e53a282fbe
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
- Introduced `NativeTestBase` class for ELF, PE, and Mach-O binary parsing helpers and assertions. - Created `TestCryptoFactory` for SM2 cryptographic provider setup and key generation. - Implemented `Sm2SigningTests` to validate signing functionality with environment gate checks. - Developed console export service and store with comprehensive unit tests for export status management.
121 lines
3.2 KiB
YAML
121 lines
3.2 KiB
YAML
name: Release Validation
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
pull_request:
|
|
paths:
|
|
- 'deploy/**'
|
|
- 'scripts/release/**'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
DOTNET_VERSION: '10.0.x'
|
|
REGISTRY: ghcr.io
|
|
IMAGE_PREFIX: stellaops
|
|
|
|
jobs:
|
|
validate-manifests:
|
|
name: Validate Release Manifests
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Validate Helm charts
|
|
run: |
|
|
helm lint deploy/helm/stellaops
|
|
helm template stellaops deploy/helm/stellaops --dry-run
|
|
|
|
- name: Validate Kubernetes manifests
|
|
run: |
|
|
for f in deploy/k8s/*.yaml; do
|
|
kubectl apply --dry-run=client -f "$f" || exit 1
|
|
done
|
|
|
|
- name: Check required images exist
|
|
run: |
|
|
REQUIRED_IMAGES=(
|
|
"concelier"
|
|
"scanner"
|
|
"authority"
|
|
"signer"
|
|
"attestor"
|
|
"excititor"
|
|
"policy"
|
|
"scheduler"
|
|
"notify"
|
|
)
|
|
for img in "${REQUIRED_IMAGES[@]}"; do
|
|
echo "Checking $img..."
|
|
# Validate Dockerfile exists
|
|
if [ ! -f "src/${img^}/Dockerfile" ] && [ ! -f "deploy/docker/${img}/Dockerfile" ]; then
|
|
echo "Warning: Dockerfile not found for $img"
|
|
fi
|
|
done
|
|
|
|
validate-checksums:
|
|
name: Validate Artifact Checksums
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Verify SHA256SUMS files
|
|
run: |
|
|
find . -name "SHA256SUMS" -type f | while read f; do
|
|
dir=$(dirname "$f")
|
|
echo "Validating $f..."
|
|
cd "$dir"
|
|
if ! sha256sum -c SHA256SUMS --quiet 2>/dev/null; then
|
|
echo "Warning: Checksum mismatch in $dir"
|
|
fi
|
|
cd - > /dev/null
|
|
done
|
|
|
|
validate-schemas:
|
|
name: Validate Schema Integrity
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
|
|
- name: Install ajv-cli
|
|
run: npm install -g ajv-cli ajv-formats
|
|
|
|
- name: Validate JSON schemas
|
|
run: |
|
|
for schema in docs/schemas/*.schema.json; do
|
|
echo "Validating $schema..."
|
|
ajv compile -s "$schema" --spec=draft2020 || echo "Warning: $schema validation issue"
|
|
done
|
|
|
|
release-notes:
|
|
name: Generate Release Notes
|
|
runs-on: ubuntu-latest
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
needs: [validate-manifests, validate-checksums, validate-schemas]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Generate changelog
|
|
run: |
|
|
PREV_TAG=$(git describe --abbrev=0 --tags HEAD^ 2>/dev/null || echo "")
|
|
if [ -n "$PREV_TAG" ]; then
|
|
echo "## Changes since $PREV_TAG" > RELEASE_NOTES.md
|
|
git log --pretty=format:"- %s (%h)" "$PREV_TAG"..HEAD >> RELEASE_NOTES.md
|
|
else
|
|
echo "## Initial Release" > RELEASE_NOTES.md
|
|
fi
|
|
|
|
- name: Upload release notes
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: release-notes
|
|
path: RELEASE_NOTES.md
|