src-tauri/Cargo.lock
- name: Install cargo-deny
run: cargo install cargo-deny
- name: Run cargo deny
run: cargo deny --manifest-path src-tauri/Cargo.toml check
npm-audit:
name: NPM Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "pnpm"
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Install dependencies
run: pnpm install
- name: Run npm audit
run: pnpm audit --audit-level moderate