Skip to content

qzkp v1.0.0

qzkp v1.0.0 #1

Workflow file for this run

name: Quantum ZKP CI/CD
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
release:
types: [ published ]
env:
GO_VERSION: '1.24'
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# Code quality and security checks
lint-and-security:
name: Lint and Security Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install dependencies
run: |
go mod download
go mod verify
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: latest
working-directory: quantumzkp
args: --timeout=5m
- name: Run gosec security scanner
uses: securecodewarrior/github-action-gosec@master
with:
args: '-fmt sarif -out gosec.sarif ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: gosec.sarif
# Comprehensive testing
test:
name: Test Suite
runs-on: ubuntu-latest
strategy:
matrix:
go-version: ['1.23', '1.24']
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go ${{ matrix.go-version }}
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
run: |
go mod download
- name: Run tests
run: |
go test -v -race -coverprofile=coverage.out ./...
- name: Run scientific paper validation tests
run: |
go test -v -run TestScientificPaperClaims
- name: Generate coverage report
run: |
go tool cover -html=coverage.out -o coverage.html
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.out
flags: unittests
name: codecov-umbrella
- name: Upload coverage artifacts
uses: actions/upload-artifact@v4
with:
name: coverage-report-go${{ matrix.go-version }}
path: |
coverage.out
coverage.html
# Performance benchmarking
benchmark:
name: Performance Benchmarks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Run benchmarks
run: |
go test -bench=. -benchmem -run=^$ > benchmark.txt
- name: Upload benchmark results
uses: actions/upload-artifact@v4
with:
name: benchmark-results
path: benchmark.txt
# Security vulnerability scanning
security-scan:
name: Security Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
# Build and test Docker image
docker-build:
name: Docker Build and Test
runs-on: ubuntu-latest
needs: [test, lint-and-security]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: quantum-zkp:test
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Test Docker image
run: |
docker run --rm quantum-zkp:test help
docker run --rm quantum-zkp:test demo
# Build and push Docker image (on release)
docker-release:
name: Docker Release
runs-on: ubuntu-latest
needs: [test, lint-and-security, docker-build]
if: github.event_name == 'release'
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Documentation deployment
docs-deploy:
name: Deploy Documentation
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
needs: [test, lint-and-security]
permissions:
contents: read
pages: write
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Pages
uses: actions/configure-pages@v4
- name: Build documentation site
run: |
mkdir -p docs-site
cp *.md docs-site/
cp *.md docs-site/
echo "# Quantum ZKP Documentation" > docs-site/index.md
echo "" >> docs-site/index.md
echo "## Available Documents" >> docs-site/index.md
echo "- [README](README.md)" >> docs-site/index.md
echo "- [Scientific Paper](SCIENTIFIC_PAPER.md)" >> docs-site/index.md
echo "- [API Documentation](API.md)" >> docs-site/index.md
echo "- [Usage Guide](USAGE_GUIDE.md)" >> docs-site/index.md
echo "- [Security Policy](SECURITY.md)" >> docs-site/index.md
- name: Upload Pages artifact
uses: actions/upload-pages-artifact@v3
with:
path: docs-site
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4