name: particle-os CI on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] release: types: [ published ] env: GO_VERSION: '1.21' QEMU_VERSION: 'latest' jobs: # Test and validate particle-os test: name: Test particle-os runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} cache: true - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y qemu-utils - name: Run tests run: | cd bib go test -v ./... - name: Build particle-os run: | cd bib go build -o particle-os cmd/particle_os/main.go - name: Test CLI run: | cd bib ./particle-os --help ./particle-os version ./particle-os list - name: Validate recipes run: | cd bib for recipe in ../recipes/*.yml; do echo "Validating $recipe..." ./particle-os validate "$recipe" done # Build and test with real container extraction integration-test: name: Integration Test runs-on: ubuntu-latest needs: test steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} cache: true - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y qemu-utils podman - name: Build particle-os run: | cd bib go build -o particle-os cmd/particle_os/main.go - name: Test container extraction run: | cd bib # Test container inspection ./particle-os container debian:trixie-slim - name: Test minimal build (if time allows) run: | cd bib # Only run if we have time (CI time limits) timeout 300 sudo ./particle-os build ../recipes/debian-minimal.yml || echo "Build timed out (expected in CI)" # Build and release build: name: Build and Release runs-on: ubuntu-latest needs: [test, integration-test] if: github.event_name == 'release' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} cache: true - name: Build particle-os run: | cd bib go build -ldflags="-s -w" -o particle-os cmd/particle_os/main.go - name: Create release artifacts run: | mkdir -p release cd bib tar -czf ../release/particle-os-linux-amd64.tar.gz particle-os cd .. # Create checksums cd release sha256sum particle-os-linux-amd64.tar.gz > particle-os-linux-amd64.tar.gz.sha256 - name: Upload release artifacts uses: actions/upload-artifact@v3 with: name: particle-os-release path: release/ - name: Create GitHub release uses: softprops/action-gh-release@v1 with: files: release/* tag_name: ${{ github.ref_name }} name: particle-os ${{ github.ref_name }} body: | ## particle-os ${{ github.ref_name }} Debian-native OS image builder with real system operations. ### What's New - Production-ready OS building system - Real container extraction and processing - Real package management and system configuration - Real QEMU image creation in multiple formats ### Downloads - Linux AMD64: `particle-os-linux-amd64.tar.gz` ### Quick Start ```bash tar -xzf particle-os-linux-amd64.tar.gz sudo ./particle-os build recipes/debian-test.yml ``` env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Security and quality checks security: name: Security & Quality runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: ${{ env.GO_VERSION }} cache: true - name: Run Go security checks run: | cd bib go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... - name: Run Go linting run: | cd bib go install golang.org/x/lint/golint@latest golint ./... - name: Check Go formatting run: | cd bib if [ "$(gofmt -l . | wc -l)" -gt 0 ]; then echo "Code is not formatted. Run 'gofmt -w .'" exit 1 fi - name: Check Go mod tidy run: | cd bib go mod tidy if [ -n "$(git status --porcelain)" ]; then echo "go.mod or go.sum needs updating" exit 1 fi