Enable custom storage (builder + constructors) and fix tests

.github/workflows/ci-cd.yml

@@ -1,6 +1,7 @@
-# GitHub Actions CI/CD Pipeline for AuthFramework v0.4.0
+# GitHub Actions CI/CD Pipeline for AuthFramework Library v0.4.2
+# Focused on library testing, security auditing, and crates.io publishing
 
-name: AuthFramework CI/CD
+name: AuthFramework Library CI
 
 on:
   push:
@@ -48,22 +49,46 @@ jobs:
           - 6379:6379
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
         with:
           toolchain: ${{ matrix.rust }}
           components: rustfmt, clippy
 
       - name: Cache cargo registry
-        uses: actions/cache@v3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4-latest
         with:
           path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            ~/.cargo/registry/index
+            ~/.cargo/registry/cache
+            ~/.cargo/git/db
+            target/release/deps
+            target/debug/deps
+          key: ${{ runner.os }}-cargo-${{ matrix.rust }}-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ matrix.rust }}-
+            ${{ runner.os }}-cargo-
+
+      - name: Free up disk space
+        run: |
+          echo "Disk usage before cleanup:"
+          df -h
+
+          # Remove unnecessary packages and clean package cache
+          sudo apt-get autoremove -y
+          sudo apt-get autoclean
+          sudo apt-get clean
+
+          # Remove large unnecessary directories
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /opt/hostedtoolcache/CodeQL
+
+          echo "Disk usage after cleanup:"
+          df -h
 
       - name: Install system dependencies
         run: |
@@ -81,14 +106,16 @@ jobs:
           DATABASE_URL: postgresql://test_user:test_password@localhost:5432/auth_framework_test
           REDIS_URL: redis://localhost:6379
           JWT_SECRET: test_jwt_secret_that_is_longer_than_32_characters_for_security
+          CARGO_INCREMENTAL: 0
+          CARGO_NET_RETRY: 10
         run: cargo test --all-features --workspace
 
       - name: Run integration tests
         env:
           DATABASE_URL: postgresql://test_user:test_password@localhost:5432/auth_framework_test
           REDIS_URL: redis://localhost:6379
           JWT_SECRET: test_jwt_secret_that_is_longer_than_32_characters_for_security
-        run: cargo test --test integration --all-features
+        run: cargo test --test integration_tests --all-features
 
       - name: Run benchmarks
         env:
@@ -97,59 +124,35 @@ jobs:
           JWT_SECRET: test_jwt_secret_that_is_longer_than_32_characters_for_security
         run: cargo bench --no-run
 
+      - name: Clean up build artifacts
+        run: |
+          # Remove large binary files but keep dependencies cache
+          find target -name "*.rlib" -delete
+          find target -name "auth-framework*" -type f -executable -delete
+          find target -name "integration_tests*" -type f -executable -delete
+          echo "Remaining disk usage:"
+          df -h
+
   security-audit:
     name: Security Audit
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
-      - name: Install cargo-audit
-        run: cargo install cargo-audit
-
-      - name: Run security audit
-        run: cargo audit
-
-      - name: Run cargo-deny
-        uses: EmbarkStudios/cargo-deny-action@v1
-
-  build:
-    name: Build and Test Docker Image
-    runs-on: ubuntu-latest
-    needs: [test, security-audit]
-    steps:
-      - uses: actions/checkout@v4
+        uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
+        with:
+          toolchain: stable
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Install cargo-deny
+        run: cargo install cargo-deny
 
-      - name: Build test image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./Dockerfile.optimized
-          target: testing
-          push: false
-          tags: authframework:test
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Run Docker tests
-        run: |
-          docker run --rm authframework:test
+      - name: Run cargo-deny security audit
+        run: cargo deny check
 
-      - name: Build production image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          file: ./Dockerfile.optimized
-          target: runtime
-          push: false
-          tags: authframework:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+      - name: Clear cargo advisory cache (if exists)
+        run: rm -rf ~/.cargo/advisory-db || true
+        continue-on-error: true
 
   performance:
     name: Performance Tests
@@ -183,13 +186,15 @@ jobs:
           - 6379:6379
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
+        with:
+          toolchain: stable
 
       - name: Cache cargo registry
-        uses: actions/cache@v3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4-latest
         with:
           path: |
             ~/.cargo/registry
@@ -211,7 +216,7 @@ jobs:
           cargo bench --bench auth_performance 2>&1 | tee benchmark_results.txt
 
       - name: Upload benchmark results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: benchmark-results
           path: benchmark_results.txt
@@ -224,111 +229,65 @@ jobs:
             exit 1
           fi
 
-  deploy-staging:
-    name: Deploy to Staging
+  publish-crates-io:
+    name: Publish to crates.io
     runs-on: ubuntu-latest
-    needs: [build, performance]
-    if: github.ref == 'refs/heads/develop'
-    environment: staging
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Build and push Docker image
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: authframework
-          IMAGE_TAG: ${{ github.sha }}
-        run: |
-          docker build -f Dockerfile.optimized --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-
-      - name: Deploy to staging
-        run: |
-          # Update ECS service or Kubernetes deployment
-          aws ecs update-service --cluster staging --service authframework --force-new-deployment
-
-  deploy-production:
-    name: Deploy to Production
-    runs-on: ubuntu-latest
-    needs: [build]
+    needs: [test, security-audit]
     if: github.event_name == 'release'
-    environment: production
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@21dc36fb71dd22e3317045c0c31a3f4249868b17 # stable
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
+          toolchain: stable
 
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Extract version from tag
-        id: version
-        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
-
-      - name: Build and push Docker image
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: authframework
-          IMAGE_TAG: ${{ steps.version.outputs.VERSION }}
-        run: |
-          docker build -f Dockerfile.optimized --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-          docker build -f Dockerfile.optimized --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+      - name: Cache cargo registry
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4-latest
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
 
-      - name: Deploy to production
-        env:
-          VERSION: ${{ steps.version.outputs.VERSION }}
+      - name: Install system dependencies
         run: |
-          # Blue-green deployment with rollback capability
-          aws ecs update-service --cluster production --service authframework --task-definition authframework:$VERSION
+          sudo apt-get update
+          sudo apt-get install -y libpq-dev libssl-dev pkg-config
 
-      - name: Run smoke tests
+      - name: Verify version matches release tag
         run: |
-          # Wait for deployment to complete
-          sleep 60
-
-          # Run smoke tests against production
-          curl -f https://api.authframework.com/health || exit 1
+          CARGO_VERSION=$(cargo metadata --no-deps --format-version 1 | jq -r '.packages[0].version')
+          TAG_VERSION=${GITHUB_REF#refs/tags/v}
+          if [ "$CARGO_VERSION" != "$TAG_VERSION" ]; then
+            echo "Version mismatch: Cargo.toml version ($CARGO_VERSION) != tag version ($TAG_VERSION)"
+            exit 1
+          fi
 
-          # Test authentication flow
-          curl -f -X POST https://api.authframework.com/auth/login \
-            -H "Content-Type: application/json" \
-            -d '{"username":"test@example.com","password":"test"}' || exit 1
+      - name: Publish to crates.io
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
+        run: cargo publish --dry-run && cargo publish
 
   notify:
     name: Notify Team
     runs-on: ubuntu-latest
-    needs: [deploy-production]
+    needs: [publish-crates-io]
     if: always()
 
     steps:
+      # Note: Requires SLACK_WEBHOOK_URL secret to be configured in repository settings
       - name: Slack notification
-        uses: 8398a7/action-slack@v3
-        with:
-          status: ${{ job.status }}
-          channel: "#deployments"
-          webhook_url: ${{ secrets.SLACK_WEBHOOK }}
-          fields: repo,message,commit,author,action,eventName,ref,workflow
+        uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # v2.3.0
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_CHANNEL: "releases"
+          SLACK_COLOR: ${{ needs.publish-crates-io.result == 'success' && 'good' || needs.publish-crates-io.result == 'failure' && 'danger' || 'warning' }}
+          SLACK_MESSAGE: "Library publication status: ${{ needs.publish-crates-io.result }}"
+          SLACK_TITLE: "AuthFramework Library Release"
+          SLACK_USERNAME: "GitHub Actions"
 
   cleanup:
     name: Cleanup
@@ -338,5 +297,5 @@ jobs:
     steps:
       - name: Clean up old artifacts
         run: |
-          # Cleanup old Docker images, test artifacts, etc.
+          # Cleanup test artifacts, cache, etc.
           echo "Cleanup completed"