Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
7f4108c
WIP: Add custom storage builder/constructors, tests, docs; ignore pro…
ciresnave Sep 27, 2025
3b9be8c
Fix 16 doctests: async patterns, imports, API usage, field names
ciresnave Sep 27, 2025
a9ae605
COMPLETE: Fix all doctests - 23 passed, 0 failed, 14 ignored
ciresnave Sep 27, 2025
04d7b7a
feat: comprehensive fixes and improvements
ciresnave Sep 28, 2025
c6c1e2d
fix: resolve CI formatting and doctest issues
ciresnave Sep 28, 2025
e18f84d
feat: Add comprehensive security audit configuration
ciresnave Sep 28, 2025
414d37f
fix: Resolve GitHub Actions workflow validation errors
ciresnave Sep 28, 2025
3ba0d7d
fix: Resolve all clippy warnings for production code quality
ciresnave Sep 28, 2025
2ae5e74
feat: resolve all clippy warnings and apply formatting
ciresnave Sep 28, 2025
6cac304
fix: resolve CI security audit error and Python SDK typing issues
ciresnave Sep 28, 2025
499dd2a
fix: correct TOML error type conversion for toml 0.9.x compatibility
ciresnave Sep 28, 2025
54abce3
Merge branch 'main' into fix/custom-storage-tests
ciresnave Sep 28, 2025
40700f7
fix: correct integration test target name in CI workflow
ciresnave Sep 28, 2025
b9371f3
fix: Update Docker base image to rust:1.90-slim for edition 2024 support
ciresnave Sep 28, 2025
aa46ce5
fix: Update deprecated GitHub Actions to latest versions
ciresnave Sep 28, 2025
5b6d583
fix: Update Slack notification action to maintained alternative
ciresnave Sep 28, 2025
7e17520
security: Pin all GitHub Actions to commit SHAs
ciresnave Sep 28, 2025
4ca36bf
fix: Add missing toolchain input for dtolnay/rust-toolchain action
ciresnave Sep 28, 2025
09f61bf
refactor: Replace AWS deployment with crates.io publication workflow
ciresnave Sep 28, 2025
49c7634
fix: Update actions/cache to latest commit SHA
ciresnave Sep 28, 2025
79d238e
fix: Add disk space management to prevent CI runner storage issues
ciresnave Sep 28, 2025
d54f822
fix: Make Slack notifications conditional to prevent 404 failures
ciresnave Sep 28, 2025
785c808
fix: Remove conditional check for secrets context in GitHub Actions
ciresnave Sep 28, 2025
63d25b7
fix: Docker build failing due to missing examples during dependency b…
ciresnave Sep 28, 2025
9d2b76a
refactor: Convert to library-focused CI/CD pipeline
ciresnave Sep 28, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
247 changes: 103 additions & 144 deletions .github/workflows/ci-cd.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# GitHub Actions CI/CD Pipeline for AuthFramework v0.4.0
# GitHub Actions CI/CD Pipeline for AuthFramework Library v0.4.2
# Focused on library testing, security auditing, and crates.io publishing

name: AuthFramework CI/CD
name: AuthFramework Library CI

on:
push:
Expand Down Expand Up @@ -48,22 +49,46 @@ jobs:
- 6379:6379

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
with:
toolchain: ${{ matrix.rust }}
components: rustfmt, clippy

- name: Cache cargo registry
uses: actions/cache@v3
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4-latest
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
target/release/deps
target/debug/deps
key: ${{ runner.os }}-cargo-${{ matrix.rust }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ matrix.rust }}-
${{ runner.os }}-cargo-

- name: Free up disk space
run: |
echo "Disk usage before cleanup:"
df -h

# Remove unnecessary packages and clean package cache
sudo apt-get autoremove -y
sudo apt-get autoclean
sudo apt-get clean

# Remove large unnecessary directories
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL

echo "Disk usage after cleanup:"
df -h

- name: Install system dependencies
run: |
Expand All @@ -81,14 +106,16 @@ jobs:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/auth_framework_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test_jwt_secret_that_is_longer_than_32_characters_for_security
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
run: cargo test --all-features --workspace

- name: Run integration tests
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/auth_framework_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test_jwt_secret_that_is_longer_than_32_characters_for_security
run: cargo test --test integration --all-features
run: cargo test --test integration_tests --all-features

- name: Run benchmarks
env:
Expand All @@ -97,59 +124,35 @@ jobs:
JWT_SECRET: test_jwt_secret_that_is_longer_than_32_characters_for_security
run: cargo bench --no-run

- name: Clean up build artifacts
run: |
# Remove large binary files but keep dependencies cache
find target -name "*.rlib" -delete
find target -name "auth-framework*" -type f -executable -delete
find target -name "integration_tests*" -type f -executable -delete
echo "Remaining disk usage:"
df -h

security-audit:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable

- name: Install cargo-audit
run: cargo install cargo-audit

- name: Run security audit
run: cargo audit

- name: Run cargo-deny
uses: EmbarkStudios/cargo-deny-action@v1

build:
name: Build and Test Docker Image
runs-on: ubuntu-latest
needs: [test, security-audit]
steps:
- uses: actions/checkout@v4
uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
with:
toolchain: stable

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install cargo-deny
run: cargo install cargo-deny

- name: Build test image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.optimized
target: testing
push: false
tags: authframework:test
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Run Docker tests
run: |
docker run --rm authframework:test
- name: Run cargo-deny security audit
run: cargo deny check

- name: Build production image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.optimized
target: runtime
push: false
tags: authframework:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Clear cargo advisory cache (if exists)
run: rm -rf ~/.cargo/advisory-db || true
continue-on-error: true

performance:
name: Performance Tests
Expand Down Expand Up @@ -183,13 +186,15 @@ jobs:
- 6379:6379

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
with:
toolchain: stable

- name: Cache cargo registry
uses: actions/cache@v3
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4-latest
with:
path: |
~/.cargo/registry
Expand All @@ -211,7 +216,7 @@ jobs:
cargo bench --bench auth_performance 2>&1 | tee benchmark_results.txt

- name: Upload benchmark results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: benchmark-results
path: benchmark_results.txt
Expand All @@ -224,111 +229,65 @@ jobs:
exit 1
fi

deploy-staging:
name: Deploy to Staging
publish-crates-io:
name: Publish to crates.io
runs-on: ubuntu-latest
needs: [build, performance]
if: github.ref == 'refs/heads/develop'
environment: staging

steps:
- uses: actions/checkout@v4

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Build and push Docker image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: authframework
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -f Dockerfile.optimized --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

- name: Deploy to staging
run: |
# Update ECS service or Kubernetes deployment
aws ecs update-service --cluster staging --service authframework --force-new-deployment

deploy-production:
name: Deploy to Production
runs-on: ubuntu-latest
needs: [build]
needs: [test, security-audit]
if: github.event_name == 'release'
environment: production

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
toolchain: stable

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Extract version from tag
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

- name: Build and push Docker image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: authframework
IMAGE_TAG: ${{ steps.version.outputs.VERSION }}
run: |
docker build -f Dockerfile.optimized --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker build -f Dockerfile.optimized --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
- name: Cache cargo registry
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4-latest
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

- name: Deploy to production
env:
VERSION: ${{ steps.version.outputs.VERSION }}
- name: Install system dependencies
run: |
# Blue-green deployment with rollback capability
aws ecs update-service --cluster production --service authframework --task-definition authframework:$VERSION
sudo apt-get update
sudo apt-get install -y libpq-dev libssl-dev pkg-config

- name: Run smoke tests
- name: Verify version matches release tag
run: |
# Wait for deployment to complete
sleep 60

# Run smoke tests against production
curl -f https://api.authframework.com/health || exit 1
CARGO_VERSION=$(cargo metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
TAG_VERSION=${GITHUB_REF#refs/tags/v}
if [ "$CARGO_VERSION" != "$TAG_VERSION" ]; then
echo "Version mismatch: Cargo.toml version ($CARGO_VERSION) != tag version ($TAG_VERSION)"
exit 1
fi

# Test authentication flow
curl -f -X POST https://api.authframework.com/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"test@example.com","password":"test"}' || exit 1
- name: Publish to crates.io
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
run: cargo publish --dry-run && cargo publish

notify:
name: Notify Team
runs-on: ubuntu-latest
needs: [deploy-production]
needs: [publish-crates-io]
if: always()

steps:
# Note: Requires SLACK_WEBHOOK_URL secret to be configured in repository settings
- name: Slack notification
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
channel: "#deployments"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
fields: repo,message,commit,author,action,eventName,ref,workflow
uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_CHANNEL: "releases"
SLACK_COLOR: ${{ needs.publish-crates-io.result == 'success' && 'good' || needs.publish-crates-io.result == 'failure' && 'danger' || 'warning' }}
SLACK_MESSAGE: "Library publication status: ${{ needs.publish-crates-io.result }}"
SLACK_TITLE: "AuthFramework Library Release"
SLACK_USERNAME: "GitHub Actions"

cleanup:
name: Cleanup
Expand All @@ -338,5 +297,5 @@ jobs:
steps:
- name: Clean up old artifacts
run: |
# Cleanup old Docker images, test artifacts, etc.
# Cleanup test artifacts, cache, etc.
echo "Cleanup completed"
Loading