name: CI Pipeline permissions: contents: read on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] jobs: build: runs-on: ubuntu-latest env: C_INCLUDE_PATH: /usr/include:/usr/local/include LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu steps: - name: Install build dependencies run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y \ build-essential \ libssl-dev \ libmagic-dev \ libnghttp2-dev \ pkg-config \ file || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache \ build-base \ openssl-dev \ file-dev \ nghttp2-dev \ zlib-dev \ pkgconf \ file || true fi - uses: actions/checkout@v4 - name: Build project run: make clean && make INCLUDES="-I/usr/include -I/usr/local/include" || make INCLUDES="-I/usr/include -I/usr/local/include" - name: Upload build artifacts uses: actions/upload-artifact@v4 with: name: server-binary path: server test: runs-on: ubuntu-latest needs: build env: C_INCLUDE_PATH: /usr/include:/usr/local/include LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu steps: - name: Ensure test dependencies run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y \ build-essential \ libssl-dev \ libmagic-dev \ libnghttp2-dev \ pkg-config \ file || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache \ build-base \ openssl-dev \ file-dev \ nghttp2-dev \ zlib-dev \ pkgconf \ file || true fi - uses: actions/checkout@v4 - name: Build and run tests run: | make clean && make INCLUDES="-I/usr/include -I/usr/local/include" # Verify the binary was created test -f server && echo "✓ Server binary built successfully" # Basic smoke tests - verify it's a valid ELF executable file server | grep -q "ELF.*executable" && echo "✓ Server executable is valid" echo "✓ All tests passed" security-scan: runs-on: ubuntu-latest steps: - name: Install security tools run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y flawfinder cppcheck || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache cppcheck || true fi - uses: actions/checkout@v4 - name: Run Flawfinder run: | flawfinder --minlevel=1 --html --context src/ > flawfinder-report.html || true flawfinder --minlevel=1 src/ || true - name: Run Cppcheck security analysis run: | cppcheck --enable=warning,style,performance,portability --error-exitcode=0 \ --suppress=missingIncludeSystem src/ 2>&1 | tee cppcheck-security.txt code-quality: runs-on: ubuntu-latest steps: - name: Install code quality tools run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y cppcheck clang-format clang-tidy || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache cppcheck clang-extra-tools || true fi - uses: actions/checkout@v4 - name: Run Cppcheck run: | cppcheck --enable=all --inconclusive --error-exitcode=0 \ --suppress=missingIncludeSystem \ --suppress=unusedFunction \ src/ 2>&1 | tee cppcheck-report.txt - name: Check code formatting run: | find src/ -name "*.c" -o -name "*.h" | while read file; do clang-format -style=file -output-replacements-xml "$file" | grep -q "