github actions security features #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| env: | |
| GO_VERSION: '1.24' | |
| jobs: | |
| # Create GitHub release with binaries | |
| release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| - name: Install dependencies | |
| run: | | |
| go mod download | |
| - name: Run tests | |
| run: | | |
| go test -v ./... | |
| - name: Build binaries | |
| run: | | |
| mkdir -p ../dist | |
| # Build for multiple platforms | |
| GOOS=linux GOARCH=amd64 go build -o ../dist/qzkp-linux-amd64 . | |
| GOOS=linux GOARCH=arm64 go build -o ../dist/qzkp-linux-arm64 . | |
| GOOS=darwin GOARCH=amd64 go build -o ../dist/qzkp-darwin-amd64 . | |
| GOOS=darwin GOARCH=arm64 go build -o ../dist/qzkp-darwin-arm64 . | |
| GOOS=windows GOARCH=amd64 go build -o ../dist/qzkp-windows-amd64.exe . | |
| # Create checksums | |
| cd ../dist | |
| sha256sum * > checksums.txt | |
| - name: Create release archives | |
| run: | | |
| cd dist | |
| # Create tar.gz for Unix systems | |
| tar -czf qzkp-linux-amd64.tar.gz qzkp-linux-amd64 | |
| tar -czf qzkp-linux-arm64.tar.gz qzkp-linux-arm64 | |
| tar -czf qzkp-darwin-amd64.tar.gz qzkp-darwin-amd64 | |
| tar -czf qzkp-darwin-arm64.tar.gz qzkp-darwin-arm64 | |
| # Create zip for Windows | |
| zip qzkp-windows-amd64.zip qzkp-windows-amd64.exe | |
| - name: Generate release notes | |
| run: | | |
| echo "# Quantum ZKP Release ${GITHUB_REF#refs/tags/}" > release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## What's New" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "This release includes:" >> release-notes.md | |
| echo "- Secure quantum zero-knowledge proof implementation" >> release-notes.md | |
| echo "- Post-quantum cryptographic security" >> release-notes.md | |
| echo "- Configurable soundness levels (32-256 bits)" >> release-notes.md | |
| echo "- Comprehensive test suite and documentation" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Security Features" >> release-notes.md | |
| echo "- Zero information leakage (proven through testing)" >> release-notes.md | |
| echo "- NIST post-quantum cryptography standards" >> release-notes.md | |
| echo "- Dilithium digital signatures" >> release-notes.md | |
| echo "- BLAKE3 and SHA-256 cryptographic hashing" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Performance" >> release-notes.md | |
| echo "- Sub-millisecond proof generation" >> release-notes.md | |
| echo "- Proof sizes: 13.5KB (32-bit) to 41.9KB (256-bit)" >> release-notes.md | |
| echo "- Production-ready performance characteristics" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Installation" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "Download the appropriate binary for your platform:" >> release-notes.md | |
| echo "- Linux (x64): \`qzkp-linux-amd64.tar.gz\`" >> release-notes.md | |
| echo "- Linux (ARM64): \`qzkp-linux-arm64.tar.gz\`" >> release-notes.md | |
| echo "- macOS (Intel): \`qzkp-darwin-amd64.tar.gz\`" >> release-notes.md | |
| echo "- macOS (Apple Silicon): \`qzkp-darwin-arm64.tar.gz\`" >> release-notes.md | |
| echo "- Windows (x64): \`qzkp-windows-amd64.zip\`" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Usage" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "\`\`\`bash" >> release-notes.md | |
| echo "# Quick demo" >> release-notes.md | |
| echo "./qzkp demo" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "# Security analysis" >> release-notes.md | |
| echo "./qzkp security" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "# All examples" >> release-notes.md | |
| echo "./qzkp examples" >> release-notes.md | |
| echo "\`\`\`" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Verification" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "Verify the integrity of downloaded files using the provided checksums:" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "\`\`\`bash" >> release-notes.md | |
| echo "sha256sum -c checksums.txt" >> release-notes.md | |
| echo "\`\`\`" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Documentation" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "- [Scientific Paper](https://github.com/hydraresearch/qzkp/blob/main/SCIENTIFIC_PAPER.md)" >> release-notes.md | |
| echo "- [API Documentation](https://github.com/hydraresearch/qzkp/blob/main/API.md)" >> release-notes.md | |
| echo "- [Usage Guide](https://github.com/hydraresearch/qzkp/blob/main/USAGE_GUIDE.md)" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "## Citation" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "If you use this software in academic work, please cite:" >> release-notes.md | |
| echo "" >> release-notes.md | |
| echo "\`\`\`bibtex" >> release-notes.md | |
| echo "@software{cloutier2025qzkp," >> release-notes.md | |
| echo " author = {Nick Cloutier}," >> release-notes.md | |
| echo " title = {Secure Quantum Zero-Knowledge Proofs: Implementation, Analysis, and Optimization}," >> release-notes.md | |
| echo " year = {2025}," >> release-notes.md | |
| echo " url = {https://github.com/hydraresearch/qzkp}," >> release-notes.md | |
| echo " version = {${GITHUB_REF#refs/tags/}}" >> release-notes.md | |
| echo "}" >> release-notes.md | |
| echo "\`\`\`" >> release-notes.md | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| body_path: release-notes.md | |
| files: | | |
| dist/qzkp-*.tar.gz | |
| dist/qzkp-*.zip | |
| dist/checksums.txt | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Update package registries | |
| update-registries: | |
| name: Update Package Registries | |
| runs-on: ubuntu-latest | |
| needs: release | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Update Homebrew formula (placeholder) | |
| run: | | |
| echo "TODO: Update Homebrew formula" | |
| echo "This would typically involve creating a PR to homebrew-core" | |
| echo "or updating a custom tap with the new version and checksums" | |
| - name: Update AUR package (placeholder) | |
| run: | | |
| echo "TODO: Update Arch User Repository package" | |
| echo "This would involve updating the PKGBUILD file" | |
| echo "with new version and checksums" | |
| - name: Notify package maintainers | |
| run: | | |
| echo "Release ${GITHUB_REF#refs/tags/} created successfully" | |
| echo "Package maintainers should be notified to update their packages" |