ci(deps): bump slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0 #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| release: | |
| types: [published] | |
| env: | |
| BAZEL_VERSION: "7.4.1" | |
| RUST_VERSION: "1.82.0" | |
| TINYGO_VERSION: "0.38.0" | |
| NODE_VERSION: "20.18.0" | |
| jobs: | |
| # Build and test TinyGo implementation | |
| tinygo-component: | |
| name: TinyGo Component Build & Test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bazel | |
| uses: bazel-contrib/[email protected] | |
| with: | |
| bazelisk-cache: true | |
| disk-cache: ${{ github.workflow }} | |
| repository-cache: true | |
| bazelisk-version: ${{ env.BAZEL_VERSION }} | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.23' | |
| - name: Setup TinyGo | |
| uses: acifani/setup-tinygo@v2 | |
| with: | |
| tinygo-version: ${{ env.TINYGO_VERSION }} | |
| - name: Cache Bazel | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/bazel | |
| ~/.cache/bazelisk | |
| key: bazel-${{ runner.os }}-${{ hashFiles('MODULE.bazel', '**/*.bzl') }} | |
| restore-keys: | | |
| bazel-${{ runner.os }}- | |
| - name: Build TinyGo Component | |
| run: | | |
| bazel build //tinygo:file_ops_tinygo | |
| - name: Test TinyGo Component | |
| run: | | |
| bazel test //tinygo:all --test_output=errors | |
| - name: Build WebAssembly Component | |
| run: | | |
| bazel build //tinygo:file_ops_component_wasm | |
| - name: Validate WebAssembly Component | |
| run: | | |
| # Install wasm-tools if not available | |
| if ! command -v wasm-tools &> /dev/null; then | |
| curl -L https://github.com/bytecodealliance/wasm-tools/releases/latest/download/wasm-tools-${{ runner.os == 'Linux' && 'x86_64-linux' || runner.os == 'macOS' && 'x86_64-macos' || 'x86_64-windows' }}.tar.gz | tar xz | |
| sudo mv wasm-tools*/wasm-tools /usr/local/bin/ || mv wasm-tools*/wasm-tools.exe /usr/local/bin/ | |
| fi | |
| # Validate the generated WebAssembly component | |
| wasm-tools validate bazel-bin/tinygo/file_ops_component_wasm.wasm | |
| wasm-tools component wit bazel-bin/tinygo/file_ops_component_wasm.wasm | |
| - name: Upload TinyGo Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: tinygo-component-${{ matrix.os }} | |
| path: | | |
| bazel-bin/tinygo/file_ops_tinygo* | |
| bazel-bin/tinygo/file_ops_component_wasm.wasm | |
| retention-days: 7 | |
| # Build and test Rust implementation | |
| rust-component: | |
| name: Rust Component Build & Test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bazel | |
| uses: bazel-contrib/[email protected] | |
| with: | |
| bazelisk-cache: true | |
| disk-cache: ${{ github.workflow }} | |
| repository-cache: true | |
| bazelisk-version: ${{ env.BAZEL_VERSION }} | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| targets: wasm32-wasi | |
| - name: Cache Bazel | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/bazel | |
| ~/.cache/bazelisk | |
| key: bazel-rust-${{ runner.os }}-${{ hashFiles('MODULE.bazel', 'rust/**', '**/*.bzl') }} | |
| restore-keys: | | |
| bazel-rust-${{ runner.os }}- | |
| - name: Cache Cargo | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: cargo-${{ runner.os }}-${{ hashFiles('rust/**/Cargo.lock', 'rust/**/Cargo.toml') }} | |
| restore-keys: | | |
| cargo-${{ runner.os }}- | |
| - name: Build Rust Component | |
| run: | | |
| bazel build //rust:file_ops_rust | |
| - name: Test Rust Component | |
| run: | | |
| bazel test //rust:all --test_output=errors | |
| - name: Build WebAssembly Component | |
| run: | | |
| bazel build //rust:file_ops_component_wasm | |
| - name: Validate WebAssembly Component | |
| run: | | |
| # Install wasm-tools if not available | |
| if ! command -v wasm-tools &> /dev/null; then | |
| curl -L https://github.com/bytecodealliance/wasm-tools/releases/latest/download/wasm-tools-${{ runner.os == 'Linux' && 'x86_64-linux' || runner.os == 'macOS' && 'x86_64-macos' || 'x86_64-windows' }}.tar.gz | tar xz | |
| sudo mv wasm-tools*/wasm-tools /usr/local/bin/ || mv wasm-tools*/wasm-tools.exe /usr/local/bin/ | |
| fi | |
| # Validate the generated WebAssembly component | |
| wasm-tools validate bazel-bin/rust/file_ops_component_wasm.wasm | |
| wasm-tools component wit bazel-bin/rust/file_ops_component_wasm.wasm | |
| - name: Upload Rust Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rust-component-${{ matrix.os }} | |
| path: | | |
| bazel-bin/rust/file_ops_rust* | |
| bazel-bin/rust/file_ops_component_wasm.wasm | |
| retention-days: 7 | |
| # Integration and cross-component testing | |
| integration-test: | |
| name: Integration Testing | |
| runs-on: ubuntu-latest | |
| needs: [tinygo-component, rust-component] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bazel | |
| uses: bazel-contrib/[email protected] | |
| with: | |
| bazelisk-cache: true | |
| disk-cache: ${{ github.workflow }} | |
| repository-cache: true | |
| bazelisk-version: ${{ env.BAZEL_VERSION }} | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.23' | |
| - name: Setup TinyGo | |
| uses: acifani/setup-tinygo@v2 | |
| with: | |
| tinygo-version: ${{ env.TINYGO_VERSION }} | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| targets: wasm32-wasi | |
| - name: Download All Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts/ | |
| - name: Run Integration Tests | |
| run: | | |
| # Build all components | |
| bazel build //... | |
| # Run core integration test suite | |
| bazel test //testdata:integration_test_suite --test_output=errors | |
| # Run all other tests | |
| bazel test //tinygo:all //testdata:all --test_output=errors | |
| # Run Rust tests if available | |
| if bazel query //rust:all &>/dev/null; then | |
| bazel test //rust:all --test_output=errors | |
| fi | |
| - name: Performance Benchmarks | |
| run: | | |
| # Run basic performance tests | |
| bazel test //testdata:performance_basic_test --test_output=summary | |
| # Run full performance comparison if available | |
| bazel test //testdata:performance_comparison_test --test_output=summary || echo "Advanced benchmarks not yet implemented" | |
| # Code quality and security checks | |
| quality-gate: | |
| name: Quality & Security Gate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bazel | |
| uses: bazel-contrib/[email protected] | |
| with: | |
| bazelisk-cache: true | |
| disk-cache: ${{ github.workflow }} | |
| repository-cache: true | |
| bazelisk-version: ${{ env.BAZEL_VERSION }} | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.23' | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| components: clippy, rustfmt | |
| - name: Go Code Quality | |
| run: | | |
| # Format check | |
| cd tinygo && gofmt -d -e . | |
| # Vet check | |
| cd tinygo && go vet ./... | |
| # Security scan | |
| if command -v gosec &> /dev/null; then | |
| cd tinygo && gosec ./... | |
| fi | |
| - name: Rust Code Quality | |
| run: | | |
| # Format check | |
| bazel run //rust:rustfmt_check || echo "Rust format check (skipping if no Rust code)" | |
| # Clippy check | |
| bazel run //rust:clippy_check || echo "Rust clippy check (skipping if no Rust code)" | |
| - name: Buildifier Check | |
| run: | | |
| # Install buildifier | |
| curl -L https://github.com/bazelbuild/buildtools/releases/latest/download/buildifier-linux-amd64 -o buildifier | |
| chmod +x buildifier | |
| # Check BUILD files formatting | |
| find . -name "*.bzl" -o -name "BUILD" -o -name "BUILD.bazel" | xargs ./buildifier -lint=warn -mode=check | |
| - name: License Check | |
| run: | | |
| # Ensure all source files have proper license headers | |
| find . -name "*.go" -o -name "*.rs" | xargs grep -L "Licensed under" || echo "Some files missing license headers" | |
| # Documentation build and deployment | |
| docs-build: | |
| name: Documentation Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: npm | |
| cache-dependency-path: docs-site/package-lock.json | |
| - name: Install docs dependencies | |
| working-directory: docs-site | |
| run: npm ci | |
| - name: Build documentation | |
| working-directory: docs-site | |
| run: npm run build | |
| - name: Upload documentation artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: documentation | |
| path: docs-site/dist/ | |
| retention-days: 7 | |
| # Release creation and artifact publishing | |
| release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| needs: [tinygo-component, rust-component, integration-test, quality-gate] | |
| if: github.event_name == 'release' && github.event.action == 'published' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download All Build Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts/ | |
| - name: Prepare Release Assets | |
| run: | | |
| mkdir -p release/ | |
| # Package TinyGo components | |
| for os in ubuntu-latest macos-latest windows-latest; do | |
| if [ -d "artifacts/tinygo-component-$os" ]; then | |
| tar -czf "release/file-ops-tinygo-$os.tar.gz" -C "artifacts/tinygo-component-$os" . | |
| fi | |
| done | |
| # Package Rust components | |
| for os in ubuntu-latest macos-latest windows-latest; do | |
| if [ -d "artifacts/rust-component-$os" ]; then | |
| tar -czf "release/file-ops-rust-$os.tar.gz" -C "artifacts/rust-component-$os" . | |
| fi | |
| done | |
| - name: Upload Release Assets | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: release/* | |
| body: | | |
| ## File Operations WebAssembly Components | |
| This release includes both TinyGo and Rust implementations of file operations components: | |
| ### TinyGo Implementation | |
| - **Security-focused**: Minimal attack surface and compact binaries | |
| - **WASI Preview 2**: Native support for modern WebAssembly runtimes | |
| - **JSON API**: Compatible with existing JSON batch operations | |
| ### Rust Implementation | |
| - **Performance-optimized**: Advanced streaming I/O and parallel processing | |
| - **Feature-rich**: Comprehensive error handling and security validation | |
| - **Enhanced API**: Extended capabilities beyond basic file operations | |
| ### Usage | |
| Download the appropriate package for your platform and integrate with your Bazel build system using the dual implementation toolchain. | |
| See documentation for detailed integration instructions. | |
| # Performance monitoring and metrics | |
| performance-monitor: | |
| name: Performance Monitoring | |
| runs-on: ubuntu-latest | |
| needs: [integration-test] | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Bazel | |
| uses: bazel-contrib/[email protected] | |
| with: | |
| bazelisk-cache: true | |
| disk-cache: ${{ github.workflow }} | |
| repository-cache: true | |
| bazelisk-version: ${{ env.BAZEL_VERSION }} | |
| - name: Run Performance Tests | |
| run: | | |
| # Performance regression testing | |
| bazel run //testdata:performance_tests --test_output=summary || echo "Performance tests not implemented yet" | |
| - name: Collect Metrics | |
| run: | | |
| echo "Performance monitoring would collect and store metrics here" | |
| # Future: Integration with performance monitoring systems |