Qarnot cloud interface

.github/actions/setup-rust/action.yml

@@ -0,0 +1,43 @@
+name: "Setup Rust"
+description: >
+  Install system build dependencies and a stable Rust toolchain.
+  Optionally adds a cross-compilation target. Does not configure cargo cache;
+  callers manage their own cache strategy.
+
+inputs:
+  target:
+    description: "Optional rustup target to add (e.g. x86_64-unknown-linux-musl)."
+    required: false
+    default: ""
+  apt-packages:
+    description: "Space-separated list of apt packages to install."
+    required: false
+    default: "pkg-config libssl-dev protobuf-compiler"
+  sudo:
+    description: >
+      Whether to prefix apt-get calls with sudo. Set to "false" when running
+      inside a container where sudo is unavailable (e.g. rust:bullseye).
+    required: false
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install system dependencies
+      shell: bash
+      run: |
+        if [ "${{ inputs.sudo }}" = "true" ]; then
+          SUDO="sudo"
+        else
+          SUDO=""
+        fi
+        $SUDO apt-get update
+        $SUDO apt-get install -y ${{ inputs.apt-packages }}
+
+    - name: Install Rust toolchain
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Add rustup target
+      if: ${{ inputs.target != '' }}
+      shell: bash
+      run: rustup target add ${{ inputs.target }}

.github/workflows/build.yml

@@ -2,6 +2,13 @@ name: Builds
 on:
   push:
     branches: [main]
+  workflow_dispatch:
+    inputs:
+      artifact-name:
+        description: "Prefix for artifact names (e.g. 'manual-', 'test-rc1-')"
+        required: false
+        default: "manual-"
+        type: string
   workflow_call:
     inputs:
       artifact-name:
@@ -22,6 +29,9 @@ on:
         description: "Man page artifact ID"
         value: ${{ jobs.build-binary-and-package.outputs.man-artifact }}
 
+permissions:
+  contents: read
+
 jobs:
   build-binary-and-package:
     runs-on: ubuntu-latest
@@ -55,11 +65,12 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-cargo-target-
 
-      - name: Install system dependencies
-        run: apt-get update && apt-get install -y protobuf-compiler musl musl-dev musl-tools pkg-config
-
-      - name: Install rustup depencencies
-        run: rustup target add x86_64-unknown-linux-musl
+      - name: Install system dependencies and Rust toolchain
+        uses: ./.github/actions/setup-rust
+        with:
+          target: x86_64-unknown-linux-musl
+          apt-packages: "protobuf-compiler musl musl-dev musl-tools pkg-config"
+          sudo: "false"
 
       - name: Build release binary
         run: cargo build --release --target x86_64-unknown-linux-musl
@@ -68,14 +79,14 @@ jobs:
         uses: actions/upload-artifact@v4
         id: upload-bin
         with:
-          name: ${{ inputs.artifact-name }}compiled-binary
+          name: ${{ inputs.artifact-name || '' }}compiled-binary
           path: target/x86_64-unknown-linux-musl/release/cave
 
       - name: Upload man page
         uses: actions/upload-artifact@v4
         id: upload-man
         with:
-          name: ${{ inputs.artifact-name }}man-page
+          name: ${{ inputs.artifact-name || '' }}man-page
           path: man/cave.1
 
       - name: Cache cargo tools
@@ -94,22 +105,20 @@ jobs:
 
       - name: Build Debian package
         run: cargo deb --target x86_64-unknown-linux-musl
-        continue-on-error: true   # optional
 
       - name: Build RPM package
         run: cargo generate-rpm --target x86_64-unknown-linux-musl
-        continue-on-error: true   # optional
 
       - name: Upload Debian package
         uses: actions/upload-artifact@v4
         id: upload-deb
         with:
-          name: ${{ inputs.artifact-name }}deb-package
+          name: ${{ inputs.artifact-name || '' }}deb-package
           path: target/x86_64-unknown-linux-musl/debian/*
 
       - name: Upload RPM package
         uses: actions/upload-artifact@v4
         id: upload-rpm   
         with:
-          name: ${{ inputs.artifact-name }}rpm-package
+          name: ${{ inputs.artifact-name || '' }}rpm-package
           path: target/x86_64-unknown-linux-musl/generate-rpm/*

.github/workflows/doc.yml

@@ -16,18 +16,11 @@ jobs:
     steps:
 
       - name: "Checkout"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y pkg-config libssl-dev protobuf-compiler
-      - name: Install Rust
-        uses: actions-rs/toolchain@v1
-        with:
-            toolchain: stable
-            override: true
+      - name: Install system dependencies and Rust toolchain
+        uses: ./.github/actions/setup-rust
       - name: build doc
         run: cargo doc --no-deps --release
       - name: add index file

.github/workflows/e2e.yml

@@ -5,6 +5,10 @@ on:
       artifact-id:
         required: true
         type: string
+
+permissions:
+  contents: read
+
 jobs:
   run-e2e-tests:
     runs-on: ubuntu-22.04

.github/workflows/pr.yml

@@ -2,7 +2,10 @@ name: PR Build and Tests
 on:
   pull_request:
     branches: [main]
-    types: [opened, reopened, synchronize, edited]
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
 
 jobs:
   build:

.github/workflows/release.yml

@@ -3,133 +3,113 @@ on:
   push:
     tags:
       - 'v*.*.*'
+      - 'v*.*.*-rc.*'
+      - 'v*.*.*-beta.*'
+      - 'v*.*.*-alpha.*'
       - '[0-9]+.*.*'
+      - '[0-9]+.*.*-rc.*'
+      - '[0-9]+.*.*-beta.*'
+      - '[0-9]+.*.*-alpha.*'
+
+permissions:
+  contents: write
 
 jobs:
   build:
     uses: ./.github/workflows/build.yml
     with:
       artifact-name: release
-  create-release:
-    runs-on: ubuntu-latest
-    outputs:
-      upload_url: ${{ steps.create_release.outputs.upload_url }}
-      version: ${{ steps.version.outputs.version }}
-    steps:
-        - name: Checkout repository
-          uses: actions/checkout@v4
-        - name: Extract version from tag
-          id: version
-          run: |
-            # Extract version from tag (remove 'v' prefix if present)
-            TAG_NAME=${GITHUB_REF#refs/tags/}
-            VERSION=${TAG_NAME#v}
-            echo "version=$VERSION" >> $GITHUB_OUTPUT
-            echo "tag=$TAG_NAME" >> $GITHUB_OUTPUT
-        - name: Verify version matches Cargo.toml
-          run: |
-            sudo apt-get update -y
-            sudo apt-get install -y wget
 
-            wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
-            chmod +x /usr/local/bin/yq
-
-            CARGO_VERSION=$(yq eval '.package.version' Cargo.toml)
-            if [ "$CARGO_VERSION" != "${{ steps.version.outputs.version }}" ]; then
-              echo "Error: Tag version (${{ steps.version.outputs.version }}) does not match Cargo.toml version ($CARGO_VERSION)"
-              exit 1
-            fi
-            echo "Version verified: $CARGO_VERSION"
-        - name: release
-          uses: actions/create-release@v1
-          id: create_release
-          with:
-            draft: false
-            body_path: CHANGELOG.md
-            prerelease: false
-            release_name: Release ${{ steps.version.outputs.version }}
-            tag_name: ${{ steps.version.outputs.tag }}
-          env:
-            GITHUB_TOKEN: ${{ github.token }}
-  upload-artifacts:
+  unittest:
+    uses: ./.github/workflows/unittest.yml
+
+  e2e:
+    uses: ./.github/workflows/e2e.yml
+    needs: [build]
+    with:
+      artifact-id: ${{ needs.build.outputs.deb-artifact }}
+
+  release:
     runs-on: ubuntu-latest
-    needs: [create-release,build]         
+    needs: [build, unittest, e2e]
     steps:
-        - name: Download package
-          uses: actions/download-artifact@v4
-          with:
-            artifact-ids: ${{ needs.build.outputs.deb-artifact }}
-            path: ./deb/
-            merge-multiple: true
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Extract version from tag
+        id: version
+        run: |
+          # Extract version from tag (remove 'v' prefix if present)
+          TAG_NAME=${GITHUB_REF#refs/tags/}
+          VERSION=${TAG_NAME#v}
+          # Detect pre-release: any SemVer build metadata or pre-release suffix
+          # is signaled by a '-' in the version string (e.g. 0.2.0-rc.1).
+          if [[ "$VERSION" == *-* ]]; then
+            PRERELEASE=true
+          else
+            PRERELEASE=false
+          fi
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "tag=$TAG_NAME" >> "$GITHUB_OUTPUT"
+          echo "prerelease=$PRERELEASE" >> "$GITHUB_OUTPUT"
 
-        - name: Find deb file
-          id: find-deb
-          run: echo "deb-file=$(find ./deb -name '*.deb' -type f | head -n1)" >> $GITHUB_OUTPUT
+      - name: Verify version matches Cargo.toml
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y wget
 
-        - name: upload linux artifact
-          uses: actions/upload-release-asset@v1
-          env:
-            GITHUB_TOKEN: ${{ github.token }}
-          with:
-            upload_url: ${{ needs.create-release.outputs.upload_url }}
-            asset_path: ${{ steps.find-deb.outputs.deb-file }}
-            asset_name: ${{ github.event.repository.name }}_${{ needs.create-release.outputs.version }}.deb
-            asset_content_type: application/vnd.debian.binary-package
-
-        - name: Download RPM package
-          uses: actions/download-artifact@v4
-          with:
-            artifact-ids: ${{ needs.build.outputs.rpm-artifact }}
-            path: ./rpm/
-            merge-multiple: true
+          wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          chmod +x /usr/local/bin/yq
 
-        - name: Find RPM file
-          id: find-rpm
-          run: echo "rpm-file=$(find ./rpm -name '*.rpm' -type f | head -n1)" >> $GITHUB_OUTPUT
+          CARGO_VERSION=$(yq eval '.package.version' Cargo.toml)
+          if [ "$CARGO_VERSION" != "${{ steps.version.outputs.version }}" ]; then
+            echo "Error: Tag version (${{ steps.version.outputs.version }}) does not match Cargo.toml version ($CARGO_VERSION)"
+            exit 1
+          fi
+          echo "Version verified: $CARGO_VERSION"
 
-        - name: Upload RPM release asset
-          uses: actions/upload-release-asset@v1
-          env:
-            GITHUB_TOKEN: ${{ github.token }}
-          with:
-            upload_url: ${{ needs.create-release.outputs.upload_url }}
-            asset_path: ${{ steps.find-rpm.outputs.rpm-file }}
-            asset_name: ${{ github.event.repository.name }}_${{ needs.create-release.outputs.version }}.rpm
-            asset_content_type: application/x-rpm
+      - name: Download Debian package
+        uses: actions/download-artifact@v4
+        with:
+          artifact-ids: ${{ needs.build.outputs.deb-artifact }}
+          path: ./deb/
+          merge-multiple: true
 
-        - name: Download binary
-          uses: actions/download-artifact@v4
-          with:
-            artifact-ids: ${{ needs.build.outputs.bin-artifact }}
-            path: ./bin/
-            merge-multiple: true
+      - name: Download RPM package
+        uses: actions/download-artifact@v4
+        with:
+          artifact-ids: ${{ needs.build.outputs.rpm-artifact }}
+          path: ./rpm/
+          merge-multiple: true
 
-        - name: Create binary tarball
-          run: tar -czf ${{ github.event.repository.name }}_${{ needs.create-release.outputs.version }}.tar.gz -C ./bin .
+      - name: Download binary
+        uses: actions/download-artifact@v4
+        with:
+          artifact-ids: ${{ needs.build.outputs.bin-artifact }}
+          path: ./bin/
+          merge-multiple: true
 
-        - name: Upload binary tarball
-          uses: actions/upload-release-asset@v1
-          env:
-            GITHUB_TOKEN: ${{ github.token }}
-          with:
-            upload_url: ${{ needs.create-release.outputs.upload_url }}
-            asset_path: ./${{ github.event.repository.name }}_${{ needs.create-release.outputs.version }}.tar.gz
-            asset_name: ${{ github.event.repository.name }}_${{ needs.create-release.outputs.version }}.tar.gz
-            asset_content_type: application/gzip
+      - name: Download man page
+        uses: actions/download-artifact@v4
+        with:
+          artifact-ids: ${{ needs.build.outputs.man-artifact }}
+          path: ./man/
+          merge-multiple: true
 
-        - name: Download man page
-          uses: actions/download-artifact@v4
-          with:
-            artifact-ids: ${{ needs.build.outputs.man-artifact }}
-            path: ./man/
-            merge-multiple: true
+      - name: Create binary tarball
+        run: tar -czf ${{ github.event.repository.name }}_${{ steps.version.outputs.version }}.tar.gz -C ./bin .
 
-        - name: Upload man page
-          uses: actions/upload-release-asset@v1
-          env:
-            GITHUB_TOKEN: ${{ github.token }}
-          with:
-            upload_url: ${{ needs.create-release.outputs.upload_url }}
-            asset_path: ./man/cave.1
-            asset_name: cave.1
-            asset_content_type: application/x-troff-man
+      - name: Publish release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.version.outputs.tag }}
+          name: Release ${{ steps.version.outputs.version }}
+          body_path: CHANGELOG.md
+          draft: false
+          prerelease: ${{ steps.version.outputs.prerelease }}
+          make_latest: ${{ steps.version.outputs.prerelease == 'true' && 'false' || 'true' }}
+          files: |
+            ./deb/*.deb
+            ./rpm/*.rpm
+            ./${{ github.event.repository.name }}_${{ steps.version.outputs.version }}.tar.gz
+            ./man/cave.1