diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml new file mode 100644 index 0000000..565447a --- /dev/null +++ b/.forgejo/workflows/ci.yml @@ -0,0 +1,71 @@ +# NIP Package Manager CI +name: NIP CI + +on: + push: + branches: [unstable, main, stable, testing] + pull_request: + branches: [unstable, main] + +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Verify toolchain + run: nim --version | head -1 + + - name: Build (release) + run: nim c -d:release --opt:speed --hints:off -o:nip nip.nim + + - name: Verify binary + run: | + ls -lh nip + file nip + + test: + name: Test Suite + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Build for testing + run: nim c -d:release -o:nip nip.nim + + - name: Run test suite + run: | + if [ -f tests/run_all_tests.sh ]; then + chmod +x tests/run_all_tests.sh + ./tests/run_all_tests.sh + elif [ -f tests/all_tests.nim ]; then + nim c -r tests/all_tests.nim + else + echo "No test runner found, running individual tests..." + for t in tests/test_*.nim; do + echo "=== Running $t ===" + nim c -r "$t" || true + done + fi + + security-scan: + name: Security Scan + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Check for sensitive content + run: | + FAIL=0 + if find . -path './.agent' -o -path './.vscode' -o -path './.kiro' | grep -q .; then + echo "FAIL: Sensitive directories found" + FAIL=1 + fi + if git grep -l '/home/markus' -- ':!.git' 2>/dev/null | grep -q .; then + echo "FAIL: Internal paths found" + git grep -l '/home/markus' -- ':!.git' + FAIL=1 + fi + if [ $FAIL -eq 1 ]; then exit 1; fi + echo "Security scan PASSED"