nexus
/
rumpk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rumpk/.forgejo/workflows/ci.yml

80 lines
2.2 KiB
YAML
Raw Permalink Blame History

# Rumpk Sovereign Kernel CI
# Two-stage build: Nim->C->.o (build_nim.sh) then Zig links everything (zig build)
name: Rumpk CI
on:
push:
branches: [unstable, main, stable, testing]
pull_request:
branches: [unstable, main]
jobs:
build-riscv64:
name: Build RISC-V 64
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Verify toolchain
run: |
echo "=== Toolchain ==="
zig version
nim --version | head -1
qemu-system-riscv64 --version | head -1
- name: Build LwIP
run: |
chmod +x build_lwip.sh
bash build_lwip.sh
- name: Compile Nim kernel to C objects
run: |
chmod +x build_nim.sh
bash build_nim.sh riscv64
- name: Build userland + initrd + final kernel
run: |
chmod +x build_full.sh
bash build_full.sh riscv64
- name: Verify kernel ELF
run: |
ls -lh zig-out/bin/rumpk.elf
file zig-out/bin/rumpk.elf
- name: QEMU boot test
run: |
timeout 25 qemu-system-riscv64 \
-M virt -cpu max -m 512M -nographic \
-kernel zig-out/bin/rumpk.elf \
2>&1 | tee /tmp/boot.log || true
echo "=== Boot log ==="
cat /tmp/boot.log | tail -30
echo "=== Boot markers ==="
grep -c "Nim handoff\|init complete\|UART\|sched" /tmp/boot.log || echo "0 markers found"
security-scan:
name: Security Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check for sensitive content
run: |
FAIL=0
for dir in .agent .vscode .kiro competitors; do
if [ -d "$dir" ]; then
echo "FAIL: Sensitive directory '$dir' found"
FAIL=1
fi
done
# Exclude CI workflow files from path scan (they contain the pattern as a check)
MATCHES=$(git grep -l '/home/markus' -- ':!.forgejo/' 2>/dev/null || true)
if [ -n "$MATCHES" ]; then
echo "FAIL: Internal paths found in:"
echo "$MATCHES"
FAIL=1
fi
if [ $FAIL -eq 1 ]; then exit 1; fi
echo "Security scan PASSED"
Reference in New Issue View Git Blame Copy Permalink