openSVM · 0xrinegade · Mar 10, 2025 · Mar 7, 2025 · Mar 7, 2025 · Mar 8, 2025
diff --git a/.github-proposal/README.md b/.github-proposal/README.md
@@ -0,0 +1,87 @@
+# GitHub Actions Workflows for OSVM CLI
+
+This directory contains GitHub Actions workflow proposals for the OSVM CLI project. These workflows automate testing, benchmarking, and deployment processes.
+
+## Workflows
+
+### CI (Continuous Integration)
+
+The CI workflow (`workflows/ci.yml`) runs on every push to the main branch and on pull requests. It performs:
+
+1. **Sanity Checks**: Runs `rustfmt` and `clippy` to ensure code quality and style.
+2. **Unit Tests**: Runs unit tests for the library and binary components.
+3. **End-to-End Tests**: Runs the end-to-end tests that verify CLI functionality.
+4. **Code Coverage**: Generates a code coverage report using `cargo-tarpaulin` and uploads it to Codecov.
+
+### Cross-Platform Tests
+
+The Cross-Platform Tests workflow (`workflows/cross-platform.yml`) runs on every push to the main branch and on pull requests. It:
+
+1. Builds and tests the application on multiple operating systems:
+   - Ubuntu Linux
+   - macOS
+   - Windows
+2. Ensures the CLI works consistently across different platforms.
+
+### Benchmarks
+
+The Benchmarks workflow (`workflows/benchmarks.yml`) runs on every push to the main branch, on pull requests, and weekly on Sundays. It:
+
+1. Runs performance benchmarks using `cargo-criterion`.
+2. Uploads benchmark results as artifacts.
+3. Generates a benchmark report.
+4. For pull requests, compares benchmarks with the main branch to detect performance regressions.
+
+### Security Scan
+
+The Security Scan workflow (`workflows/security.yml`) runs on every push to the main branch, on pull requests, and weekly on Mondays. It:
+
+1. **Security Audit**: Runs `cargo-audit` to check for known vulnerabilities in dependencies.
+2. **Dependency Review**: Reviews dependencies for security issues in pull requests.
+3. **Code Scanning**: Uses GitHub's CodeQL to scan for security vulnerabilities in the code.
+
+### Release
+
+The Release workflow (`workflows/release.yml`) runs when a tag starting with 'v' is pushed. It:
+
+1. **Builds** the release binary.
+2. **Creates a GitHub Release** with the binary attached.
+3. **Deploys to APT Repository**: Creates a Debian package and deploys it to an APT repository.
+4. **Deploys to Homebrew**: Creates a Homebrew formula and submits it to Homebrew.
+5. **Deploys Documentation**: Generates documentation using `cargo doc` and deploys it to GitHub Pages.
+
+## Usage
+
+To use these workflows:
+
+1. Move the `.github-proposal` directory to `.github` in your repository.
+2. Customize the workflows as needed for your specific requirements.
+3. For the Release workflow, you'll need to set up:
+   - An APT repository for Debian package deployment
+   - A Homebrew tap for formula submission
+   - GitHub Pages for documentation hosting
+
+## Requirements
+
+These workflows require:
+
+- GitHub Actions enabled on your repository
+- Appropriate permissions for the GitHub token
+- For the Release workflow, additional secrets may be needed for deployment
+
+## Customization
+
+You can customize these workflows by:
+
+- Adjusting the triggers (e.g., which branches to run on)
+- Adding or removing steps
+- Changing the deployment targets
+- Modifying the build parameters
+
+## Troubleshooting
+
+If you encounter issues with these workflows:
+
+- Check the GitHub Actions logs for detailed error messages
+- Ensure all required secrets are properly set
+- Verify that the repository has the necessary permissions
diff --git a/.github-proposal/workflows/benchmarks.yml b/.github-proposal/workflows/benchmarks.yml
@@ -0,0 +1,78 @@
+name: Benchmarks
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * 0'  # Run weekly on Sundays
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  benchmarks:
+    name: Run Benchmarks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Install cargo-criterion
+        uses: actions-rs/install@v0.1
+        with:
+          crate: cargo-criterion
+          version: latest
+          use-tool-cache: true
+
+      - name: Run benchmarks
+        uses: actions-rs/cargo@v1
+        with:
+          command: criterion
+
+      - name: Upload benchmark results
+        uses: actions/upload-artifact@v3
+        with:
+          name: benchmark-results
+          path: target/criterion
+
+      - name: Generate benchmark report
+        run: |
+          mkdir -p benchmark-report
+          cp -r target/criterion/* benchmark-report/
+          echo "# Benchmark Results" > benchmark-report/README.md
+          echo "Generated on $(date)" >> benchmark-report/README.md
+          echo "## Summary" >> benchmark-report/README.md
+          find target/criterion -name "*/new/estimates.json" -exec cat {} \; | jq -r '.mean | { command: .point_estimate, lower_bound: .confidence_interval.lower_bound, upper_bound: .confidence_interval.upper_bound }' >> benchmark-report/README.md
+
+      - name: Upload benchmark report
+        uses: actions/upload-artifact@v3
+        with:
+          name: benchmark-report
+          path: benchmark-report
+
+      - name: Compare with previous benchmarks
+        if: github.event_name == 'pull_request'
+        run: |
+          git fetch origin ${{ github.base_ref }}
+          git checkout FETCH_HEAD
+          cargo criterion --baseline main
+          git checkout ${{ github.sha }}
+          cargo criterion --baseline main
diff --git a/.github-proposal/workflows/ci.yml b/.github-proposal/workflows/ci.yml
@@ -0,0 +1,144 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  sanity-check:
+    name: Sanity Checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+          components: rustfmt, clippy
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Check formatting
+        uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
+
+      - name: Run clippy
+        uses: actions-rs/cargo@v1
+        with:
+          command: clippy
+          args: -- -D warnings
+
+  unit-tests:
+    name: Unit Tests
+    needs: sanity-check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Run unit tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --lib --bins
+
+  e2e-tests:
+    name: End-to-End Tests
+    needs: unit-tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Build binary
+        uses: actions-rs/cargo@v1
+        with:
+          command: build
+          args: --release
+
+      - name: Run e2e tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --test main
+
+  code-coverage:
+    name: Code Coverage
+    needs: [unit-tests, e2e-tests]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+
+      - name: Install cargo-tarpaulin
+        uses: actions-rs/install@v0.1
+        with:
+          crate: cargo-tarpaulin
+          version: latest
+          use-tool-cache: true
+
+      - name: Generate coverage report
+        uses: actions-rs/cargo@v1
+        with:
+          command: tarpaulin
+          args: --out Xml --output-dir coverage
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          directory: ./coverage/
+          fail_ci_if_error: true
diff --git a/.github-proposal/workflows/cross-platform.yml b/.github-proposal/workflows/cross-platform.yml
@@ -0,0 +1,54 @@
+name: Cross-Platform Tests
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  build-and-test:
+    name: Build and Test
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Build
+        uses: actions-rs/cargo@v1
+        with:
+          command: build
+
+      - name: Run unit tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --lib --bins
+
+      - name: Run e2e tests
+        uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --test main