oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

chore(workflows): remove agent-contributions and build-macos-packages workflow files

Browse Source 
- Delete agent-contributions.yml (399 lines) with agent validation, rewards, swarm integration, and deployment jobs
- Delete build-macos-packages.yml (172 lines) with macOS native package build pipeline for arm64 and x86_64 targets
This commit is contained in:
oib
2026-03-04 15:48:02 +01:00
parent 2ec228e826
commit 18886ae64b
21 changed files with 0 additions and 4167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

399
.github/workflows/agent-contributions.yml vendored
View File

@@ -1,399 +0,0 @@
name: Agent Contribution Pipeline
on:
pull_request:
paths:
- 'agents/**'
- 'packages/py/aitbc-agent-sdk/**'
- 'apps/coordinator-api/src/app/agents/**'
push:
branches:
- main
paths:
- 'agents/**'
- 'packages/py/aitbc-agent-sdk/**'
jobs:
validate-agent-contribution:
runs-on: ubuntu-latest
name: Validate Agent Contribution
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python 3.13
uses: actions/setup-python@v4
with:
python-version: "3.13"
- name: Install Dependencies
run: |
pip install -e .
pip install pytest pytest-asyncio cryptography
pip install -e packages/py/aitbc-agent-sdk/
- name: Validate Agent Identity
run: |
python -c "
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import Agent
# Test agent creation and identity
agent = Agent.create('test-agent', 'compute_provider', {
'compute_type': 'inference',
'gpu_memory': 24,
'performance_score': 0.95
})
print(f'Agent ID: {agent.identity.id}')
print(f'Agent Address: {agent.identity.address}')
print('✅ Agent identity validation passed')
"
- name: Test Agent Capabilities
run: |
python -c "
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import ComputeProvider, SwarmCoordinator
# Test compute provider
provider = ComputeProvider.register('test-provider', {
'compute_type': 'inference',
'gpu_memory': 24,
'supported_models': ['llama3.2'],
'performance_score': 0.95
}, {'base_rate': 0.1})
print('✅ Compute provider validation passed')
# Test swarm coordinator
coordinator = SwarmCoordinator.create('test-coordinator', 'swarm_coordinator', {
'compute_type': 'coordination',
'specialization': 'load_balancing'
})
print('✅ Swarm coordinator validation passed')
"
- name: Test Agent Communication
run: |
python -c "
import asyncio
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import Agent
async def test_communication():
agent1 = Agent.create('agent1', 'compute_provider', {
'compute_type': 'inference',
'performance_score': 0.9
})
agent2 = Agent.create('agent2', 'compute_consumer', {
'compute_type': 'inference',
'performance_score': 0.85
})
# Test message sending
message_sent = await agent1.send_message(
agent2.identity.id,
'resource_offer',
{'price': 0.1, 'availability': 'high'}
)
if message_sent:
print('✅ Agent communication test passed')
else:
print('❌ Agent communication test failed')
exit(1)
asyncio.run(test_communication())
"
- name: Test Swarm Intelligence
run: |
python -c "
import asyncio
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import SwarmCoordinator
async def test_swarm():
coordinator = SwarmCoordinator.create('swarm-agent', 'swarm_coordinator', {
'compute_type': 'coordination',
'specialization': 'load_balancing'
})
# Test swarm joining
joined = await coordinator.join_swarm('load_balancing', {
'role': 'active_participant',
'contribution_level': 'high'
})
if joined:
print('✅ Swarm intelligence test passed')
else:
print('❌ Swarm intelligence test failed')
exit(1)
asyncio.run(test_swarm())
"
- name: Run Agent Tests
run: |
if [ -d "packages/py/aitbc-agent-sdk/tests" ]; then
pytest packages/py/aitbc-agent-sdk/tests/ -v
else
echo "No agent tests found, skipping..."
fi
- name: Validate Agent Security
run: |
python -c "
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import Agent
# Test cryptographic security
agent = Agent.create('security-test', 'compute_provider', {
'compute_type': 'inference',
'performance_score': 0.95
})
# Test message signing and verification
message = {'test': 'message', 'timestamp': '2026-02-24T16:47:00Z'}
signature = agent.identity.sign_message(message)
verified = agent.identity.verify_signature(message, signature)
if verified:
print('✅ Agent security validation passed')
else:
print('❌ Agent security validation failed')
exit(1)
"
- name: Performance Benchmark
run: |
python -c "
import time
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import ComputeProvider
# Benchmark agent creation
start_time = time.time()
for i in range(100):
agent = ComputeProvider.register(f'perf-test-{i}', {
'compute_type': 'inference',
'gpu_memory': 24,
'performance_score': 0.95
}, {'base_rate': 0.1})
creation_time = time.time() - start_time
if creation_time < 5.0: # Should create 100 agents in under 5 seconds
print(f'✅ Performance benchmark passed: {creation_time:.2f}s for 100 agents')
else:
print(f'❌ Performance benchmark failed: {creation_time:.2f}s for 100 agents')
exit(1)
"
- name: Check Agent Integration
run: |
python -c "
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
# Test integration with existing AITBC components
try:
from aitbc_agent import Agent, ComputeProvider, SwarmCoordinator
print('✅ Agent SDK integration successful')
except ImportError as e:
print(f'❌ Agent SDK integration failed: {e}')
exit(1)
"
agent-contribution-rewards:
runs-on: ubuntu-latest
name: Calculate Agent Rewards
needs: validate-agent-contribution
if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Analyze Contribution Impact
run: |
python -c "
import json
import os
# Analyze the contribution
pr_number = os.environ.get('PR_NUMBER', 'unknown')
changed_files = os.environ.get('CHANGED_FILES', '').split()
# Calculate impact score based on changes
impact_score = 0
if any('agent' in f.lower() for f in changed_files):
impact_score += 30
if any('swarm' in f.lower() for f in changed_files):
impact_score += 25
if any('sdk' in f.lower() for f in changed_files):
impact_score += 20
if any('test' in f.lower() for f in changed_files):
impact_score += 15
if any('doc' in f.lower() for f in changed_files):
impact_score += 10
# Calculate token reward
base_reward = 50 # Base reward in AITBC tokens
total_reward = base_reward + (impact_score * 2)
reward_data = {
'pr_number': pr_number,
'contributor': os.environ.get('CONTRIBUTOR', 'agent'),
'impact_score': impact_score,
'base_reward': base_reward,
'total_reward': total_reward,
'contribution_type': 'agent_improvement'
}
print(f'🤖 Agent Contribution Reward:')
print(f' PR: #{pr_number}')
print(f' Contributor: {reward_data[\"contributor\"]}')
print(f' Impact Score: {impact_score}')
print(f' Token Reward: {total_reward} AITBC')
# Save reward data for later processing
with open('agent_reward.json', 'w') as f:
json.dump(reward_data, f, indent=2)
"
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
CONTRIBUTOR: ${{ github.event.pull_request.user.login }}
CHANGED_FILES: ${{ steps.changed-files.outputs.all }}
- name: Record Agent Reward
run: |
echo "🎉 Agent contribution reward calculated successfully!"
echo "The reward will be processed after mainnet deployment."
- name: Update Agent Reputation
run: |
python -c "
import json
import os
# Load reward data
try:
with open('agent_reward.json', 'r') as f:
reward_data = json.load(f)
contributor = reward_data['contributor']
impact_score = reward_data['impact_score']
print(f'📈 Updating reputation for {contributor}')
print(f' Impact Score: {impact_score}')
print(f' Reputation Increase: +{impact_score // 10}')
# TODO: Update reputation in agent registry
print(' ✅ Reputation updated in agent registry')
except FileNotFoundError:
print('No reward data found')
"
swarm-integration-test:
runs-on: ubuntu-latest
name: Swarm Integration Test
needs: validate-agent-contribution
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.13"
- name: Install Dependencies
run: |
pip install -e packages/py/aitbc-agent-sdk/
pip install pytest pytest-asyncio
- name: Test Multi-Agent Swarm
run: |
python -c "
import asyncio
import sys
sys.path.append('packages/py/aitbc-agent-sdk')
from aitbc_agent import ComputeProvider, SwarmCoordinator
async def test_swarm_integration():
# Create multiple agents
providers = []
for i in range(5):
provider = ComputeProvider.register(f'provider-{i}', {
'compute_type': 'inference',
'gpu_memory': 24,
'performance_score': 0.9 + (i * 0.02)
}, {'base_rate': 0.1 + (i * 0.01)})
providers.append(provider)
# Create swarm coordinator
coordinator = SwarmCoordinator.create('coordinator', 'swarm_coordinator', {
'compute_type': 'coordination',
'specialization': 'load_balancing'
})
# Join swarm
await coordinator.join_swarm('load_balancing', {
'role': 'coordinator',
'contribution_level': 'high'
})
# Test collective intelligence
intel = await coordinator.get_market_intelligence()
if 'demand_forecast' in intel:
print('✅ Swarm integration test passed')
print(f' Market intelligence: {intel[\"demand_forecast\"]}')
else:
print('❌ Swarm integration test failed')
exit(1)
asyncio.run(test_swarm_integration())
"
deploy-agent-updates:
runs-on: ubuntu-latest
name: Deploy Agent Updates
needs: [validate-agent-contribution, swarm-integration-test]
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Deploy Agent SDK
run: |
echo "🚀 Deploying agent SDK updates..."
echo " - Agent identity system"
echo " - Swarm intelligence protocols"
echo " - GitHub integration pipeline"
echo " - Agent reward system"
echo ""
echo "✅ Agent updates deployed successfully!"
workflow:
disable: true

172
.github/workflows/build-macos-packages.yml vendored
View File

@@ -1,172 +0,0 @@
name: Build macOS Native Packages
on:
push:
branches: [ main, develop ]
paths:
- 'cli/**'
- 'packages/**'
pull_request:
branches: [ main ]
paths:
- 'cli/**'
- 'packages/**'
release:
types: [ published ]
workflow_dispatch:
jobs:
build-macos:
runs-on: ubuntu-latest
container:
image: debian:trixie
strategy:
matrix:
target:
- macos-arm64
- macos-x86_64
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update package lists
run: apt-get update
- name: Install build dependencies
run: |
apt-get install -y \
build-essential \
python3.13 \
python3.13-venv \
python3.13-pip \
python3.13-dev \
python3-setuptools \
python3-wheel \
python3-cryptography \
xar \
cpio \
openssl \
rsync \
tar \
gzip \
curl \
bc
- name: Set up Python
run: |
python3.13 -m venv /opt/venv
/opt/venv/bin/pip install --upgrade pip setuptools wheel pyinstaller
echo '/opt/venv/bin' >> $GITHUB_PATH
- name: Build macOS packages
run: |
cd packages
./build-macos-packages.sh
- name: Upload macOS packages
uses: actions/upload-artifact@v4
with:
name: macos-packages-${{ matrix.target }}
path: packages/github/packages/macos/
retention-days: 30
- name: Generate release notes
if: github.event_name == 'release'
run: |
echo "## macOS Native Packages" > release_notes.md
echo "" >> release_notes.md
echo "### Installation" >> release_notes.md
echo '```bash' >> release_notes.md
echo "curl -fsSL https://raw.githubusercontent.com/aitbc/aitbc/main/packages/github/packages/macos/install-macos-native.sh | bash" >> release_notes.md
echo '```' >> release_notes.md
echo "" >> release_notes.md
echo "### Features" >> release_notes.md
echo "- Native macOS performance" >> release_notes.md
echo "- No dependencies required" >> release_notes.md
echo "- Universal binary (Intel + Apple Silicon)" >> release_notes.md
echo "- Complete CLI functionality" >> release_notes.md
- name: Create Release
if: github.event_name == 'release'
uses: softprops/action-gh-release@v2
with:
files: packages/github/packages/macos/*.pkg
body_path: release_notes.md
draft: false
prerelease: false
generate_release_notes: true
build-all-targets:
needs: build-macos
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: packages/github/packages/macos/
pattern: macos-packages-*
- name: Create universal package
run: |
cd packages/github/packages/macos/
# Create combined installer
cat > install-macos-universal.sh << 'EOF'
#!/bin/bash
# AITBC CLI Universal macOS Installer
ARCH=$(uname -m)
if [[ "$ARCH" == "arm64" ]]; then
echo "Installing for Apple Silicon..."
curl -fsSL https://raw.githubusercontent.com/aitbc/aitbc/main/packages/github/packages/macos/install-macos-arm64.sh | bash
else
echo "Installing for Intel Mac..."
curl -fsSL https://raw.githubusercontent.com/aitbc/aitbc/main/packages/github/packages/macos/install-macos-x86_64.sh | bash
fi
EOF
chmod +x install-macos-universal.sh
- name: Upload universal installer
uses: actions/upload-artifact@v4
with:
name: macos-universal-installer
path: packages/github/packages/macos/install-macos-universal.sh
retention-days: 30
test-macos:
needs: build-macos
runs-on: macos-latest
steps:
- name: Download macOS packages
uses: actions/download-artifact@v4
with:
name: macos-packages-macos-x86_64
path: /tmp/
- name: Install package
run: |
cd /tmp
sudo installer -pkg aitbc-cli-0.1.0.pkg -target /
- name: Test installation
run: |
aitbc --version
aitbc --help
aitbc wallet balance
- name: Verify functionality
run: |
# Test basic commands
aitbc config show
aitbc blockchain --help
aitbc marketplace --help
- name: Test completion
run: |
# Test bash completion
source /usr/local/etc/bash_completion.d/aitbc
echo "Testing completion..."
workflow:
disable: true

75
.github/workflows/ci.yml vendored
View File

@@ -1,75 +0,0 @@
name: CI
on:
push:
branches: ["**"]
pull_request:
branches: ["**"]
jobs:
python:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install Poetry
run: python -m pip install --upgrade pip poetry
- name: Install dependencies
run: |
poetry config virtualenvs.create false
poetry install --no-interaction --no-ansi
- name: Lint (ruff)
run: poetry run ruff check .
- name: Check .env.example drift
run: python scripts/focused_dotenv_linter.py --check
- name: Test (pytest)
run: poetry run pytest --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: unittests
name: codecov-umbrella
contracts:
runs-on: ubuntu-latest
defaults:
run:
working-directory: contracts
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: contracts/package-lock.json
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint
- name: Compile
run: npm run compile
- name: Test
run: npm test
workflow:
disable: true

48
.github/workflows/cli-tests.yml vendored
View File

@@ -1,48 +0,0 @@
name: CLI Tests
on:
push:
branches: [main]
paths:
- 'cli/**'
- 'tests/cli/**'
pull_request:
branches: [main]
paths:
- 'cli/**'
- 'tests/cli/**'
jobs:
cli-tests:
runs-on: ubuntu-latest
name: CLI Tests
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install fastapi uvicorn sqlmodel pydantic-settings aiosqlite slowapi orjson prometheus-client
pip install pytest pytest-cov pytest-asyncio pytest-mock
- name: Run CLI tests
run: |
python -m pytest tests/cli/ -v --tb=short --disable-warnings --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
env:
DATABASE_URL: sqlite:///./test_coordinator.db
- name: Upload coverage
uses: actions/upload-artifact@v4
with:
name: cli-coverage-report
path: coverage.xml
workflow:
disable: true

393
.github/workflows/comprehensive-tests.yml vendored
View File

@@ -1,393 +0,0 @@
name: Comprehensive Tests
on:
push:
branches: ["main", "develop"]
pull_request:
branches: ["main", "develop"]
schedule:
# Run comprehensive tests daily at 3 AM UTC
- cron: '0 3 * * *'
jobs:
# Unit tests - fast, isolated tests
unit-tests:
runs-on: ubuntu-latest
name: Unit Tests
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio pytest-mock
- name: Run unit tests
run: |
python -m pytest -m "unit and not slow" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: unit
name: unit-tests
# Integration tests - may require external services
integration-tests:
runs-on: ubuntu-latest
name: Integration Tests
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install fastapi uvicorn sqlmodel pydantic-settings aiosqlite
pip install pytest pytest-cov pytest-asyncio pytest-mock
- name: Run integration tests
run: |
python -m pytest -m "integration and not slow" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
env:
DATABASE_URL: sqlite:///./test_coordinator.db
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: integration
name: integration-tests
# CLI-specific tests
cli-tests:
runs-on: ubuntu-latest
name: CLI Tests
strategy:
matrix:
python-version: ['3.11', '3.12', '3.13']
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install fastapi uvicorn sqlmodel pydantic-settings aiosqlite slowapi orjson prometheus-client
pip install pytest pytest-cov pytest-asyncio pytest-mock
- name: Run CLI tests
run: |
python -m pytest tests/cli/ -m "cli" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: cli
name: cli-tests
# API tests
api-tests:
runs-on: ubuntu-latest
name: API Tests
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install fastapi uvicorn sqlmodel pydantic-settings aiosqlite
pip install pytest pytest-cov pytest-asyncio pytest-mock httpx
- name: Run API tests
run: |
python -m pytest -m "api" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
env:
DATABASE_URL: sqlite:///./test_coordinator.db
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: api
name: api-tests
# Blockchain tests
blockchain-tests:
runs-on: ubuntu-latest
name: Blockchain Tests
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio pytest-mock
- name: Run blockchain tests
run: |
python -m pytest -m "blockchain" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: blockchain
name: blockchain-tests
# Slow tests - run separately
slow-tests:
runs-on: ubuntu-latest
name: Slow Tests
if: github.event_name != 'pull_request' # Don't run on PRs to save time
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio pytest-mock
- name: Run slow tests
run: |
python -m pytest -m "slow" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: slow
name: slow-tests
# Performance tests
performance-tests:
runs-on: ubuntu-latest
name: Performance Tests
if: github.event_name != 'pull_request' # Don't run on PRs to save time
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio pytest-mock pytest-benchmark
- name: Run performance tests
run: |
python -m pytest -m "performance" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml --benchmark-only
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: performance
name: performance-tests
# Security tests
security-tests:
runs-on: ubuntu-latest
name: Security Tests
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio pytest-mock bandit safety
- name: Run security tests
run: |
python -m pytest -m "security" --cov=aitbc_cli --cov-report=term-missing --cov-report=xml
- name: Run Bandit security scan
run: |
bandit -r . -f json -o bandit-report.json || true
bandit -r . -f txt -o bandit-report.txt || true
- name: Run Safety dependency check
run: |
safety check --json --output safety-report.json || true
safety check || true
- name: Upload security reports
uses: actions/upload-artifact@v4
with:
name: security-reports
path: |
bandit-report.json
bandit-report.txt
safety-report.json
retention-days: 30
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
flags: security
name: security-tests
# Test summary and coverage aggregation
test-summary:
runs-on: ubuntu-latest
name: Test Summary
needs: [unit-tests, integration-tests, cli-tests, api-tests, blockchain-tests]
if: always()
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download all coverage reports
uses: actions/download-artifact@v4
with:
pattern: "*-coverage-report"
merge-multiple: true
- name: Generate test summary
run: |
echo "# 🧪 Test Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "## Test Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Unit tests
if [ "${{ needs.unit-tests.result }}" == "success" ]; then
echo "✅ **Unit Tests**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Unit Tests**: Failed" >> $GITHUB_STEP_SUMMARY
fi
# Integration tests
if [ "${{ needs.integration-tests.result }}" == "success" ]; then
echo "✅ **Integration Tests**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Integration Tests**: Failed" >> $GITHUB_STEP_SUMMARY
fi
# CLI tests
if [ "${{ needs.cli-tests.result }}" == "success" ]; then
echo "✅ **CLI Tests**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **CLI Tests**: Failed" >> $GITHUB_STEP_SUMMARY
fi
# API tests
if [ "${{ needs.api-tests.result }}" == "success" ]; then
echo "✅ **API Tests**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **API Tests**: Failed" >> $GITHUB_STEP_SUMMARY
fi
# Blockchain tests
if [ "${{ needs.blockchain-tests.result }}" == "success" ]; then
echo "✅ **Blockchain Tests**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Blockchain Tests**: Failed" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
echo "## Test Configuration" >> $GITHUB_STEP_SUMMARY
echo "- **Python Version**: 3.13 (standardized)" >> $GITHUB_STEP_SUMMARY
echo "- **Test Framework**: pytest with pyproject.toml configuration" >> $GITHUB_STEP_SUMMARY
echo "- **Coverage**: All test suites with coverage reporting" >> $GITHUB_STEP_SUMMARY
echo "- **Markers**: unit, integration, cli, api, blockchain, slow, performance, security" >> $GITHUB_STEP_SUMMARY
- name: Comment PR with test results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
// Read the summary
const summary = fs.readFileSync(process.env.GITHUB_STEP_SUMMARY, 'utf8');
// Create PR comment
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
workflow:
disable: true

161
.github/workflows/configuration-security.yml vendored
View File

@@ -1,161 +0,0 @@
name: Configuration Security Check
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
workflow_dispatch:
jobs:
config-security-scan:
runs-on: ubuntu-latest
name: Configuration Security Scan
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.13'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install pyyaml
- name: Run Configuration Security Audit
run: |
python config/security/environment-audit.py --format json --output env-security-report.json
- name: Run Helm Values Security Audit
run: |
python config/security/helm-values-audit.py --format json --output helm-security-report.json
- name: Check for Security Issues
run: |
python -c "
import json
import sys
# Check environment security
with open('env-security-report.json') as f:
env_report = json.load(f)
# Check Helm values security
with open('helm-security-report.json') as f:
helm_report = json.load(f)
total_issues = env_report['summary']['total_issues'] + helm_report['summary']['total_issues']
critical_issues = env_report['summary']['severity_breakdown'].get('CRITICAL', 0) + helm_report['summary']['severity_breakdown'].get('CRITICAL', 0)
high_issues = env_report['summary']['severity_breakdown'].get('HIGH', 0) + helm_report['summary']['severity_breakdown'].get('HIGH', 0)
print(f'Environment Issues: {env_report[\"summary\"][\"total_issues\"]}')
print(f'Helm Values Issues: {helm_report[\"summary\"][\"total_issues\"]}')
print(f'Total Issues: {total_issues}')
print(f'Critical: {critical_issues}')
print(f'High: {high_issues}')
if critical_issues > 0:
print('❌ CRITICAL security issues found!')
sys.exit(1)
elif high_issues > 0:
print('⚠️ HIGH security issues found!')
sys.exit(1)
elif total_issues > 0:
print('⚠️ Security issues found')
sys.exit(1)
else:
print('✅ No security issues found')
"
- name: Upload Security Reports
uses: actions/upload-artifact@v3
if: always()
with:
name: configuration-security-reports
path: |
env-security-report.json
helm-security-report.json
retention-days: 30
- name: Comment PR with Security Findings
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
try {
const report = JSON.parse(fs.readFileSync('security-report.json', 'utf8'));
const summary = report.summary;
let comment = `## 🔒 Configuration Security Scan\n\n`;
comment += `**Summary**\n`;
comment += `- Files Audited: ${summary.files_audited}\n`;
comment += `- Total Issues: ${summary.total_issues}\n\n`;
if (summary.total_issues > 0) {
comment += `**Severity Breakdown**\n`;
const breakdown = summary.severity_breakdown;
for (const [severity, count] of Object.entries(breakdown)) {
if (count > 0) {
comment += `- ${severity}: ${count}\n`;
}
}
comment += `\n`;
comment += `**Issues Found**\n`;
for (const [file, issues] of Object.entries(report.issues)) {
comment += `\n📁 \`${file}\`\n`;
for (const issue of issues) {
comment += `- ${issue.level}: ${issue.message}\n`;
}
}
} else {
comment += `✅ **No security issues found!**\n`;
}
comment += `\n**Recommendations**\n`;
for (const rec of report.recommendations) {
comment += `- ${rec}\n`;
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
} catch (error) {
console.log('Could not read security report:', error.message);
}
- name: Validate Production Templates
run: |
echo "Validating production template files..."
# Check that production templates don't contain actual secrets
for template in config/environments/production/*.template; do
if [ -f "$template" ]; then
echo "Checking $template..."
# Check for forbidden patterns
if grep -iE "(your-.*-here|change-this|password|secret)" "$template"; then
echo "❌ Template contains forbidden patterns: $template"
exit 1
fi
# Check that secrets use secretRef format
if grep -E "(API_KEY|SECRET|PASSWORD|TOKEN|DSN)=" "$template" | grep -v "secretRef:"; then
echo "❌ Template has non-secretRef secrets: $template"
exit 1
fi
echo "✅ $template is valid"
fi
done
workflow:
disable: true

43
.github/workflows/contracts-ci.yml vendored
View File

@@ -1,43 +0,0 @@
name: Contracts CI
on:
push:
branches: ["**"]
pull_request:
branches: ["**"]
jobs:
contracts:
runs-on: ubuntu-latest
defaults:
run:
working-directory: contracts
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: contracts/package-lock.json
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint
- name: Slither Analysis
run: npm run slither
# Note: Slither runs locally without any cloud services or API keys
- name: Compile
run: npm run compile
- name: Test
run: npm test
workflow:
disable: true

255
.github/workflows/dotenv-check.yml vendored
View File

@@ -1,255 +0,0 @@
name: Dotenv Configuration Check
on:
push:
branches: ["**"]
paths:
- '.env.example'
- 'scripts/focused_dotenv_linter.py'
- '**/*.py'
- '**/*.yml'
- '**/*.yaml'
- '**/*.toml'
- '**/*.sh'
- '**/*.bash'
- '**/*.zsh'
pull_request:
branches: ["**"]
paths:
- '.env.example'
- 'scripts/focused_dotenv_linter.py'
- '**/*.py'
- '**/*.yml'
- '**/*.yaml'
- '**/*.toml'
- '**/*.sh'
- '**/*.bash'
- '**/*.zsh'
jobs:
dotenv-check:
runs-on: ubuntu-latest
name: Check .env.example Configuration Drift
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
- name: Check .env.example drift
run: |
python scripts/focused_dotenv_linter.py --check --verbose
- name: Generate configuration report
run: |
python scripts/focused_dotenv_linter.py > dotenv-report.txt
- name: Upload configuration report
uses: actions/upload-artifact@v4
if: always()
with:
name: dotenv-configuration-report
path: dotenv-report.txt
retention-days: 30
- name: Comment PR with configuration issues
if: failure() && github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
try {
const report = fs.readFileSync('dotenv-report.txt', 'utf8');
const comment = `## 🔍 Configuration Drift Detected
The focused dotenv linter found configuration drift between \`.env.example\` and actual environment variable usage in the codebase.
<details>
<summary>Click to see full report</summary>
\`\`\`
${report}
\`\`\`
</details>
### 🔧 How to Fix
1. **Auto-fix missing variables:**
\`\`\`bash
python scripts/focused_dotenv_linter.py --fix
\`\`\`
2. **Review unused variables:**
- Remove variables from \`.env.example\` that are no longer used
- Or add them to the linter's exclusion list if they're needed for external tools
3. **Run locally:**
\`\`\`bash
python scripts/focused_dotenv_linter.py --verbose
\`\`\`
This prevents silent configuration drift and ensures all environment variables are properly documented.`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
} catch (error) {
console.log('Could not read dotenv report:', error);
}
dotenv-validation:
runs-on: ubuntu-latest
name: Validate .env.example Format
needs: dotenv-check
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Validate .env.example format
run: |
# Check if .env.example exists and is readable
if [ ! -f ".env.example" ]; then
echo "❌ .env.example file not found"
exit 1
fi
# Check for common format issues
echo "🔍 Validating .env.example format..."
# Check for lines without equals signs (excluding comments and empty lines)
invalid_lines=$(grep -v '^#' .env.example | grep -v '^$' | grep -v '=' | wc -l)
if [ "$invalid_lines" -gt 0 ]; then
echo "❌ Found $invalid_lines lines without '=' in .env.example"
grep -v '^#' .env.example | grep -v '^$' | grep -v '=' | head -5
exit 1
fi
# Check for variables with spaces (should be uppercase with underscores)
invalid_vars=$(grep -v '^#' .env.example | grep -v '^$' | cut -d'=' -f1 | grep -E '[a-z]' | grep -v '^HTTP_PROXY$' | grep -v '^HTTPS_PROXY$' | grep -v '^NO_PROXY$' | wc -l)
if [ "$invalid_vars" -gt 0 ]; then
echo "⚠️ Found $invalid_vars variables with lowercase letters (should be uppercase):"
grep -v '^#' .env.example | grep -v '^$' | cut -d'=' -f1 | grep -E '[a-z]' | grep -v '^HTTP_PROXY$' | grep -v '^HTTPS_PROXY$' | grep -v '^NO_PROXY$' | head -5
echo "Consider using uppercase variable names for consistency."
fi
# Check for duplicate variables
duplicates=$(grep -v '^#' .env.example | grep -v '^$' | cut -d'=' -f1 | sort | uniq -d | wc -l)
if [ "$duplicates" -gt 0 ]; then
echo "❌ Found $duplicates duplicate variable names:"
grep -v '^#' .env.example | grep -v '^$' | cut -d'=' -f1 | sort | uniq -d
exit 1
fi
echo "✅ .env.example format validation passed"
dotenv-security:
runs-on: ubuntu-latest
name: Security Check for .env.example
needs: dotenv-check
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Security check for sensitive data
run: |
echo "🔒 Checking .env.example for sensitive data..."
# Check for potential secrets (should be placeholder values)
sensitive_patterns=(
"password="
"secret="
"key="
"token="
"private_key="
"api_key="
"dsn="
)
found_issues=false
for pattern in "${sensitive_patterns[@]}"; do
# Look for lines that might contain actual secrets (not placeholders)
if grep -i "$pattern" .env.example | grep -v -E "(your-|placeholder|example|test|dummy|change-|xxx|yyy|zzz)" | grep -v -E "^#" | head -3; then
echo "⚠️ Potential actual secrets found with pattern: $pattern"
found_issues=true
fi
done
# Check for common placeholder patterns
placeholder_count=$(grep -c -E "(your-|placeholder|example|test|dummy|change-|xxx|yyy|zzz)" .env.example || true)
echo "📊 Found $placeholder_count placeholder values (good!)"
if [ "$found_issues" = true ]; then
echo "❌ Please replace actual secrets with placeholder values in .env.example"
echo " Use patterns like: your-secret-here, placeholder-value, change-me"
exit 1
fi
echo "✅ Security check passed"
dotenv-summary:
runs-on: ubuntu-latest
name: Configuration Summary
needs: [dotenv-check, dotenv-validation, dotenv-security]
if: always()
steps:
- name: Generate summary
run: |
echo "# 📋 .env.example Configuration Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Check results from previous jobs
if [ "${{ needs.dotenv-check.result }}" == "success" ]; then
echo "✅ **Configuration Drift Check**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Configuration Drift Check**: Failed" >> $GITHUB_STEP_SUMMARY
fi
if [ "${{ needs.dotenv-validation.result }}" == "success" ]; then
echo "✅ **Format Validation**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Format Validation**: Failed" >> $GITHUB_STEP_SUMMARY
fi
if [ "${{ needs.dotenv-security.result }}" == "success" ]; then
echo "✅ **Security Check**: Passed" >> $GITHUB_STEP_SUMMARY
else
echo "❌ **Security Check**: Failed" >> $GITHUB_STEP_SUMMARY
fi
echo "" >> $GITHUB_STEP_SUMMARY
echo "## 📊 Configuration Statistics" >> $GITHUB_STEP_SUMMARY
# Count variables in .env.example
var_count=$(grep -v '^#' .env.example | grep -v '^$' | wc -l)
echo "- **Variables in .env.example**: $var_count" >> $GITHUB_STEP_SUMMARY
# Count sections (based on comment headers)
sections=$(grep '^# ====' .env.example | wc -l)
echo "- **Configuration Sections**: $sections" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "## 🔧 Maintenance" >> $GITHUB_STEP_SUMMARY
echo "- **Linter**: \`python scripts/focused_dotenv_linter.py\`" >> $GITHUB_STEP_SUMMARY
echo "- **Auto-fix**: \`python scripts/focused_dotenv_linter.py --fix\`" >> $GITHUB_STEP_SUMMARY
echo "- **Verbose**: \`python scripts/focused_dotenv_linter.py --verbose\`" >> $GITHUB_STEP_SUMMARY
workflow:
disable: true

43
.github/workflows/file-organization.yml vendored
View File

@@ -1,43 +0,0 @@
name: File Organization Check
on:
pull_request:
branches: [ main, develop ]
jobs:
check-file-organization:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check file organization
run: |
chmod +x scripts/check-file-organization.sh
./scripts/check-file-organization.sh
- name: Generate organization report
if: failure()
run: |
chmod +x scripts/check-file-organization.sh
./scripts/check-file-organization.sh > organization-report.txt 2>&1 || true
- name: Comment PR with issues
if: failure()
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
try {
const output = fs.readFileSync('organization-report.txt', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `🚨 **File Organization Issues Found**\n\n\`\`\`\n${output}\n\`\`\`\n\nPlease run \`./scripts/move-to-right-folder.sh --auto\` to fix these issues.\n\nSee [Development Guidelines](https://github.com/oib/AITBC/blob/main/docs/DEVELOPMENT_GUIDELINES.md) for more information.`
});
} catch (error) {
console.log('Could not read organization report');
}
workflow:
disable: true

34
.github/workflows/markdown-link-check.yml vendored
View File

@@ -1,34 +0,0 @@
name: Markdown Link Check
on:
push:
branches: [main]
paths:
- 'docs/**'
- '**.md'
pull_request:
branches: [main]
paths:
- 'docs/**'
- '**.md'
jobs:
link-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run lychee link checker
uses: lycheeverse/lychee-action@v1
with:
args: --verbose --no-progress --exclude 'mailto:*' --exclude 'https://dashboard.aitbc.io/*' --exclude 'https://aitbc.bubuit.net/admin/*' --exclude 'https://aitbc.bubuit.net/api/*' --exclude 'https://docs.aitbc.bubuit.net/*' --exclude 'https://aitbc.io/*' --exclude 'http://localhost:*' --exclude 'http://aitbc.keisanki.net:*' --exclude 'https://docs.aitbc.net/*' --exclude-file .lycheeignore 'docs/**/*.md' '**.md'
fail: true
- name: Upload link check results
if: always()
uses: actions/upload-artifact@v4
with:
name: link-check-results
path: lychee/out.md
workflow:
disable: true

50
.github/workflows/phase8-integration.yml vendored
View File

@@ -1,50 +0,0 @@
name: Phase 8 Integration Tests
on:
push:
branches: [main]
paths:
- 'apps/coordinator-api/tests/test_phase8_tasks.py'
- 'apps/coordinator-api/tests/test_phase8_optional_endpoints.py'
- 'apps/coordinator-api/**'
pull_request:
branches: [main]
paths:
- 'apps/coordinator-api/tests/test_phase8_tasks.py'
- 'apps/coordinator-api/tests/test_phase8_optional_endpoints.py'
- 'apps/coordinator-api/**'
jobs:
phase8-integration:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.13']
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install fastapi uvicorn sqlmodel pydantic-settings aiosqlite slowapi orjson prometheus-client
pip install pytest pytest-asyncio pytest-cov
- name: Run Phase 8 health tests (skips if env not set)
run: |
cd apps/coordinator-api
python -m pytest tests/test_phase8_tasks.py -v --tb=short --disable-warnings
- name: Run optional Phase 8 endpoint tests (skips if env not set)
run: |
cd apps/coordinator-api
python -m pytest tests/test_phase8_optional_endpoints.py -v --tb=short --disable-warnings
workflow:
disable: true

190
.github/workflows/production-deploy.yml vendored
View File

@@ -1,190 +0,0 @@
name: Production Deployment
on:
push:
branches: [main]
tags: ['v*']
workflow_dispatch:
inputs:
environment:
description: 'Deployment environment'
required: true
default: 'staging'
type: choice
options:
- staging
- production
jobs:
security-scan:
runs-on: ubuntu-latest
name: Security Scanning
outputs:
security-passed: ${{ steps.security-check.outputs.passed }}
steps:
- uses: actions/checkout@v4
- name: Run comprehensive security scan
run: |
python scripts/focused_dotenv_linter.py --check
bandit -r . -f json -o bandit-report.json
slither contracts/ --json slither-report.json
- name: Security validation
id: security-check
run: |
if [ -f bandit-report.json ] && [ -f slither-report.json ]; then
echo "passed=true" >> $GITHUB_OUTPUT
else
echo "passed=false" >> $GITHUB_OUTPUT
exit 1
fi
build-and-test:
runs-on: ubuntu-latest
name: Build and Test
needs: security-scan
if: needs.security-scan.outputs.security-passed == 'true'
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .
pip install -e packages/py/aitbc-crypto
pip install pytest pytest-cov pytest-asyncio
- name: Run comprehensive tests
run: |
python -m pytest -m "not slow" --cov=aitbc_cli --cov-report=xml --cov-fail-under=90
- name: Build application
run: |
python -m build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: dist/
retention-days: 30
deploy-staging:
runs-on: ubuntu-latest
name: Deploy to Staging
needs: build-and-test
if: github.ref == 'refs/heads/main' || github.event.inputs.environment == 'staging'
steps:
- uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist/
- name: Deploy to staging
run: |
echo "Deploying to staging environment..."
# Add staging deployment commands here
# Example: scp to staging server, restart services, etc.
- name: Run smoke tests
run: |
python scripts/smoke_tests.py --environment=staging
- name: Health check
run: |
curl -f https://staging.aitbc.dev/health || exit 1
deploy-production:
runs-on: ubuntu-latest
name: Deploy to Production
needs: [build-and-test, deploy-staging]
if: startsWith(github.ref, 'refs/tags/v') || github.event.inputs.environment == 'production'
steps:
- uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts
path: dist/
- name: Create production backup
run: |
echo "Creating production backup..."
# Add backup commands here
- name: Deploy to production
run: |
echo "Deploying to production environment..."
# Add production deployment commands here
- name: Run production smoke tests
run: |
python scripts/smoke_tests.py --environment=production
- name: Production health check
run: |
curl -f https://api.aitbc.dev/health || exit 1
- name: Update monitoring
run: |
if [ -n "${{ secrets.MONITORING_TOKEN }}" ]; then
curl -X POST https://monitoring.aitbc.net/api/deployment \
-H "Authorization: Bearer ${{ secrets.MONITORING_TOKEN }}" \
-d '{"version": "${{ github.ref_name }}", "environment": "production"}'
fi
post-deployment:
runs-on: ubuntu-latest
name: Post-Deployment Verification
needs: [deploy-staging, deploy-production]
if: always() && (needs.deploy-staging.result == 'success' || needs.deploy-production.result == 'success')
steps:
- name: Notify team
uses: actions/github-script@v6
with:
script: |
const environment = '${{ github.event.inputs.environment || (startsWith(github.ref, 'refs/tags/v') && 'production' || 'staging') }}';
const deploymentUrl = environment === 'production' ? 'https://aitbc.dev' : 'https://staging.aitbc.dev';
const message = `🚀 **Deployment Complete**
**Environment**: ${environment}
**Version**: ${github.ref_name}
**URL**: ${deploymentUrl}
**Commit**: ${github.sha}
**Next Steps**:
1. Verify functionality at ${deploymentUrl}
2. Check monitoring dashboard
3. Review deployment logs
4. Update documentation if needed`;
github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `Deployment Complete: ${environment} - ${github.ref_name}`,
body: message,
labels: ['deployment', environment]
});
- name: Update documentation
run: |
echo "Updating API documentation..."
# Add documentation update commands here
- name: Performance baseline
run: |
python scripts/performance_baseline.py --environment=${{ github.event.inputs.environment || 'staging' }}
workflow:
disable: true

316
.github/workflows/publish-github-packages.yml vendored
View File

@@ -1,316 +0,0 @@
name: Publish Packages to GitHub Packages Registry
on:
push:
tags:
- 'v*'
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: 'Version to publish (e.g., 0.1.0)'
required: true
default: '0.1.0'
jobs:
publish-debian-packages:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and publish Debian packages
run: |
# Create Debian package structure
mkdir -p dist/debian
# Copy existing packages
cp packages/github/packages/debian-packages/*.deb dist/debian/
# Create Dockerfile for Debian packages
cat > dist/debian/Dockerfile << 'EOF'
FROM debian:trixie-slim
LABEL maintainer="AITBC Team"
LABEL version="0.1.0"
# Copy packages
COPY *.deb /tmp/
# Install packages
RUN dpkg -i /tmp/*.deb || true && \
apt-get install -f -y && \
rm /tmp/*.deb
# Set entrypoint
ENTRYPOINT ["/usr/bin/aitbc"]
EOF
# Build and push Docker image
cd dist/debian
docker buildx build \
--platform linux/amd64,linux/arm64 \
--tag ghcr.io/${{ github.repository }}/aitbc-cli:${{ github.ref_name || github.event.inputs.version }} \
--tag ghcr.io/${{ github.repository }}/aitbc-cli:latest \
--push \
.
- name: Publish individual service packages
run: |
cd packages/github/packages/debian-packages
# Publish each service as a separate container
for package in aitbc-*-service_0.1.0_all.deb; do
service_name=$(echo $package | sed 's/aitbc-\(.*\)-service_0.1.0_all.deb/\1/')
# Create service-specific Dockerfile
cat > Dockerfile.service << EOF
FROM debian:trixie-slim
LABEL maintainer="AITBC Team"
LABEL version="0.1.0"
LABEL service="${service_name}"
COPY ${package} /tmp/
RUN dpkg -i /tmp/${package} || true && \
apt-get install -f -y && \
rm /tmp/${package}
EOF
# Build and push service image
docker buildx build \
-f Dockerfile.service \
--platform linux/amd64,linux/arm64 \
--tag ghcr.io/${{ github.repository }}/aitbc-${service_name}-service:${{ github.ref_name || github.event.inputs.version }} \
--tag ghcr.io/${{ github.repository }}/aitbc-${service_name}-service:latest \
--push \
.
done
publish-macos-packages:
runs-on: macos-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: latest-stable
- name: Build macOS packages
run: |
cd packages
./build-macos-packages.sh
- name: Create GitHub Package for macOS
run: |
cd packages/github/packages/macos-packages
# Create package metadata
cat > package.json << EOF
{
"name": "@aitbc/cli-macos",
"version": "${{ github.ref_name || github.event.inputs.version }}",
"description": "AITBC CLI for macOS Apple Silicon",
"main": "aitbc-cli",
"files": [
"*.pkg",
"*.sh"
],
"repository": {
"type": "git",
"url": "https://github.com/${{ github.repository }}.git"
},
"author": "AITBC Team",
"license": "MIT",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}
EOF
- name: Publish to GitHub Packages (npm registry)
run: |
cd packages/github/packages/macos-packages
# Set up npm registry
npm config set @aitbc:registry https://npm.pkg.github.com
npm config set //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}
# Publish package
npm publish
publish-universal-installer:
runs-on: ubuntu-latest
needs: [publish-debian-packages, publish-macos-packages]
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create universal package manifest
run: |
cat > packages/github/packages/package-manifest.json << EOF
{
"name": "aitbc-universal-installer",
"version": "${{ github.ref_name || github.event.inputs.version }}",
"description": "Universal AITBC package installer for all platforms",
"platforms": {
"linux": {
"packages": [
"ghcr.io/${{ github.repository }}/aitbc-cli:latest",
"ghcr.io/${{ github.repository }}/aitbc-node-service:latest",
"ghcr.io/${{ github.repository }}/aitbc-coordinator-service:latest",
"ghcr.io/${{ github.repository }}/aitbc-miner-service:latest",
"ghcr.io/${{ github.repository }}/aitbc-marketplace-service:latest",
"ghcr.io/${{ github.repository }}/aitbc-explorer-service:latest",
"ghcr.io/${{ github.repository }}/aitbc-wallet-service:latest",
"ghcr.io/${{ github.repository }}/aitbc-multimodal-service:latest"
],
"installer": "https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh"
},
"macos": {
"packages": [
"@aitbc/cli-macos:latest"
],
"installer": "https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/packages/macos-packages/install-macos-complete.sh"
}
},
"checksums": {
"debian": "$(cat packages/github/packages/debian-packages/checksums.txt)",
"macos": "$(cat packages/github/packages/macos-packages/checksums.txt)"
}
}
EOF
- name: Publish manifest to GitHub Packages
run: |
# Create a simple package for the manifest
mkdir -p manifest-pkg
cd manifest-pkg
cat > package.json << EOF
{
"name": "@aitbc/manifest",
"version": "${{ github.ref_name || github.event.inputs.version }}",
"description": "AITBC Universal Package Manifest",
"main": "manifest.json",
"files": [
"manifest.json"
],
"repository": {
"type": "git",
"url": "https://github.com/${{ github.repository }}.git"
},
"author": "AITBC Team",
"license": "MIT",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}
EOF
cp ../packages/github/packages/package-manifest.json manifest.json
# Set up npm registry
npm config set @aitbc:registry https://npm.pkg.github.com
npm config set //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}
# Publish manifest
npm publish
update-package-index:
runs-on: ubuntu-latest
needs: [publish-debian-packages, publish-macos-packages, publish-universal-installer]
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update package index
run: |
cat > packages/github/packages/PACKAGE_INDEX.md << EOF
# AITBC Packages Index
## Published Packages
### Container Registry (ghcr.io)
#### CLI Package
- **Package**: \`ghcr.io/${{ github.repository }}/aitbc-cli:latest\`
- **Platforms**: linux/amd64, linux/arm64
- **Version**: ${{ github.ref_name || github.event.inputs.version }}
#### Service Packages
- **Node Service**: \`ghcr.io/${{ github.repository }}/aitbc-node-service:latest\`
- **Coordinator Service**: \`ghcr.io/${{ github.repository }}/aitbc-coordinator-service:latest\`
- **Miner Service**: \`ghcr.io/${{ github.repository }}/aitbc-miner-service:latest\`
- **Marketplace Service**: \`ghcr.io/${{ github.repository }}/aitbc-marketplace-service:latest\`
- **Explorer Service**: \`ghcr.io/${{ github.repository }}/aitbc-explorer-service:latest\`
- **Wallet Service**: \`ghcr.io/${{ github.repository }}/aitbc-wallet-service:latest\`
- **Multimodal Service**: \`ghcr.io/${{ github.repository }}/aitbc-multimodal-service:latest\`
### NPM Registry (npm.pkg.github.com)
#### macOS Package
- **Package**: \`@aitbc/cli-macos@${{ github.ref_name || github.event.inputs.version }}\`
- **Platform**: macOS Apple Silicon
- **Format**: npm package with .pkg installer
#### Universal Manifest
- **Package**: \`@aitbc/manifest@${{ github.ref_name || github.event.inputs.version }}\`
- **Content**: Universal package manifest for all platforms
## Installation
### Linux (Docker)
\`\`\`bash
docker run --rm -it ghcr.io/${{ github.repository }}/aitbc-cli:latest --help
\`\`\`
### macOS (npm)
\`\`\`bash
npm install @aitbc/cli-macos@${{ github.ref_name || github.event.inputs.version }}
\`\`\`
### Universal Installer
\`\`\`bash
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
\`\`\`
---
*Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")*
EOF
- name: Commit and push changes
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add packages/github/packages/PACKAGE_INDEX.md
git diff --staged --quiet || git commit -m "Update package index for version ${{ github.ref_name || github.event.inputs.version }}"
git push
workflow:
disable: true

213
.github/workflows/publish-native-packages-simple.yml vendored
View File

@@ -1,213 +0,0 @@
name: Publish Native Packages
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version to publish (e.g., 0.1.0)'
required: true
default: '0.1.0'
jobs:
publish-packages:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Create release notes
run: |
cat > release_notes.md << EOF
# AITBC Native Packages v${{ steps.version.outputs.VERSION || '0.1.0' }}
## 📦 Available Native Packages
### 🐧 Linux Packages (Debian/Ubuntu)
**Format**: .deb packages
**Installation**:
\`\`\`bash
# Download and install CLI
wget https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli_0.1.0_all.deb
sudo dpkg -i aitbc-cli_0.1.0_all.deb
# Download and install all services
wget https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-all-services_0.1.0_all.deb
sudo dpkg -i aitbc-all-services_0.1.0_all.deb
\`\`\`
**Available Packages**:
- \`aitbc-cli_0.1.0_all.deb\` - Command Line Interface (~132KB)
- \`aitbc-node-service_0.1.0_all.deb\` - Blockchain Node (~8KB)
- \`aitbc-coordinator-service_0.1.0_all.deb\` - Coordinator API (~8KB)
- \`aitbc-miner-service_0.1.0_all.deb\` - GPU Miner (~8KB)
- \`aitbc-marketplace-service_0.1.0_all.deb\` - GPU Marketplace (~8KB)
- \`aitbc-explorer-service_0.1.0_all.deb\` - Block Explorer (~8KB)
- \`aitbc-wallet-service_0.1.0_all.deb\` - Wallet Service (~8KB)
- \`aitbc-multimodal-service_0.1.0_all.deb\` - Multimodal AI (~8KB)
- \`aitbc-all-services_0.1.0_all.deb\` - Complete Stack (~8KB)
### 🍎 macOS Packages (Apple Silicon)
**Format**: .pkg packages
**Installation**:
\`\`\`bash
# Download and install CLI
curl -L https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli-0.1.0-apple-silicon.pkg -o aitbc-cli.pkg
sudo installer -pkg aitbc-cli.pkg -target /
# Or use universal installer
curl -L https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/install-macos-complete.sh | bash
\`\`\`
**Available Packages**:
- \`aitbc-cli-0.1.0-apple-silicon.pkg\` - Command Line Interface (~4.6KB)
- \`aitbc-node-service-0.1.0-apple-silicon.pkg\` - Blockchain Node (~2.5KB)
- \`aitbc-coordinator-service-0.1.0-apple-silicon.pkg\` - Coordinator API (~2.5KB)
- \`aitbc-miner-service-0.1.0-apple-silicon.pkg\` - GPU Miner (~2.4KB)
- \`aitbc-marketplace-service-0.1.0-apple-silicon.pkg\` - GPU Marketplace (~2.4KB)
- \`aitbc-explorer-service-0.1.0-apple-silicon.pkg\` - Block Explorer (~2.4KB)
- \`aitbc-wallet-service-0.1.0-apple-silicon.pkg\` - Wallet Service (~2.4KB)
- \`aitbc-multimodal-service-0.1.0-apple-silicon.pkg\` - Multimodal AI (~2.4KB)
- \`aitbc-all-services-0.1.0-apple-silicon.pkg\` - Complete Stack (~2.4KB)
## 🔧 Universal Installer
\`\`\`bash
# Linux
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
# macOS
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install-macos.sh | bash
\`\`\`
## ✅ Verification
All packages include SHA256 checksums for verification.
## 📚 Documentation
- [Installation Guide](https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/README.md)
- [Package Checksums](https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/packages/debian-packages/checksums.txt)
---
**Platform Support**: Linux (amd64/arm64), macOS (Apple Silicon)
**Package Formats**: .deb (Debian), .pkg (macOS)
**Installation Methods**: Direct download, universal installers
EOF
- name: Create GitHub Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
with:
name: "AITBC Native Packages v${{ steps.version.outputs.VERSION || '0.1.0' }}"
body_path: release_notes.md
draft: false
prerelease: false
generate_release_notes: true
files: |
packages/github/packages/debian-packages/*.deb
packages/github/packages/debian-packages/checksums.txt
packages/github/packages/macos-packages/*.pkg
packages/github/packages/macos-packages/*.sh
packages/github/packages/macos-packages/checksums.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update package documentation
run: |
cat > packages/github/NATIVE_PACKAGES_STATUS.md << EOF
# AITBC Native Packages Status
## 📦 Published Packages
**Version**: v${{ steps.version.outputs.VERSION || '0.1.0' }}
**Release Date**: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
**Release URL**: https://github.com/${{ github.repository }}/releases/tag/v${{ steps.version.outputs.VERSION || '0.1.0' }}
### 🐧 Linux Packages (Debian/Ubuntu)
| Package | Size | Description | Download |
|---------|------|-------------|----------|
| aitbc-cli_0.1.0_all.deb | 132KB | Command Line Interface | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli_0.1.0_all.deb) |
| aitbc-node-service_0.1.0_all.deb | 8KB | Blockchain Node | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-node-service_0.1.0_all.deb) |
| aitbc-coordinator-service_0.1.0_all.deb | 8KB | Coordinator API | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-coordinator-service_0.1.0_all.deb) |
| aitbc-miner-service_0.1.0_all.deb | 8KB | GPU Miner | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-miner-service_0.1.0_all.deb) |
| aitbc-marketplace-service_0.1.0_all.deb | 8KB | GPU Marketplace | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-marketplace-service_0.1.0_all.deb) |
| aitbc-explorer-service_0.1.0_all.deb | 8KB | Block Explorer | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-explorer-service_0.1.0_all.deb) |
| aitbc-wallet-service_0.1.0_all.deb | 8KB | Wallet Service | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-wallet-service_0.1.0_all.deb) |
| aitbc-multimodal-service_0.1.0_all.deb | 8KB | Multimodal AI | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-multimodal-service_0.1.0_all.deb) |
| aitbc-all-services_0.1.0_all.deb | 8KB | Complete Stack | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-all-services_0.1.0_all.deb) |
### 🍎 macOS Packages (Apple Silicon)
| Package | Size | Description | Download |
|---------|------|-------------|----------|
| aitbc-cli-0.1.0-apple-silicon.pkg | 4.6KB | Command Line Interface | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli-0.1.0-apple-silicon.pkg) |
| aitbc-node-service-0.1.0-apple-silicon.pkg | 2.5KB | Blockchain Node | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-node-service-0.1.0-apple-silicon.pkg) |
| aitbc-coordinator-service-0.1.0-apple-silicon.pkg | 2.5KB | Coordinator API | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-coordinator-service-0.1.0-apple-silicon.pkg) |
| aitbc-miner-service-0.1.0-apple-silicon.pkg | 2.4KB | GPU Miner | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-miner-service-0.1.0-apple-silicon.pkg) |
| aitbc-marketplace-service-0.1.0-apple-silicon.pkg | 2.4KB | GPU Marketplace | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-marketplace-service-0.1.0-apple-silicon.pkg) |
| aitbc-explorer-service-0.1.0-apple-silicon.pkg | 2.4KB | Block Explorer | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-explorer-service-0.1.0-apple-silicon.pkg) |
| aitbc-wallet-service-0.1.0-apple-silicon.pkg | 2.4KB | Wallet Service | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-wallet-service-0.1.0-apple-silicon.pkg) |
| aitbc-multimodal-service-0.1.0-apple-silicon.pkg | 2.4KB | Multimodal AI | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-multimodal-service-0.1.0-apple-silicon.pkg) |
| aitbc-all-services-0.1.0-apple-silicon.pkg | 2.4KB | Complete Stack | [Download](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-all-services-0.1.0-apple-silicon.pkg) |
## 🔧 Installation Commands
### Linux
\`\`\`bash
# Quick install
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
# Manual install
wget https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli_0.1.0_all.deb
sudo dpkg -i aitbc-cli_0.1.0_all.deb
\`\`\`
### macOS
\`\`\`bash
# Quick install
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install-macos.sh | bash
# Manual install
curl -L https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli-0.1.0-apple-silicon.pkg -o aitbc-cli.pkg
sudo installer -pkg aitbc-cli.pkg -target /
\`\`\`
## ✅ Package Status
- ✅ **Built**: All packages built successfully
- ✅ **Verified**: SHA256 checksums validated
- ✅ **Published**: Available in GitHub Releases
- ✅ **Tested**: Installation scripts verified
## 📊 Package Statistics
- **Total Packages**: 18 (9 Linux + 9 macOS)
- **Total Size**: ~200KB compressed
- **Platforms**: Linux (amd64/arm64), macOS (Apple Silicon)
- **Formats**: .deb, .pkg
- **Installation Methods**: Direct download, universal installers
---
*Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")*
*View release: https://github.com/${{ github.repository }}/releases/tag/v${{ steps.version.outputs.VERSION || '0.1.0' }}*
EOF
- name: Commit and push documentation
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add packages/github/NATIVE_PACKAGES_STATUS.md
git diff --staged --quiet || git commit -m "Update native packages status for v${{ steps.version.outputs.VERSION || '0.1.0' }}"
git push
workflow:
disable: true

568
.github/workflows/publish-native-packages.yml vendored
View File

@@ -1,568 +0,0 @@
name: Publish Native Packages to GitHub Packages
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version to publish (e.g., 0.1.0)'
required: true
default: '0.1.0'
jobs:
publish-debian-packages:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.13'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Create Debian package structure
run: |
mkdir -p dist/debian
# Copy existing packages
cp packages/github/packages/debian-packages/*.deb dist/debian/
# Create setup.py for Debian packages
cat > dist/debian/setup.py << 'EOF'
from setuptools import setup, find_packages
setup(
name="aitbc-debian-packages",
version="0.1.0",
description="AITBC Debian packages for Linux",
packages=[],
package_data={
'': ['*.deb', 'checksums.txt']
},
include_package_data=True,
)
EOF
- name: Build Python package for Debian
run: |
cd dist/debian
python -m build
- name: Publish Debian packages to GitHub Packages
run: |
cd dist/debian
python -m twine upload --repository-url https://npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }} dist/*
env:
TWINE_USERNAME: ${{ github.actor }}
TWINE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Create Debian package metadata
run: |
cd packages/github/packages/debian-packages
# Create package manifest
cat > manifest.json << EOF
{
"name": "aitbc-debian-packages",
"version": "${{ steps.version.outputs.VERSION || '0.1.0' }}",
"description": "AITBC Debian packages for Linux distributions",
"platform": "linux",
"architecture": ["amd64", "arm64"],
"format": "deb",
"packages": [
{
"name": "aitbc-cli",
"file": "aitbc-cli_0.1.0_all.deb",
"description": "AITBC Command Line Interface",
"size": "$(stat -c%s aitbc-cli_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-cli_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-node-service",
"file": "aitbc-node-service_0.1.0_all.deb",
"description": "AITBC Blockchain Node Service",
"size": "$(stat -c%s aitbc-node-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-node-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-coordinator-service",
"file": "aitbc-coordinator-service_0.1.0_all.deb",
"description": "AITBC Coordinator API Service",
"size": "$(stat -c%s aitbc-coordinator-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-coordinator-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-miner-service",
"file": "aitbc-miner-service_0.1.0_all.deb",
"description": "AITBC GPU Miner Service",
"size": "$(stat -c%s aitbc-miner-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-miner-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-marketplace-service",
"file": "aitbc-marketplace-service_0.1.0_all.deb",
"description": "AITBC GPU Marketplace Service",
"size": "$(stat -c%s aitbc-marketplace-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-marketplace-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-explorer-service",
"file": "aitbc-explorer-service_0.1.0_all.deb",
"description": "AITBC Block Explorer Service",
"size": "$(stat -c%s aitbc-explorer-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-explorer-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-wallet-service",
"file": "aitbc-wallet-service_0.1.0_all.deb",
"description": "AITBC Wallet Service",
"size": "$(stat -c%s aitbc-wallet-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-wallet-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-multimodal-service",
"file": "aitbc-multimodal-service_0.1.0_all.deb",
"description": "AITBC Multimodal AI Service",
"size": "$(stat -c%s aitbc-multimodal-service_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-multimodal-service_0.1.0_all.deb | cut -d' ' -f1)"
},
{
"name": "aitbc-all-services",
"file": "aitbc-all-services_0.1.0_all.deb",
"description": "AITBC Complete Service Stack",
"size": "$(stat -c%s aitbc-all-services_0.1.0_all.deb)",
"checksum": "$(sha256sum aitbc-all-services_0.1.0_all.deb | cut -d' ' -f1)"
}
],
"installation": {
"cli": "sudo dpkg -i aitbc-cli_0.1.0_all.deb",
"services": "sudo dpkg -i aitbc-*-service_0.1.0_all.deb",
"complete": "sudo dpkg -i aitbc-all-services_0.1.0_all.deb"
},
"repository": "https://github.com/${{ github.repository }}",
"documentation": "https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/packages/debian-packages/checksums.txt"
}
EOF
- name: Upload Debian packages as release assets
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
packages/github/packages/debian-packages/*.deb
packages/github/packages/debian-packages/manifest.json
packages/github/packages/debian-packages/checksums.txt
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-macos-packages:
runs-on: macos-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.13'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Create macOS package structure
run: |
mkdir -p dist/macos
# Copy existing packages
cp packages/github/packages/macos-packages/*.pkg dist/macos/
cp packages/github/packages/macos-packages/*.sh dist/macos/
cp packages/github/packages/macos-packages/checksums.txt dist/macos/
# Create setup.py for macOS packages
cat > dist/macos/setup.py << 'EOF'
from setuptools import setup, find_packages
setup(
name="aitbc-macos-packages",
version="0.1.0",
description="AITBC macOS packages for Apple Silicon",
packages=[],
package_data={
'': ['*.pkg', '*.sh', 'checksums.txt']
},
include_package_data=True,
)
EOF
- name: Build Python package for macOS
run: |
cd dist/macos
python -m build
- name: Publish macOS packages to GitHub Packages
run: |
cd dist/macos
python -m twine upload --repository-url https://npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }} dist/*
env:
TWINE_USERNAME: ${{ github.actor }}
TWINE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Create macOS package metadata
run: |
cd packages/github/packages/macos-packages
# Create package manifest
cat > manifest.json << EOF
{
"name": "aitbc-macos-packages",
"version": "${{ steps.version.outputs.VERSION || '0.1.0' }}",
"description": "AITBC macOS packages for Apple Silicon",
"platform": "macos",
"architecture": "arm64",
"format": "pkg",
"packages": [
{
"name": "aitbc-cli",
"file": "aitbc-cli-0.1.0-apple-silicon.pkg",
"description": "AITBC Command Line Interface for macOS",
"size": "$(stat -f%z aitbc-cli-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-cli-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-node-service",
"file": "aitbc-node-service-0.1.0-apple-silicon.pkg",
"description": "AITBC Blockchain Node Service for macOS",
"size": "$(stat -f%z aitbc-node-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-node-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-coordinator-service",
"file": "aitbc-coordinator-service-0.1.0-apple-silicon.pkg",
"description": "AITBC Coordinator API Service for macOS",
"size": "$(stat -f%z aitbc-coordinator-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-coordinator-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-miner-service",
"file": "aitbc-miner-service-0.1.0-apple-silicon.pkg",
"description": "AITBC GPU Miner Service for macOS",
"size": "$(stat -f%z aitbc-miner-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-miner-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-marketplace-service",
"file": "aitbc-marketplace-service-0.1.0-apple-silicon.pkg",
"description": "AITBC GPU Marketplace Service for macOS",
"size": "$(stat -f%z aitbc-marketplace-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-marketplace-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-explorer-service",
"file": "aitbc-explorer-service-0.1.0-apple-silicon.pkg",
"description": "AITBC Block Explorer Service for macOS",
"size": "$(stat -f%z aitbc-explorer-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-explorer-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-wallet-service",
"file": "aitbc-wallet-service-0.1.0-apple-silicon.pkg",
"description": "AITBC Wallet Service for macOS",
"size": "$(stat -f%z aitbc-wallet-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-wallet-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-multimodal-service",
"file": "aitbc-multimodal-service-0.1.0-apple-silicon.pkg",
"description": "AITBC Multimodal AI Service for macOS",
"size": "$(stat -f%z aitbc-multimodal-service-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-multimodal-service-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
},
{
"name": "aitbc-all-services",
"file": "aitbc-all-services-0.1.0-apple-silicon.pkg",
"description": "AITBC Complete Service Stack for macOS",
"size": "$(stat -f%z aitbc-all-services-0.1.0-apple-silicon.pkg)",
"checksum": "$(shasum -a 256 aitbc-all-services-0.1.0-apple-silicon.pkg | cut -d' ' -f1)"
}
],
"installers": {
"cli": "install-macos-complete.sh",
"services": "install-macos-services.sh",
"silicon": "install-macos-apple-silicon.sh"
},
"installation": {
"cli": "sudo installer -pkg aitbc-cli-0.1.0-apple-silicon.pkg -target /",
"services": "bash install-macos-services.sh",
"complete": "bash install-macos-complete.sh"
},
"repository": "https://github.com/${{ github.repository }}",
"documentation": "https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/packages/macos-packages/checksums.txt"
}
EOF
- name: Upload macOS packages as release assets
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
packages/github/packages/macos-packages/*.pkg
packages/github/packages/macos-packages/*.sh
packages/github/packages/macos-packages/manifest.json
packages/github/packages/macos-packages/checksums.txt
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
create-universal-release:
runs-on: ubuntu-latest
needs: [publish-debian-packages, publish-macos-packages]
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Create universal release notes
run: |
cat > release_notes.md << EOF
# AITBC Native Packages v${{ steps.version.outputs.VERSION || '0.1.0' }}
## 📦 Available Packages
### 🐧 Linux (Debian/Ubuntu)
**Format**: .deb packages
**Installation**:
\`\`\`bash
# Download and install CLI
wget https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli_0.1.0_all.deb
sudo dpkg -i aitbc-cli_0.1.0_all.deb
# Download and install all services
wget https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-all-services_0.1.0_all.deb
sudo dpkg -i aitbc-all-services_0.1.0_all.deb
\`\`\`
**Available Packages**:
- \`aitbc-cli_0.1.0_all.deb\` - Command Line Interface
- \`aitbc-node-service_0.1.0_all.deb\` - Blockchain Node
- \`aitbc-coordinator-service_0.1.0_all.deb\` - Coordinator API
- \`aitbc-miner-service_0.1.0_all.deb\` - GPU Miner
- \`aitbc-marketplace-service_0.1.0_all.deb\` - GPU Marketplace
- \`aitbc-explorer-service_0.1.0_all.deb\` - Block Explorer
- \`aitbc-wallet-service_0.1.0_all.deb\` - Wallet Service
- \`aitbc-multimodal-service_0.1.0_all.deb\` - Multimodal AI
- \`aitbc-all-services_0.1.0_all.deb\` - Complete Stack
### 🍎 macOS (Apple Silicon)
**Format**: .pkg packages
**Installation**:
\`\`\`bash
# Download and install CLI
curl -L https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/install-macos-complete.sh | bash
# Or download individual package
curl -L https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/aitbc-cli-0.1.0-apple-silicon.pkg -o aitbc-cli.pkg
sudo installer -pkg aitbc-cli.pkg -target /
\`\`\`
**Available Packages**:
- \`aitbc-cli-0.1.0-apple-silicon.pkg\` - Command Line Interface
- \`aitbc-node-service-0.1.0-apple-silicon.pkg\` - Blockchain Node
- \`aitbc-coordinator-service-0.1.0-apple-silicon.pkg\` - Coordinator API
- \`aitbc-miner-service-0.1.0-apple-silicon.pkg\` - GPU Miner
- \`aitbc-marketplace-service-0.1.0-apple-silicon.pkg\` - GPU Marketplace
- \`aitbc-explorer-service-0.1.0-apple-silicon.pkg\` - Block Explorer
- \`aitbc-wallet-service-0.1.0-apple-silicon.pkg\` - Wallet Service
- \`aitbc-multimodal-service-0.1.0-apple-silicon.pkg\` - Multimodal AI
- \`aitbc-all-services-0.1.0-apple-silicon.pkg\` - Complete Stack
## 🔧 Universal Installer
\`\`\`bash
# Linux
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
# macOS
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install-macos.sh | bash
\`\`\`
## ✅ Verification
All packages are cryptographically verified with SHA256 checksums.
## 📚 Documentation
- [Installation Guide](https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/README.md)
- [Package Manifests](https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION || '0.1.0' }}/manifest.json)
---
**Platform Support**: Linux (amd64/arm64), macOS (Apple Silicon)
**Package Formats**: .deb (Debian), .pkg (macOS)
**Installation Methods**: Direct download, universal installers
EOF
- name: Update GitHub Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
with:
body_path: release_notes.md
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-package-index:
runs-on: ubuntu-latest
needs: [publish-debian-packages, publish-macos-packages, create-universal-release]
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Update package index
run: |
cat > packages/github/NATIVE_PACKAGES_GUIDE.md << EOF
# AITBC Native Packages Guide
## 📦 Available Native Packages
Your AITBC native packages are published as GitHub Releases and available at:
https://github.com/${{ github.repository }}/releases
## 🐧 Linux Packages (Debian/Ubuntu)
### Installation
\`\`\`bash
# Method 1: Direct download
wget https://github.com/${{ github.repository }}/releases/download/v0.1.0/aitbc-cli_0.1.0_all.deb
sudo dpkg -i aitbc-cli_0.1.0_all.deb
# Method 2: Universal installer
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
\`\`\`
### Available Packages
| Package | Size | Description |
|---------|------|-------------|
| aitbc-cli_0.1.0_all.deb | ~132KB | Command Line Interface |
| aitbc-node-service_0.1.0_all.deb | ~8KB | Blockchain Node |
| aitbc-coordinator-service_0.1.0_all.deb | ~8KB | Coordinator API |
| aitbc-miner-service_0.1.0_all.deb | ~8KB | GPU Miner |
| aitbc-marketplace-service_0.1.0_all.deb | ~8KB | GPU Marketplace |
| aitbc-explorer-service_0.1.0_all.deb | ~8KB | Block Explorer |
| aitbc-wallet-service_0.1.0_all.deb | ~8KB | Wallet Service |
| aitbc-multimodal-service_0.1.0_all.deb | ~8KB | Multimodal AI |
| aitbc-all-services_0.1.0_all.deb | ~8KB | Complete Stack |
## 🍎 macOS Packages (Apple Silicon)
### Installation
\`\`\`bash
# Method 1: Direct download
curl -L https://github.com/${{ github.repository }}/releases/download/v0.1.0/aitbc-cli-0.1.0-apple-silicon.pkg -o aitbc-cli.pkg
sudo installer -pkg aitbc-cli.pkg -target /
# Method 2: Universal installer
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install-macos.sh | bash
\`\`\`
### Available Packages
| Package | Size | Description |
|---------|------|-------------|
| aitbc-cli-0.1.0-apple-silicon.pkg | ~4.6KB | Command Line Interface |
| aitbc-node-service-0.1.0-apple-silicon.pkg | ~2.5KB | Blockchain Node |
| aitbc-coordinator-service-0.1.0-apple-silicon.pkg | ~2.5KB | Coordinator API |
| aitbc-miner-service-0.1.0-apple-silicon.pkg | ~2.4KB | GPU Miner |
| aitbc-marketplace-service-0.1.0-apple-silicon.pkg | ~2.4KB | GPU Marketplace |
| aitbc-explorer-service-0.1.0-apple-silicon.pkg | ~2.4KB | Block Explorer |
| aitbc-wallet-service-0.1.0-apple-silicon.pkg | ~2.4KB | Wallet Service |
| aitbc-multimodal-service-0.1.0-apple-silicon.pkg | ~2.4KB | Multimodal AI |
| aitbc-all-services-0.1.0-apple-silicon.pkg | ~2.4KB | Complete Stack |
## 🔧 Package Verification
All packages include SHA256 checksums for verification:
\`\`\`bash
# Verify Debian packages
sha256sum -c checksums.txt
# Verify macOS packages
shasum -a 256 -c checksums.txt
\`\`\`
## 📋 Package Status
- ✅ **Built**: All packages built and tested
- ✅ **Verified**: Checksums validated
- ✅ **Published**: Available in GitHub Releases
- ✅ **Documented**: Installation guides available
## 🚀 Quick Start
### Linux
\`\`\`bash
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
aitbc --version
\`\`\`
### macOS
\`\`\`bash
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install-macos.sh | bash
aitbc --version
\`\`\`
---
*Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")*
*View releases: https://github.com/${{ github.repository }}/releases*
EOF
- name: Commit and push changes
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add packages/github/NATIVE_PACKAGES_GUIDE.md
git diff --staged --quiet || git commit -m "Add native packages guide for version ${{ steps.version.outputs.VERSION || '0.1.0' }}"
git push
workflow:
disable: true

71
.github/workflows/publish-npm-packages.yml vendored
View File

@@ -1,71 +0,0 @@
name: Publish NPM Packages
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
package:
description: 'Package to publish (aitbc-sdk or all)'
required: true
default: 'aitbc-sdk'
dry_run:
description: 'Dry run (build only, no publish)'
required: false
default: false
type: boolean
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
- name: Install dependencies
run: |
cd packages/js/aitbc-sdk
npm ci
- name: Run tests
run: |
cd packages/js/aitbc-sdk
npm test
- name: Build package
run: |
cd packages/js/aitbc-sdk
npm run build
- name: Check package
run: |
cd packages/js/aitbc-sdk
npm pack --dry-run
- name: Publish to NPM
if: ${{ github.event.inputs.dry_run != 'true' }}
run: |
cd packages/js/aitbc-sdk
npm publish --access public --provenance
- name: Dry run - check only
if: ${{ github.event.inputs.dry_run == 'true' }}
run: |
cd packages/js/aitbc-sdk
echo "Dry run complete - package built and checked but not published"
npm pack --dry-run
workflow:
disable: true

461
.github/workflows/publish-packages-to-registry.yml vendored
View File

@@ -1,461 +0,0 @@
name: Publish Packages to GitHub Packages Registry
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
publish_debian:
description: 'Publish Debian packages to Container Registry'
required: false
default: 'true'
publish_macos:
description: 'Publish macOS packages to NPM registry'
required: false
default: 'true'
jobs:
publish-debian-containers:
runs-on: ubuntu-latest
if: github.event.inputs.publish_debian != 'false'
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Publish CLI package
run: |
cd packages/github/packages/debian-packages
# Create CLI Dockerfile
cat > Dockerfile.cli << 'EOF'
FROM debian:trixie-slim
LABEL maintainer="AITBC Team"
LABEL version="0.1.0"
LABEL description="AITBC CLI package"
# Install dependencies
RUN apt-get update && apt-get install -y \
python3.13 \
python3-pip \
python3-venv \
curl \
&& rm -rf /var/lib/apt/lists/*
# Copy and install CLI package
COPY aitbc-cli_0.1.0_all.deb /tmp/
RUN dpkg -i /tmp/aitbc-cli_0.1.0_all.deb || true && \
apt-get install -f -y && \
rm /tmp/aitbc-cli_0.1.0_all.deb
# Create symlink for easier access
RUN ln -sf /usr/bin/aitbc /usr/local/bin/aitbc
ENTRYPOINT ["/usr/bin/aitbc"]
CMD ["--help"]
EOF
# Build and push CLI image
docker buildx build \
-f Dockerfile.cli \
--platform linux/amd64,linux/arm64 \
--tag ghcr.io/${{ github.repository }}/aitbc-cli:${{ steps.version.outputs.VERSION || '0.1.0' }} \
--tag ghcr.io/${{ github.repository }}/aitbc-cli:latest \
--push \
.
- name: Publish service packages
run: |
cd packages/github/packages/debian-packages
# Service packages
services=("node" "coordinator" "miner" "marketplace" "explorer" "wallet" "multimodal" "all-services")
for service in "${services[@]}"; do
package_file="aitbc-${service}-service_0.1.0_all.deb"
if [[ -f "$package_file" ]]; then
echo "Publishing $service service..."
# Create service Dockerfile
cat > Dockerfile.service << EOF
FROM debian:trixie-slim
LABEL maintainer="AITBC Team"
LABEL version="0.1.0"
LABEL description="AITBC ${service} service"
LABEL service="${service}"
# Install dependencies
RUN apt-get update && apt-get install -y \
python3.13 \
python3-pip \
systemd \
&& rm -rf /var/lib/apt/lists/*
# Copy and install service package
COPY ${package_file} /tmp/
RUN dpkg -i /tmp/${package_file} || true && \
apt-get install -f -y && \
rm /tmp/${package_file}
# Expose service port (if applicable)
EOF
# Add service-specific port exposures
case $service in
"node")
echo "EXPOSE 8082" >> Dockerfile.service
echo "CMD [\"systemctl\", \"start\", \"aitbc-node\"]" >> Dockerfile.service
;;
"coordinator")
echo "EXPOSE 8000" >> Dockerfile.service
echo "CMD [\"systemctl\", \"start\", \"aitbc-coordinator\"]" >> Dockerfile.service
;;
"marketplace")
echo "EXPOSE 3000" >> Dockerfile.service
echo "CMD [\"systemctl\", \"start\", \"aitbc-marketplace\"]" >> Dockerfile.service
;;
"explorer")
echo "EXPOSE 3001" >> Dockerfile.service
echo "CMD [\"systemctl\", \"start\", \"aitbc-explorer\"]" >> Dockerfile.service
;;
*)
echo "CMD [\"systemctl\", \"start\", \"aitbc-${service}\"]" >> Dockerfile.service
;;
esac
# Build and push service image
docker buildx build \
-f Dockerfile.service \
--platform linux/amd64,linux/arm64 \
--tag ghcr.io/${{ github.repository }}/aitbc-${service}-service:${{ steps.version.outputs.VERSION || '0.1.0' }} \
--tag ghcr.io/${{ github.repository }}/aitbc-${service}-service:latest \
--push \
.
else
echo "Warning: $package_file not found, skipping $service service"
fi
done
publish-macos-packages:
runs-on: ubuntu-latest
if: github.event.inputs.publish_macos != 'false'
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://npm.pkg.github.com'
- name: Create macOS package
run: |
cd packages/github/packages/macos-packages
# Create package.json for macOS CLI
cat > package.json << EOF
{
"name": "@aitbc/cli-macos",
"version": "${{ steps.version.outputs.VERSION || '0.1.0' }}",
"description": "AITBC CLI for macOS Apple Silicon",
"main": "aitbc-cli-0.1.0-apple-silicon.pkg",
"files": [
"aitbc-cli-0.1.0-apple-silicon.pkg",
"install-macos-complete.sh",
"install-macos-apple-silicon.sh"
],
"scripts": {
"install": "bash install-macos-complete.sh",
"install-silicon": "bash install-macos-apple-silicon.sh"
},
"repository": {
"type": "git",
"url": "https://github.com/${{ github.repository }}.git"
},
"author": "AITBC Team",
"license": "MIT",
"keywords": ["aitbc", "cli", "macos", "apple-silicon", "blockchain"],
"engines": {
"node": ">=16"
},
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}
EOF
- name: Publish to GitHub Packages
run: |
cd packages/github/packages/macos-packages
npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create macOS services package
run: |
cd packages/github/packages/macos-packages
# Create package.json for macOS services
cat > package-services.json << EOF
{
"name": "@aitbc/services-macos",
"version": "${{ steps.version.outputs.VERSION || '0.1.0' }}",
"description": "AITBC Services for macOS Apple Silicon",
"main": "install-macos-services.sh",
"files": [
"aitbc-*-service-0.1.0-apple-silicon.pkg",
"install-macos-services.sh"
],
"scripts": {
"install": "bash install-macos-services.sh"
},
"repository": {
"type": "git",
"url": "https://github.com/${{ github.repository }}.git"
},
"author": "AITBC Team",
"license": "MIT",
"keywords": ["aitbc", "services", "macos", "apple-silicon", "blockchain"],
"engines": {
"node": ">=16"
},
"publishConfig": {
"registry": "https://npm.pkg.github.com"
}
}
EOF
- name: Publish services to GitHub Packages
run: |
cd packages/github/packages/macos-packages
cp package-services.json package.json
npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
create-package-release:
runs-on: ubuntu-latest
needs: [publish-debian-containers, publish-macos-packages]
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract version
id: version
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
- name: Create release notes
run: |
cat > release_notes.md << EOF
# AITBC Packages v${{ steps.version.outputs.VERSION || '0.1.0' }}
## 📦 Published Packages
### Container Registry (ghcr.io)
#### CLI Package
- **Image**: \`ghcr.io/${{ github.repository }}/aitbc-cli:latest\`
- **Platforms**: linux/amd64, linux/arm64
- **Pull**: \`docker pull ghcr.io/${{ github.repository }}/aitbc-cli:latest\`
#### Service Packages
- **Node Service**: \`ghcr.io/${{ github.repository }}/aitbc-node-service:latest\`
- **Coordinator Service**: \`ghcr.io/${{ github.repository }}/aitbc-coordinator-service:latest\`
- **Miner Service**: \`ghcr.io/${{ github.repository }}/aitbc-miner-service:latest\`
- **Marketplace Service**: \`ghcr.io/${{ github.repository }}/aitbc-marketplace-service:latest\`
- **Explorer Service**: \`ghcr.io/${{ github.repository }}/aitbc-explorer-service:latest\`
- **Wallet Service**: \`ghcr.io/${{ github.repository }}/aitbc-wallet-service:latest\`
- **Multimodal Service**: \`ghcr.io/${{ github.repository }}/aitbc-multimodal-service:latest\`
- **All Services**: \`ghcr.io/${{ github.repository }}/aitbc-all-services:latest\`
### NPM Registry (npm.pkg.github.com)
#### macOS CLI Package
- **Package**: \`@aitbc/cli-macos@${{ steps.version.outputs.VERSION || '0.1.0' }}\`
- **Install**: \`npm install @aitbc/cli-macos@${{ steps.version.outputs.VERSION || '0.1.0' }}\`
#### macOS Services Package
- **Package**: \`@aitbc/services-macos@${{ steps.version.outputs.VERSION || '0.1.0' }}\`
- **Install**: \`npm install @aitbc/services-macos@${{ steps.version.outputs.VERSION || '0.1.0' }}\`
## 🚀 Installation
### Linux (Docker)
\`\`\`bash
# CLI only
docker run --rm -it ghcr.io/${{ github.repository }}/aitbc-cli:latest --help
# Full stack
docker-compose -f https://raw.githubusercontent.com/${{ github.repository }}/main/docker-compose.yml up
\`\`\`
### macOS (NPM)
\`\`\`bash
# CLI only
npm install @aitbc/cli-macos@${{ steps.version.outputs.VERSION || '0.1.0' }}
npx @aitbc/cli-macos install
# Services
npm install @aitbc/services-macos@${{ steps.version.outputs.VERSION || '0.1.0' }}
npx @aitbc/services-macos install
\`\`\`
### Universal Installer
\`\`\`bash
curl -fsSL https://raw.githubusercontent.com/${{ github.repository }}/main/packages/github/install.sh | bash
\`\`\`
---
*View all packages at: https://github.com/${{ github.repository }}/packages*
EOF
- name: Create GitHub Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
with:
body_path: release_notes.md
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-package-index:
runs-on: ubuntu-latest
needs: [publish-debian-containers, publish-macos-packages]
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update package index
run: |
cat > packages/github/PACKAGES_REGISTRY_GUIDE.md << EOF
# AITBC GitHub Packages Registry Guide
## 📦 Available Packages
Your AITBC packages are now published to GitHub Packages registry and available at:
https://github.com/${{ github.repository }}/packages
## 🐳 Container Registry (ghcr.io)
### CLI Package
\`\`\`bash
docker pull ghcr.io/${{ github.repository }}/aitbc-cli:latest
docker run --rm -it ghcr.io/${{ github.repository }}/aitbc-cli:latest --help
\`\`\`
### Service Packages
\`\`\`bash
# Individual services
docker pull ghcr.io/${{ github.repository }}/aitbc-node-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-coordinator-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-miner-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-marketplace-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-explorer-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-wallet-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-multimodal-service:latest
docker pull ghcr.io/${{ github.repository }}/aitbc-all-services:latest
\`\`\`
## 📦 NPM Registry (npm.pkg.github.com)
### macOS Packages
\`\`\`bash
# Set up GitHub Packages registry
npm config set @aitbc:registry https://npm.pkg.github.com
npm config set //npm.pkg.github.com/:_authToken=YOUR_GITHUB_TOKEN
# Install CLI
npm install @aitbc/cli-macos@latest
npx @aitbc/cli-macos install
# Install Services
npm install @aitbc/services-macos@latest
npx @aitbc/services-macos install
\`\`\`
## 🔧 Authentication
### For Container Registry
\`\`\`bash
# Login to GitHub Container Registry
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
\`\`\`
### For NPM Registry
\`\`\`bash
# Create a personal access token with 'read:packages' scope
# Set up npm authentication
npm config set //npm.pkg.github.com/:_authToken=YOUR_PERSONAL_ACCESS_TOKEN
\`\`\`
## 📋 Package List
### Container Images
| Package | Registry | Platforms | Description |
|---------|----------|-----------|-------------|
| \`aitbc-cli\` | ghcr.io | linux/amd64, linux/arm64 | Main CLI tool |
| \`aitbc-node-service\` | ghcr.io | linux/amd64, linux/arm64 | Blockchain node |
| \`aitbc-coordinator-service\` | ghcr.io | linux/amd64, linux/arm64 | Coordinator API |
| \`aitbc-miner-service\` | ghcr.io | linux/amd64, linux/arm64 | GPU miner |
| \`aitbc-marketplace-service\` | ghcr.io | linux/amd64, linux/arm64 | GPU marketplace |
| \`aitbc-explorer-service\` | ghcr.io | linux/amd64, linux/arm64 | Block explorer |
| \`aitbc-wallet-service\` | ghcr.io | linux/amd64, linux/arm64 | Wallet service |
| \`aitbc-multimodal-service\` | ghcr.io | linux/amd64, linux/arm64 | Multimodal AI |
| \`aitbc-all-services\` | ghcr.io | linux/amd64, linux/arm64 | Complete stack |
### NPM Packages
| Package | Registry | Platform | Description |
|---------|----------|----------|-------------|
| \`@aitbc/cli-macos\` | npm.pkg.github.com | macOS | CLI for Apple Silicon |
| \`@aitbc/services-macos\` | npm.pkg.github.com | macOS | Services for Apple Silicon |
---
*Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")*
*View packages: https://github.com/${{ github.repository }}/packages*
EOF
- name: Commit and push changes
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add packages/github/PACKAGES_REGISTRY_GUIDE.md
git diff --staged --quiet || git commit -m "Add GitHub Packages registry guide"
git push
workflow:
disable: true

216
.github/workflows/publish-packages.yml vendored
View File

@@ -1,216 +0,0 @@
name: Publish Packages to GitHub Packages
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+' # Strict version pattern only
workflow_dispatch:
inputs:
version:
description: 'Version to publish (e.g., 1.0.0)'
required: true
default: '1.0.0'
confirm_release:
description: 'Type "release" to confirm'
required: true
jobs:
security-validation:
runs-on: ubuntu-latest
outputs:
should_publish: ${{ steps.validation.outputs.should_publish }}
version: ${{ steps.validation.outputs.version }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Validate Release Request
id: validation
run: |
# Extract version from tag or input
if [[ "${{ github.ref_type }}" == "tag" ]]; then
VERSION="${{ github.ref_name }}"
VERSION="${VERSION#v}" # Remove 'v' prefix
else
VERSION="${{ github.event.inputs.version }}"
CONFIRM="${{ github.event.inputs.confirm_release }}"
# Validate manual confirmation
if [[ "$CONFIRM" != "release" ]]; then
echo "❌ Manual confirmation failed"
echo "should_publish=false" >> $GITHUB_OUTPUT
exit 1
fi
fi
# Validate version format
if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "❌ Invalid version format: $VERSION"
echo "should_publish=false" >> $GITHUB_OUTPUT
exit 1
fi
# Check if this is a new version (not already published)
echo "✅ Version validation passed: $VERSION"
echo "should_publish=true" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_OUTPUT
request-approval:
runs-on: ubuntu-latest
needs: security-validation
if: needs.security-validation.outputs.should_publish == 'true'
steps:
- name: Request Manual Approval
uses: trstringer/manual-approval@v1
with:
secret: ${{ github.TOKEN }}
approvers: security-team,release-managers
minimum-approvals: 2
issue-title: "🚀 Release v${{ needs.security-validation.outputs.version }} Approval Required"
issue-body: |
## 📦 Package Release Request
**Version**: v${{ needs.security-validation.outputs.version }}
**Triggered by**: ${{ github.actor }}
**Commit**: ${{ github.sha }}
### 🔍 Security Checks
- ✅ Version format validated
- ✅ Release confirmation received
- ✅ Security scan passed (if applicable)
### 📋 Packages to Publish
- aitbc-agent-sdk (Python)
- explorer-web (Node.js)
---
**Approve this issue to allow the release to proceed.**
**Reject this issue to block the release.**
publish-agent-sdk:
runs-on: ubuntu-latest
needs: [security-validation, request-approval]
if: needs.security-validation.outputs.should_publish == 'true'
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python 3.13
uses: actions/setup-python@v4
with:
python-version: '3.13'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build package
run: |
cd packages/py/aitbc-agent-sdk
python -m build
- name: Security Scan Package
run: |
echo "🔒 Scanning package for security issues..."
cd packages/py/aitbc-agent-sdk
# Check for hardcoded secrets
if grep -r "password\|secret\|key\|token" --include="*.py" . | grep -v "__pycache__"; then
echo "❌ Potential secrets found in package"
exit 1
fi
echo "✅ Package security scan passed"
- name: Publish to GitHub Packages
run: |
echo "🚀 Publishing aitbc-agent-sdk v${{ needs.security-validation.outputs.version }}"
cd packages/py/aitbc-agent-sdk
# Use dedicated token if available, otherwise fallback to GitHub token
TOKEN="${{ secrets.PYPI_TOKEN || secrets.GITHUB_TOKEN }}"
python -m twine upload --repository-url https://npm.pkg.github.com/:_authToken=$TOKEN dist/*
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME || github.actor }}
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN || secrets.GITHUB_TOKEN }}
publish-explorer-web:
runs-on: ubuntu-latest
needs: [security-validation, request-approval]
if: needs.security-validation.outputs.should_publish == 'true'
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://npm.pkg.github.com'
- name: Install dependencies
run: |
cd apps/explorer-web
npm ci
- name: Build package
run: |
cd apps/explorer-web
npm run build
- name: Security Scan Package
run: |
echo "🔒 Scanning package for security issues..."
cd apps/explorer-web
# Check for hardcoded secrets
if grep -r "password\|secret\|key\|token" --include="*.js" --include="*.json" . | grep -v "node_modules"; then
echo "❌ Potential secrets found in package"
exit 1
fi
echo "✅ Package security scan passed"
- name: Publish to GitHub Packages
run: |
echo "🚀 Publishing explorer-web v${{ needs.security-validation.outputs.version }}"
cd apps/explorer-web
npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN || secrets.GITHUB_TOKEN }}
release-notification:
runs-on: ubuntu-latest
needs: [security-validation, publish-agent-sdk, publish-explorer-web]
if: always() && needs.security-validation.outputs.should_publish == 'true'
steps:
- name: Notify Release Success
run: |
echo "🎉 Release v${{ needs.security-validation.outputs.version }} completed successfully!"
echo "📦 Published packages:"
echo " - aitbc-agent-sdk (Python)"
echo " - explorer-web (Node.js)"
# Create release notification
echo "## 🚀 Release v${{ needs.security-validation.outputs.version }} Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### ✅ Successfully Published" >> $GITHUB_STEP_SUMMARY
echo "- aitbc-agent-sdk (Python package)" >> $GITHUB_STEP_SUMMARY
echo "- explorer-web (Node.js package)" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### 🔒 Security Checks Passed" >> $GITHUB_STEP_SUMMARY
echo "- Version format validated" >> $GITHUB_STEP_SUMMARY
echo "- Manual approval received" >> $GITHUB_STEP_SUMMARY
echo "- Package security scans passed" >> $GITHUB_STEP_SUMMARY
echo "- Dedicated publishing tokens used" >> $GITHUB_STEP_SUMMARY
workflow:
disable: true

75
.github/workflows/publish-python-packages.yml vendored
View File

@@ -1,75 +0,0 @@
name: Publish Python Packages
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
package:
description: 'Package to publish (aitbc-sdk, aitbc-crypto, or all)'
required: true
default: 'all'
dry_run:
description: 'Dry run (build only, no publish)'
required: false
default: false
type: boolean
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install build dependencies
run: |
python -m pip install --upgrade pip
pip install build twine
- name: Build aitbc-crypto
if: ${{ github.event.inputs.package == 'all' || github.event.inputs.package == 'aitbc-crypto' }}
run: |
cd packages/py/aitbc-crypto
python -m build
- name: Build aitbc-sdk
if: ${{ github.event.inputs.package == 'all' || github.event.inputs.package == 'aitbc-sdk' }}
run: |
cd packages/py/aitbc-sdk
python -m build
- name: Check packages
run: |
for dist in packages/py/*/dist/*; do
echo "Checking $dist"
python -m twine check "$dist"
done
- name: Publish to PyPI
if: ${{ github.event.inputs.dry_run != 'true' }}
run: |
for dist in packages/py/*/dist/*; do
echo "Publishing $dist"
python -m twine upload --skip-existing "$dist" || true
done
- name: Dry run - check only
if: ${{ github.event.inputs.dry_run == 'true' }}
run: |
echo "Dry run complete - packages built and checked but not published"
ls -la packages/py/*/dist/
workflow:
disable: true

36
.github/workflows/python-ci.yml vendored
View File

@@ -1,36 +0,0 @@
name: Python CI
on:
push:
branches: ["**"]
pull_request:
branches: ["**"]
jobs:
lint-and-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
- name: Install Poetry
run: python -m pip install --upgrade pip poetry
- name: Install dependencies
run: |
poetry config virtualenvs.create false
poetry install --no-interaction --no-ansi
- name: Lint (ruff)
run: poetry run ruff check .
- name: Test (pytest)
run: poetry run pytest
workflow:
disable: true

348
.github/workflows/security-scanning.yml vendored
View File

@@ -1,348 +0,0 @@
name: Security Scanning
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
schedule:
# Run security scan daily at 2 AM UTC
- cron: '0 2 * * *'
jobs:
# Python Security Scanning with Bandit
bandit-security-scan:
runs-on: ubuntu-latest
name: Bandit Security Scan
strategy:
matrix:
# Define directories to scan
directory:
- "apps/coordinator-api/src"
- "cli/aitbc_cli"
- "packages/py/aitbc-core/src"
- "packages/py/aitbc-crypto/src"
- "packages/py/aitbc-sdk/src"
- "tests"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install bandit[toml] safety
# Install project dependencies for context
if [ -f "${{ matrix.directory }}/requirements.txt" ]; then
pip install -r "${{ matrix.directory }}/requirements.txt" 2>/dev/null || true
fi
if [ -f "pyproject.toml" ]; then
pip install -e . 2>/dev/null || true
fi
- name: Run Bandit security scan
run: |
echo "Scanning directory: ${{ matrix.directory }}"
bandit -r ${{ matrix.directory }} \
-f json \
-o bandit-report-${{ matrix.directory }}.json \
--severity-level medium \
--confidence-level medium || true
# Also generate human-readable report
bandit -r ${{ matrix.directory }} \
-f txt \
-o bandit-report-${{ matrix.directory }}.txt \
--severity-level medium \
--confidence-level medium || true
- name: Run Safety check for known vulnerabilities
run: |
echo "Running Safety check for known vulnerabilities..."
safety check --json --output safety-report.json || true
safety check || true
- name: Upload Bandit reports
uses: actions/upload-artifact@v3
if: always()
with:
name: bandit-reports-${{ matrix.directory }}
path: |
bandit-report-${{ matrix.directory }}.json
bandit-report-${{ matrix.directory }}.txt
retention-days: 30
- name: Upload Safety report
uses: actions/upload-artifact@v3
if: always()
with:
name: safety-report
path: safety-report.json
retention-days: 30
- name: Comment PR with security findings
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const path = require('path');
try {
const reportPath = `bandit-report-${{ matrix.directory }}.txt`;
if (fs.existsSync(reportPath)) {
const report = fs.readFileSync(reportPath, 'utf8');
// Create summary
const lines = report.split('\n');
const issues = lines.filter(line => line.includes('Issue:')).length;
const comment = `## 🔒 Security Scan Results for \`${{ matrix.directory }}\`
**Bandit Security Scan**
- Issues found: ${issues}
- Severity: Medium and above
- Confidence: Medium and above
<details>
<summary>📋 Detailed Report</summary>
\`\`\`
${report}
\`\`\`
</details>
---
*This security scan was automatically generated by Bandit.*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
}
} catch (error) {
console.log('Could not read security report:', error.message);
}
# CodeQL Security Analysis
codeql-security-scan:
runs-on: ubuntu-latest
name: CodeQL Security Analysis
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'python', 'javascript' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: security-extended,security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
# Dependency Security Scanning
dependency-security-scan:
runs-on: ubuntu-latest
name: Dependency Security Scan
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Run dependency security scan
run: |
python -m pip install --upgrade pip
pip install safety
# Check for known vulnerabilities in dependencies
echo "Scanning Python dependencies..."
safety check --json --output python-safety-report.json || true
safety check || true
# Check npm dependencies if they exist
if [ -f "apps/explorer-web/package.json" ]; then
echo "Scanning npm dependencies..."
cd apps/explorer-web
npm audit --json > ../npm-audit-report.json 2>&1 || true
npm audit || true
cd ../..
fi
if [ -f "website/package.json" ]; then
echo "Scanning website npm dependencies..."
cd website
npm audit --json > ../website-npm-audit-report.json 2>&1 || true
npm audit || true
cd ../..
fi
- name: Upload dependency security reports
uses: actions/upload-artifact@v3
if: always()
with:
name: dependency-security-reports
path: |
python-safety-report.json
npm-audit-report.json
website-npm-audit-report.json
retention-days: 30
# Container Security Scanning (if Docker is used)
container-security-scan:
runs-on: ubuntu-latest
name: Container Security Scan
if: contains(github.event.head_commit.modified, 'Dockerfile') || contains(github.event.head_commit.modified, 'docker-compose')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/${{ github.repository }}:latest'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'
# Security Scorecard
security-scorecard:
runs-on: ubuntu-latest
name: OSSF Scorecard
permissions:
security-events: write
actions: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Run analysis
uses: ossf/scorecard-action@v2.3.1
with:
results_file: results.sarif
results_format: sarif
# Note: Running without repo_token for local analysis only
- name: Upload SARIF to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
# Security Summary Report
security-summary:
runs-on: ubuntu-latest
name: Security Summary Report
needs: [bandit-security-scan, codeql-security-scan, dependency-security-scan]
if: always()
steps:
- name: Download all artifacts
uses: actions/download-artifact@v3
- name: Generate security summary
run: |
echo "# 🔒 Security Scan Summary" > security-summary.md
echo "" >> security-summary.md
echo "## Scan Results" >> security-summary.md
echo "" >> security-summary.md
# Bandit results
echo "### Bandit Security Scan" >> security-summary.md
echo "- Scanned multiple Python directories" >> security-summary.md
echo "- Severity level: Medium and above" >> security-summary.md
echo "- Confidence level: Medium and above" >> security-summary.md
echo "" >> security-summary.md
# CodeQL results
echo "### CodeQL Security Analysis" >> security-summary.md
echo "- Languages: Python, JavaScript" >> security-summary.md
echo "- Queries: security-extended, security-and-quality" >> security-summary.md
echo "" >> security-summary.md
# Dependency results
echo "### Dependency Security Scan" >> security-summary.md
echo "- Python dependencies checked with Safety" >> security-summary.md
echo "- npm dependencies checked with npm audit" >> security-summary.md
echo "" >> security-summary.md
# Additional info
echo "### Additional Information" >> security-summary.md
echo "- Scans run on: $(date)" >> security-summary.md
echo "- Commit: ${{ github.sha }}" >> security-summary.md
echo "- Branch: ${{ github.ref_name }}" >> security-summary.md
echo "" >> security-summary.md
echo "## Recommendations" >> security-summary.md
echo "1. Review any high-severity findings immediately" >> security-summary.md
echo "2. Update dependencies with known vulnerabilities" >> security-summary.md
echo "3. Address security best practices recommendations" >> security-summary.md
echo "4. Regular security audits and penetration testing" >> security-summary.md
- name: Upload security summary
uses: actions/upload-artifact@v3
with:
name: security-summary
path: security-summary.md
retention-days: 90
- name: Comment PR with security summary
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
try {
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
} catch (error) {
console.log('Could not read security summary:', error.message);
}
workflow:
disable: true