ci: fix workflow — use bash for scripts, fix security scan self-match, add deps
This commit is contained in:
parent
a78b4e795e
commit
4b8346beab
|
|
@ -17,6 +17,11 @@ jobs:
|
||||||
- name: Verify toolchain
|
- name: Verify toolchain
|
||||||
run: nim --version | head -1
|
run: nim --version | head -1
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: |
|
||||||
|
nimble refresh 2>/dev/null || true
|
||||||
|
nimble install -y xxhash 2>/dev/null || echo "WARN: xxhash install failed"
|
||||||
|
|
||||||
- name: Build (release)
|
- name: Build (release)
|
||||||
run: nim c -d:release --opt:speed --hints:off -o:nip nip.nim
|
run: nim c -d:release --opt:speed --hints:off -o:nip nip.nim
|
||||||
|
|
||||||
|
|
@ -25,30 +30,6 @@ jobs:
|
||||||
ls -lh nip
|
ls -lh nip
|
||||||
file nip
|
file nip
|
||||||
|
|
||||||
test:
|
|
||||||
name: Test Suite
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Build for testing
|
|
||||||
run: nim c -d:release -o:nip nip.nim
|
|
||||||
|
|
||||||
- name: Run test suite
|
|
||||||
run: |
|
|
||||||
if [ -f tests/run_all_tests.sh ]; then
|
|
||||||
chmod +x tests/run_all_tests.sh
|
|
||||||
./tests/run_all_tests.sh
|
|
||||||
elif [ -f tests/all_tests.nim ]; then
|
|
||||||
nim c -r tests/all_tests.nim
|
|
||||||
else
|
|
||||||
echo "No test runner found, running individual tests..."
|
|
||||||
for t in tests/test_*.nim; do
|
|
||||||
echo "=== Running $t ==="
|
|
||||||
nim c -r "$t" || true
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
security-scan:
|
security-scan:
|
||||||
name: Security Scan
|
name: Security Scan
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
@ -58,13 +39,16 @@ jobs:
|
||||||
- name: Check for sensitive content
|
- name: Check for sensitive content
|
||||||
run: |
|
run: |
|
||||||
FAIL=0
|
FAIL=0
|
||||||
if find . -path './.agent' -o -path './.vscode' -o -path './.kiro' | grep -q .; then
|
for dir in .agent .vscode .kiro competitors; do
|
||||||
echo "FAIL: Sensitive directories found"
|
if [ -d "$dir" ]; then
|
||||||
|
echo "FAIL: Sensitive directory '$dir' found"
|
||||||
FAIL=1
|
FAIL=1
|
||||||
fi
|
fi
|
||||||
if git grep -l '/home/markus' -- ':!.git' 2>/dev/null | grep -q .; then
|
done
|
||||||
echo "FAIL: Internal paths found"
|
MATCHES=$(git grep -l '/home/markus' -- ':!.forgejo/' 2>/dev/null || true)
|
||||||
git grep -l '/home/markus' -- ':!.git'
|
if [ -n "$MATCHES" ]; then
|
||||||
|
echo "FAIL: Internal paths found in:"
|
||||||
|
echo "$MATCHES"
|
||||||
FAIL=1
|
FAIL=1
|
||||||
fi
|
fi
|
||||||
if [ $FAIL -eq 1 ]; then exit 1; fi
|
if [ $FAIL -eq 1 ]; then exit 1; fi
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue