From 736f8ff7df2fa08a5c32b8d2eab04972fce14f42 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:11 +0200 Subject: [PATCH 01/13] feat: add CI workflows for Docker, .NET, Flutter, Laravel, and Node.js test coverage --- test/Docker.yml | 40 ++++++++++++++++++++++++++++++++++++ test/dotnet-test.yml | 44 +++++++++++++++++++++++++++++++++++++++ test/flutter-test.yml | 44 +++++++++++++++++++++++++++++++++++++++ test/laravel-test.yml | 48 +++++++++++++++++++++++++++++++++++++++++++ test/nodejs-test.yml | 47 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 223 insertions(+) create mode 100644 test/Docker.yml create mode 100644 test/dotnet-test.yml create mode 100644 test/flutter-test.yml create mode 100644 test/laravel-test.yml create mode 100644 test/nodejs-test.yml diff --git a/test/Docker.yml b/test/Docker.yml new file mode 100644 index 0000000..5e29f34 --- /dev/null +++ b/test/Docker.yml @@ -0,0 +1,40 @@ +name: Docker Compose PR Validation + +on: + pull_request: + branches: + - main + +jobs: + build-and-test: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Docker + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-docker-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-docker- + + - name: Set up Docker Compose + run: | + sudo apt-get update + sudo apt-get install -y docker-compose + + - name: Run Docker Compose to validate + run: | + docker-compose up -d + docker-compose ps + + - name: Stop Docker containers + if: always() + run: | + docker-compose down \ No newline at end of file diff --git a/test/dotnet-test.yml b/test/dotnet-test.yml new file mode 100644 index 0000000..0847e2e --- /dev/null +++ b/test/dotnet-test.yml @@ -0,0 +1,44 @@ +name: Test Coverage (.NET) + +on: + pull_request: + branches: + - main + +jobs: + lint-test-coverage: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: '7.0.x' + + - name: Restore dependencies + run: dotnet restore + + - name: Run tests with coverage + run: dotnet test --collect:"XPlat Code Coverage" + + - name: Upload .NET Coverage + uses: actions/upload-artifact@v3 + with: + name: dotnet-coverage + path: '**/coverage.cobertura.xml' + + - name: Upload to Codecov + uses: codecov/codecov-action@v5 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: '**/coverage.cobertura.xml' + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2 + with: + projectBaseDir: . + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/test/flutter-test.yml b/test/flutter-test.yml new file mode 100644 index 0000000..e634d7b --- /dev/null +++ b/test/flutter-test.yml @@ -0,0 +1,44 @@ +name: Test Coverage (Flutter) + +on: + pull_request: + branches: + - main + +jobs: + lint-test-coverage: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Flutter + uses: subosito/flutter-action@v2 + with: + flutter-version: '3.19.x' + + - name: Install dependencies + run: flutter pub get + + - name: Run tests with coverage + run: flutter test --coverage + + - name: Upload Flutter Coverage + uses: actions/upload-artifact@v3 + with: + name: flutter-coverage + path: coverage/lcov.info + + - name: Upload to Codecov + uses: codecov/codecov-action@v5 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: coverage/lcov.info + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2 + with: + projectBaseDir: . + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file diff --git a/test/laravel-test.yml b/test/laravel-test.yml new file mode 100644 index 0000000..ea091b8 --- /dev/null +++ b/test/laravel-test.yml @@ -0,0 +1,48 @@ +name: Test Coverage (Laravel) + +on: + pull_request: + branches: + - main + +jobs: + lint-test-coverage: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: '8.2' + + - name: Install dependencies + run: composer install + + - name: Setup Laravel environment + run: cp .env.example .env && php artisan key:generate + + - name: Run PHPUnit tests with coverage + run: | + vendor/bin/phpunit --coverage-clover=coverage.xml + + - name: Upload PHP Coverage + uses: actions/upload-artifact@v3 + with: + name: phpunit-coverage + path: coverage.xml + + - name: Upload to Codecov + uses: codecov/codecov-action@v5 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: coverage.xml + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2 + with: + projectBaseDir: . + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file diff --git a/test/nodejs-test.yml b/test/nodejs-test.yml new file mode 100644 index 0000000..5503b1d --- /dev/null +++ b/test/nodejs-test.yml @@ -0,0 +1,47 @@ +name: Test Coverage (NODE.JS) + +on: + pull_request: + branches: + - main + +jobs: + lint-test-coverage: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '16' + + - name: Install dependencies + run: | + npm install + + - name: Run tests with coverage + run: | + npm run test:coverage + + - name: Upload Jest Coverage + uses: actions/upload-artifact@v3 + with: + name: jest-coverage + path: coverage/ + + - name: Upload to Codecov + uses: codecov/codecov-action@v5 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: coverage/lcov.info + fail_ci_if_error: true + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v2 + with: + projectBaseDir: . + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file From fdcb38cdf88d291044786a15aeb491c9d8826029 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:21 +0200 Subject: [PATCH 02/13] feat: add GitHub Actions workflow to publish API documentation --- openapi/Publish_API_Docs.yml | 39 ++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 openapi/Publish_API_Docs.yml diff --git a/openapi/Publish_API_Docs.yml b/openapi/Publish_API_Docs.yml new file mode 100644 index 0000000..cb7cb8c --- /dev/null +++ b/openapi/Publish_API_Docs.yml @@ -0,0 +1,39 @@ +name: Publish API Docs +on: + push: + paths: + - openapi/galaxy.yaml + branches: + - main + - develop + +jobs: + run: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Scalar + run: npm install -g @scalar/cli + + - name: Authenticate Scalar + env: + SCALAR_API_KEY: ${{ secrets.SCALAR_API_KEY }} + run: scalar auth login + + - name: Set prod namespace + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' + run: echo "NAMESPACE=$(echo $PROD_SCALAR_NAMESPACE)" >> $GITHUB_ENV + env: + PROD_SCALAR_NAMESPACE: ${{ vars.PROD_SCALAR_NAMESPACE }} + + - name: Set dev namespace + if: github.ref == 'refs/heads/develop' + run: echo "NAMESPACE=$(echo $DEV_SCALAR_NAMESPACE)" >> $GITHUB_ENV + env: + DEV_SCALAR_NAMESPACE: ${{ vars.DEV_SCALAR_NAMESPACE }} + + - name: Publish API + run: scalar registry version scalar-galaxy ./openapi/galaxy.yaml --namespace "$NAMESPACE" + From 886557bb6ad675fecefdce2a0aa46ee53f245c57 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:25 +0200 Subject: [PATCH 03/13] feat: add GitHub Actions workflow to check and increment package version on PRs --- nodejs/Auto_Increment_Version.yml | 56 +++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 nodejs/Auto_Increment_Version.yml diff --git a/nodejs/Auto_Increment_Version.yml b/nodejs/Auto_Increment_Version.yml new file mode 100644 index 0000000..868bbdd --- /dev/null +++ b/nodejs/Auto_Increment_Version.yml @@ -0,0 +1,56 @@ +name: Check and Increment Version + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + check-version: + runs-on: ubuntu-latest + + steps: + - name: Checkout default branch + uses: actions/checkout@v4 + with: + ref: ${{ github.event.repository.default_branch }} + path: main-branch + + - name: Checkout PR branch + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + path: pr-branch + + - name: Compare package.json versions + id: compare-versions + run: | + MAIN_VERSION=$(jq -r .version main-branch/package.json) + PR_VERSION=$(jq -r .version pr-branch/package.json) + echo "Main branch version: $MAIN_VERSION" + echo "PR branch version: $PR_VERSION" + + if [ "$MAIN_VERSION" == "$PR_VERSION" ]; then + IFS='.' read -r MAJOR MINOR PATCH <<< "$PR_VERSION" + PATCH=$((PATCH + 1)) + NEW_VERSION="$MAJOR.$MINOR.$PATCH" + echo "New version: $NEW_VERSION" + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + else + echo "Versions differ; no increment needed." + echo "NO_UPDATE=true" >> $GITHUB_ENV + fi + + - name: Update package.json if needed + if: env.NO_UPDATE != 'true' + run: | + jq --arg new_version "$NEW_VERSION" '.version = $new_version' pr-branch/package.json > temp.json && mv temp.json pr-branch/package.json + + - name: Commit and push changes + if: env.NO_UPDATE != 'true' + run: | + cd pr-branch + git config --global user.name "github-actions" + git config --global user.email "github-actions@github.com" + git add package.json + git commit -m "chore: bump package version to $NEW_VERSION" + git push \ No newline at end of file From 486f4c69c8ceae103a59adcaf175a16e74294ffa Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:30 +0200 Subject: [PATCH 04/13] feat: add GitHub Actions workflow for Nix flake checks on push and PRs --- nix/flake-check.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 nix/flake-check.yml diff --git a/nix/flake-check.yml b/nix/flake-check.yml new file mode 100644 index 0000000..846d889 --- /dev/null +++ b/nix/flake-check.yml @@ -0,0 +1,30 @@ +name: Flake Check + +on: + push: + branches: [main] + pull_request: + branches: [main] + types: [opened, synchronize, ready_for_review] + +jobs: + check: + runs-on: ubuntu-latest + if: github.event.pull_request.draft == false + steps: + - uses: actions/checkout@v4 + + - uses: cachix/install-nix-action@v24 + with: + nix_path: nixpkgs=channel:nixos-unstable + + - name: Check Root Flake + run: nix flake check + + - name: Check Template Flake + run: | + cd template + sed -i 's|url = "github:[change_url]"|url = "path:./"|' flake.nix + nix flake check + git checkout flake.nix + rm -f flake.lock From 09c634352eea387a5236214ced0775f28f95a382 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:35 +0200 Subject: [PATCH 05/13] feat: add GitHub Actions workflow to sync with Azure DevOps and configuration file --- git/sync/sync-with-azure.yml | 21 +++++++++++++++++++++ git/sync/sync_config.json | 24 ++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 git/sync/sync-with-azure.yml create mode 100644 git/sync/sync_config.json diff --git a/git/sync/sync-with-azure.yml b/git/sync/sync-with-azure.yml new file mode 100644 index 0000000..a5bc38f --- /dev/null +++ b/git/sync/sync-with-azure.yml @@ -0,0 +1,21 @@ +name: Sync with Azure DevOps + +on: + schedule: + - cron: '*/15 * * * *' + issues: + types: [opened, closed, deleted, reopened, edited, labeled, unlabeled, assigned, unassigned] + issue_comment: + types: [created] + +jobs: + alert: + runs-on: ubuntu-latest + name: Sync workflow + steps: + - uses: actions/checkout@v3 + - uses: a11smiles/GitSync@main + env: + ado_token: '${{ secrets.ADO_PERSONAL_ACCESS_TOKEN }}' + github_token: '${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}' + config_file: './.github/workflows/sync_config.json' \ No newline at end of file diff --git a/git/sync/sync_config.json b/git/sync/sync_config.json new file mode 100644 index 0000000..bc2e08f --- /dev/null +++ b/git/sync/sync_config.json @@ -0,0 +1,24 @@ +{ + "log_level": "debug", + "ado": { + "organization": "", + "project": "", + "wit": "User Story", + "states": { + "new": "New", + "closed": "Closed", + "reopened": "New", + "deleted": "Removed", + "active": "Active" + }, + "bypassRules": true, + "autoCreate": true, + "assignedTo": "@organization.com", + "areaPath": "\\Accessibility", + "iterationPath": "\\Sprint 1", + "mappings": { + "handles": { + + } + } +} \ No newline at end of file From b80254e1a0c8ae707b05c8beb71fce8f8b990d63 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:41 +0200 Subject: [PATCH 06/13] feat: add release management and changelog workflows using semantic-release --- git/release/.releaserc.json | 27 +++++++++++++++++++++++++++ git/release/CHANGELOG.md | 0 git/release/changelog.yml | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 git/release/.releaserc.json create mode 100644 git/release/CHANGELOG.md create mode 100644 git/release/changelog.yml diff --git a/git/release/.releaserc.json b/git/release/.releaserc.json new file mode 100644 index 0000000..df4ccd1 --- /dev/null +++ b/git/release/.releaserc.json @@ -0,0 +1,27 @@ +{ + "branches": [ + { + "name": "main" + } + ], + "plugins": [ + "@semantic-release/commit-analyzer", + "@semantic-release/release-notes-generator", + "@semantic-release/changelog", + [ + "@semantic-release/github", + { + "assets": [] + } + ], + [ + "@semantic-release/git", + { + "assets": [ + "CHANGELOG.md" + ], + "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}" + } + ] + ] +} \ No newline at end of file diff --git a/git/release/CHANGELOG.md b/git/release/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/git/release/changelog.yml b/git/release/changelog.yml new file mode 100644 index 0000000..55da27e --- /dev/null +++ b/git/release/changelog.yml @@ -0,0 +1,35 @@ +name: Release & Changelog + +on: + push: + branches: + - main + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + persist-credentials: false + + - name: Setup Node.js for release management + uses: actions/setup-node@v4 + with: + node-version: "lts/*" + + - name: Install release tools + run: | + npm install -g semantic-release @semantic-release/changelog @semantic-release/git conventional-changelog-cli + + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: npx semantic-release \ No newline at end of file From f6c04992fc51d1306e736bb76b9b2d1319cf2e81 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:48 +0200 Subject: [PATCH 07/13] feat: add commitlint configuration and GitHub Actions workflow for linting commit messages --- git/lint/.commitlintrc.json | 69 +++++++++++++++++++++++++++++++++++++ git/lint/lint-commits.yml | 18 ++++++++++ 2 files changed, 87 insertions(+) create mode 100644 git/lint/.commitlintrc.json create mode 100644 git/lint/lint-commits.yml diff --git a/git/lint/.commitlintrc.json b/git/lint/.commitlintrc.json new file mode 100644 index 0000000..99a71b5 --- /dev/null +++ b/git/lint/.commitlintrc.json @@ -0,0 +1,69 @@ +{ + "rules": { + "scope-case": [ + 2, + "always", + "lower-case" + ], + "subject-case": [ + 2, + "always", + "lower-case" + ], + "scope-empty": [ + 0, + "never" + ], + "type-enum": [ + 2, + "always", + [ + "build", + "chore", + "ci", + "docs", + "feat", + "fix", + "perf", + "refactor", + "revert", + "style", + "test" + ] + ], + "type-case": [ + 2, + "always", + "lower-case" + ], + "type-empty": [ + 2, + "never" + ], + "subject-empty": [ + 2, + "never" + ], + "subject-full-stop": [ + 2, + "never", + "." + ], + "header-max-length": [ + 2, + "always", + 72 + ] + }, + "parserPreset": { + "parserOpts": { + "headerPattern": "^(\\w*)(?:\\(([\\w$.*-]*)\\))?(!)?:\\s(.*)$", + "headerCorrespondence": [ + "type", + "scope", + "breaking", + "subject" + ] + } + } + } \ No newline at end of file diff --git a/git/lint/lint-commits.yml b/git/lint/lint-commits.yml new file mode 100644 index 0000000..71ec67d --- /dev/null +++ b/git/lint/lint-commits.yml @@ -0,0 +1,18 @@ +name: Lint Commit Messages +on: + pull_request: + types: [opened, synchronize, ready_for_review] +jobs: + commitlint: + runs-on: ubuntu-latest + if: github.event.pull_request.draft == false + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Copy commitlint config + run: cp .commitlintrc.json $HOME/.commitlintrc.json + + - name: Validate PR commits + run: nix-shell -p commitlint --run "commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose" \ No newline at end of file From 0930c29c8ae6acc53720286dfdba91e588c485d8 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:51 +0200 Subject: [PATCH 08/13] feat: add GitHub Actions workflow for deploying to infrastructure via SSH --- deploy/Deploy-ssh.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 deploy/Deploy-ssh.yml diff --git a/deploy/Deploy-ssh.yml b/deploy/Deploy-ssh.yml new file mode 100644 index 0000000..13c5dc5 --- /dev/null +++ b/deploy/Deploy-ssh.yml @@ -0,0 +1,38 @@ +name: Deploy to Infrastructure + +on: + push: + branches: + - main + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + # Step 1: Checkout code + - name: Checkout code + uses: actions/checkout@v3 + + # Step 3: Deploy to Server + - name: 🌈 Deploy with SSH + uses: appleboy/ssh-action@v0.1.0 + with: + host: ${{ secrets.SERVER_IP }} + username: ${{ secrets.SERVER_USER }} + key: ${{ secrets.SERVER_SSH_KEY }} + port: 22 + script: | + echo "Starting deployment..." + + # Check if the Git repository already exists, if not, clone it + if [ ! -d ".git" ]; then + echo "Git repository not found. Cloning repository..." + git clone https://github.com/ + else + echo "Git repository found. Pulling the latest changes..." + cd Docker + git pull origin main + fi + + echo "Deployment completed successfully." \ No newline at end of file From 8ce35df9632a498ee0f20f50317f1ace9ee8b12e Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:32:57 +0200 Subject: [PATCH 09/13] feat: add GitHub Actions workflow for deploying to Amazon ECS --- deploy/aws/ecs.yml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 deploy/aws/ecs.yml diff --git a/deploy/aws/ecs.yml b/deploy/aws/ecs.yml new file mode 100644 index 0000000..47a66dc --- /dev/null +++ b/deploy/aws/ecs.yml @@ -0,0 +1,41 @@ +name: Deploy to Amazon ECS + +on: + push: + branches: + - main + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and push Docker Compose services to Amazon ECR + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker-compose build + docker-compose push + + - name: Deploy to Amazon ECS + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ env.ECS_TASK_DEFINITION }} + service: ${{ env.ECS_SERVICE }} + cluster: ${{ env.ECS_CLUSTER }} + wait-for-service-stability: true \ No newline at end of file From 1f4bfc9a46160f7160fecf3e21bb2c3a0ed0ea63 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:33:00 +0200 Subject: [PATCH 10/13] feat: add GitHub Actions workflow for Docker image publishing and signing --- deploy/docker/docker-publish.yml | 98 ++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 deploy/docker/docker-publish.yml diff --git a/deploy/docker/docker-publish.yml b/deploy/docker/docker-publish.yml new file mode 100644 index 0000000..92f86e5 --- /dev/null +++ b/deploy/docker/docker-publish.yml @@ -0,0 +1,98 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '27 1 * * *' + push: + branches: [ "main" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "main" ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 + with: + cosign-release: 'v2.2.4' + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} \ No newline at end of file From 25967d0fc6a8b636fd9648f186dec761ba33e0e0 Mon Sep 17 00:00:00 2001 From: Mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sat, 21 Jun 2025 17:36:03 +0200 Subject: [PATCH 11/13] Update deploy/Deploy-ssh.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- deploy/Deploy-ssh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/Deploy-ssh.yml b/deploy/Deploy-ssh.yml index 13c5dc5..b53e102 100644 --- a/deploy/Deploy-ssh.yml +++ b/deploy/Deploy-ssh.yml @@ -28,7 +28,7 @@ jobs: # Check if the Git repository already exists, if not, clone it if [ ! -d ".git" ]; then echo "Git repository not found. Cloning repository..." - git clone https://github.com/ + git clone ${{ secrets.REPO_URL }} else echo "Git repository found. Pulling the latest changes..." cd Docker From 539321d7af79804379a508ba465ef19f671af459 Mon Sep 17 00:00:00 2001 From: Mirage <119869686+ClementBobin@users.noreply.github.com> Date: Tue, 28 Oct 2025 11:02:39 +0100 Subject: [PATCH 12/13] Add GitHub Actions workflow for Android build and release This workflow automates the semantic release and Android APK build process, including version management, APK signing, and uploading the release to GitHub. --- build/Android-deploy.yml | 89 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 build/Android-deploy.yml diff --git a/build/Android-deploy.yml b/build/Android-deploy.yml new file mode 100644 index 0000000..f9db68c --- /dev/null +++ b/build/Android-deploy.yml @@ -0,0 +1,89 @@ +name: 🏷️ Semantic Release & 📱 Android Build + +on: + push: + branches: + - main + +permissions: + contents: write + packages: write + issues: write + pull-requests: write + +jobs: + release: + name: 🚀 Semantic Release & Build + runs-on: ubuntu-latest + + steps: + # 🧩 Checkout the repository + - name: Checkout repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # ⚙️ Setup Node.js for release management + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "lts/*" + + # 🧰 Install semantic-release and plugins + - name: Install release tools + run: | + npm install -g semantic-release \ + @semantic-release/changelog \ + @semantic-release/git \ + @semantic-release/commit-analyzer \ + @semantic-release/release-notes-generator \ + @semantic-release/github + + # 🏷️ Run semantic-release to manage versions + - name: Run semantic-release (dry-run to get next version) + id: semantic + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + VERSION=$(npx semantic-release --dry-run | grep "The next release version is" | awk '{print $NF}') + echo "version=$VERSION" >> $GITHUB_OUTPUT || echo "version=0.0.0" >> $GITHUB_OUTPUT + + # 🧱 Setup Java (required for Android build) + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + + # 🧩 Setup Gradle + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + + # 🏗️ Build the APK (Release) + - name: Build APK + run: ./gradlew assembleRelease + + # 🔏 Sign the generated APK + - name: Sign APK + uses: r0adkll/sign-android-release@v1 + with: + releaseDirectory: app/build/outputs/apk/release + signingKeyBase64: ${{ secrets.SIGNING_KEY }} + alias: ${{ secrets.ALIAS }} + keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }} + keyPassword: ${{ secrets.KEY_PASSWORD }} + + # 🧩 Rename APK with version for clarity + - name: Rename APK with version + run: | + VERSION=${{ steps.semantic.outputs.version }} + mkdir -p dist + cp app/build/outputs/apk/release/app-release-signed.apk dist/app-release-v${VERSION}.apk + echo "APK_NAME=app-release-v${VERSION}.apk" >> $GITHUB_ENV + + # 🏷️ Run semantic-release to publish release and attach APK + - name: Run semantic-release and upload APK + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + npx semantic-release --assets "dist/${APK_NAME}" From a60efc92503f3c3b6110e755ff44efce9ff6bada Mon Sep 17 00:00:00 2001 From: Mirage <119869686+ClementBobin@users.noreply.github.com> Date: Wed, 29 Oct 2025 09:08:25 +0100 Subject: [PATCH 13/13] Create Android-Ios-deploy.yml --- build/Android-Ios-deploy.yml | 157 +++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 build/Android-Ios-deploy.yml diff --git a/build/Android-Ios-deploy.yml b/build/Android-Ios-deploy.yml new file mode 100644 index 0000000..c516d44 --- /dev/null +++ b/build/Android-Ios-deploy.yml @@ -0,0 +1,157 @@ +name: 🏷️ Semantic Release & 📱 Mobile Build (Android + iOS) + +on: + push: + branches: + - main + +permissions: + contents: write + packages: write + issues: write + pull-requests: write + +jobs: + release: + name: 🚀 Semantic Release & Android Build + runs-on: ubuntu-latest + + steps: + # 🧩 Checkout the repository + - name: Checkout repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # ⚙️ Setup Node.js for semantic-release + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "lts/*" + + # 🧰 Install release tools + - name: Install release tools + run: | + npm install -g semantic-release \ + @semantic-release/changelog \ + @semantic-release/git \ + @semantic-release/commit-analyzer \ + @semantic-release/release-notes-generator \ + @semantic-release/github + + # 🏷️ Get next version (dry-run) + - name: Get next release version + id: semantic + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + VERSION=$(npx semantic-release --dry-run | grep "The next release version is" | awk '{print $NF}') + echo "version=${VERSION:-0.0.0}" >> $GITHUB_OUTPUT + + # 🧱 Setup Java (for Android) + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + + # 🧩 Setup Gradle + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + + # 🏗️ Build APK (Release) + - name: Build APK + run: ./gradlew assembleRelease + + # 🔏 Sign APK + - name: Sign APK + uses: r0adkll/sign-android-release@v1 + with: + releaseDirectory: app/build/outputs/apk/release + signingKeyBase64: ${{ secrets.SIGNING_KEY }} + alias: ${{ secrets.ALIAS }} + keyStorePassword: ${{ secrets.KEY_STORE_PASSWORD }} + keyPassword: ${{ secrets.KEY_PASSWORD }} + + # 🧩 Rename APK + - name: Rename APK with version + run: | + VERSION=${{ steps.semantic.outputs.version }} + mkdir -p dist + cp app/build/outputs/apk/release/app-release-signed.apk dist/app-release-v${VERSION}.apk + echo "APK_NAME=app-release-v${VERSION}.apk" >> $GITHUB_ENV + + # 🏷️ Run semantic-release to publish release + attach APK + - name: Run semantic-release (publish) + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + npx semantic-release --assets "dist/${APK_NAME}" + + ios: + name: 🍎 iOS Build & Release + runs-on: macos-latest + needs: release + + steps: + # 🧩 Checkout repo + - name: Checkout repo + uses: actions/checkout@v4 + + # ⚙️ Setup Node.js (for semantic-release) + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "lts/*" + + # 🍏 Setup Ruby & CocoaPods + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '3.2' + + - name: Install CocoaPods + run: pod install --project-directory=ios + + # 🔑 Setup Xcode environment + - name: Select Xcode version + run: sudo xcode-select -s /Applications/Xcode_15.4.app + + # 🔏 Setup Signing Certificates & Provisioning Profile + - name: Setup signing + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.IOS_CERTIFICATES_P12 }} + p12-password: ${{ secrets.IOS_CERTIFICATES_PASSWORD }} + provisioning-profile-base64: ${{ secrets.IOS_PROVISION_PROFILE }} + + # 🏗️ Build iOS app (Release) + - name: Build iOS app + run: | + xcodebuild -workspace ios/YourApp.xcworkspace \ + -scheme YourApp \ + -configuration Release \ + -archivePath build/YourApp.xcarchive \ + archive DEVELOPMENT_TEAM=${{ secrets.APPLE_TEAM_ID }} \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="Apple Distribution" \ + PROVISIONING_PROFILE_SPECIFIER="${{ secrets.IOS_PROFILE_NAME }}" + + xcodebuild -exportArchive \ + -archivePath build/YourApp.xcarchive \ + -exportPath dist \ + -exportOptionsPlist ios/exportOptions.plist + + # 🧩 Rename IPA + - name: Rename IPA with version + run: | + VERSION=${{ needs.release.outputs.version }} + mv dist/YourApp.ipa dist/YourApp-v${VERSION}.ipa + echo "IPA_NAME=YourApp-v${VERSION}.ipa" >> $GITHUB_ENV + + # 📦 Upload IPA to release + - name: Upload IPA to GitHub Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release upload v${{ needs.release.outputs.version }} "dist/${IPA_NAME}" --clobber