feat(linux-port): bootstrap MVP boxctl, config loader, supervisor, firewall skeleton, and systemd units #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint-and-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Bash syntax checks | |
| run: ./tests/lint_shell.sh syntax | |
| - name: ShellCheck (if available) | |
| run: | | |
| if command -v shellcheck >/dev/null 2>&1; then | |
| ./tests/lint_shell.sh shellcheck | |
| else | |
| echo "shellcheck not available; skipping" | |
| fi | |
| - name: Mock integration tests | |
| run: | | |
| ./tests/integration/test_phase2.sh | |
| ./tests/integration/test_policy.sh | |
| ./tests/integration/test_updater.sh | |
| - name: Real-kernel integration tests (skip-capable) | |
| continue-on-error: true | |
| run: | | |
| set -o pipefail | |
| : > real-kernel.log | |
| sudo ./tests/integration/test_real_kernel.sh | tee real-kernel.log | |
| - name: Upload real-kernel log | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: real-kernel-log | |
| path: real-kernel.log | |
| build-arch-package: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint-and-tests | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build Arch package in container | |
| run: | | |
| docker run --rm \ | |
| -v "$PWD":/work \ | |
| -w /work \ | |
| archlinux:base-devel \ | |
| bash -lc ' | |
| set -euo pipefail | |
| # Avoid relying on distro default unprivileged accounts (for example `nobody`) | |
| # because some base images can mark them as expired. | |
| useradd -m -U builder | |
| chown -R builder:builder /work | |
| su builder -s /bin/bash -c "cd /work/packaging/arch && makepkg --nodeps --noconfirm -f" | |
| ' | |
| - name: Capture package path | |
| id: pkg | |
| run: | | |
| pkg_path="$(ls -1 packaging/arch/*.pkg.tar.* | head -n 1)" | |
| echo "package_path=${pkg_path}" >> "${GITHUB_OUTPUT}" | |
| echo "Built package: ${pkg_path}" | |
| - name: Upload Arch package artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: box4linux-arch-pkg | |
| path: ${{ steps.pkg.outputs.package_path }} | |
| smoke-package: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-arch-package | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download Arch package artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: box4linux-arch-pkg | |
| path: ./dist | |
| - name: Package smoke test | |
| run: | | |
| pkg_path="$(ls -1 ./dist/*.pkg.tar.* | head -n 1)" | |
| ./tests/integration/test_arch_package_smoke.sh "${pkg_path}" | |
| release: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: | |
| - smoke-package | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Download Arch package artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: box4linux-arch-pkg | |
| path: ./dist | |
| - name: Publish release assets | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: ./dist/*.pkg.tar.* | |
| generate_release_notes: true |