feat(auth):CD PipeLine WorkFlow for Pullpiri[#116]

.github/release.yml

@@ -0,0 +1,24 @@
+changelog:
+  exclude:
+    labels:
+      - duplicate
+      - wontfix
+      - invalid
+    authors:
+      - octocat
+  categories:
+    - title: "🛠️ Breaking Changes"
+      labels:
+        - "breaking change"
+    - title: "✨ Features"
+      labels:
+        - enhancement
+    - title: "🐛 Bug Fixes"
+      labels:
+        - bug
+    - title: "📚 Documentation"
+      labels:
+        - documentation
+    - title: "Other Changes"
+      labels:
+        - "*"

.github/workflows/ci-dispatcher.yml

@@ -8,51 +8,61 @@ on:
   workflow_dispatch:
 
 jobs:
+  # 🧠 Job 1: Detect file changes and conditionally trigger jobs based on them
   detect-changes:
     runs-on: ubuntu-latest
     outputs:
-      rust_changed: ${{ steps.filter.outputs.rust }}
-      doc_changed: ${{ steps.filter.outputs.docs }}
-      yaml_changed: ${{ steps.filter.outputs.yaml }}
+      rust_changed: ${{ steps.filter.outputs.rust }}  # Set to true if any Rust-relevant files changed
+      doc_changed: ${{ steps.filter.outputs.docs }}   # True if docs (Markdown) changed
+      yaml_changed: ${{ steps.filter.outputs.yaml }}  # True if GitHub workflow YAMLs changed
     steps:
+      # Step 1: Checkout repo contents
       - uses: actions/checkout@v4
+
+      # Step 2: Use `dorny/paths-filter` to detect what kinds of files changed
       - id: filter
         uses: dorny/paths-filter@v3
         with:
           filters: |
             rust:
-              - '**/*.rs'
-              - '**/*.toml'
-              - 'Cargo.lock'
-              - 'scripts/**'
+              - '**/*.rs'         # All Rust source files
+              - '**/*.toml'       # Cargo.toml or other TOML configs
+              - 'Cargo.lock'      # Cargo.lock for dependency changes
+              - 'scripts/**'      # Shell scripts that might affect build/test
+              - 'Makefile'        # Dev tooling changes
+              - '**/*.yaml'       # Scenario or config YAMLs
+              - '**/*.sh'         # Bash scripts
             docs:
-              - '**/*.md'
+              - '**/*.md'         # Markdown docs (README, etc.)
             yaml:
-              - '.github/workflows/*.yml'
+              - '.github/workflows/*.yml'  # GitHub workflow YAMLs
 
+  # 🚀 Job 2: Trigger full Rust CI workflow if Rust files or configs changed
   run-rust-ci:
     needs: detect-changes
     if: needs.detect-changes.outputs.rust_changed == 'true'
-    uses: ./.github/workflows/run-ci.yml
+    uses: ./.github/workflows/run-ci.yml  # Reuse centralized Rust CI logic
 
+  # 📚 Job 3: Run markdown/documentation linter if only docs changed
   run-doc-lint:
     needs: detect-changes
     if: needs.detect-changes.outputs.doc_changed == 'true'
     uses: ./.github/workflows/run-doc.yml
 
+  # ⚙️ Job 4: Validate GitHub YAML workflows (lint schema or check logic)
   run-yaml-validation:
     needs: detect-changes
     if: needs.detect-changes.outputs.yaml_changed == 'true'
     uses: ./.github/workflows/run-validate.yml
 
-  # Final job for branch protection
+  # 📦 Job 5: Always run this last to print a clean summary in Actions UI
   ci-summary:
     name: CI Complete Summary
     runs-on: ubuntu-latest
-    if: always()
+    if: always()  # Run even if earlier jobs were skipped or failed
     needs:
       - run-rust-ci
       - run-doc-lint
       - run-yaml-validation
     steps:
-      - run: echo "All CI jobs (if triggered) have completed."
+      - run: echo "✅ All CI jobs (if triggered) have completed."

.github/workflows/release.yml

@@ -0,0 +1,189 @@
+name: Release
+
+# Trigger the workflow only when a new tag starting with "v" is pushed (e.g., v1.0.0)
+on:
+  push:
+    tags:
+      - v*
+
+# Prevent duplicate jobs running for same tag; cancel in-progress if newer tag is pushed
+concurrency:
+  group: "release-${{ github.head_ref || github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  # Run the main Rust CI checks (tests, formatting, lint, etc.)
+  run-rust-ci:
+    uses: ./.github/workflows/run-ci.yml
+
+  # Run Rust documentation lint checks
+  run-doc-lint:
+    uses: ./.github/workflows/run-doc.yml
+
+  # Run YAML syntax and structure validation
+  run-yaml-validation:
+    uses: ./.github/workflows/run-validate.yml
+
+  # Generate license reports using cargo-about
+  run-license-report:
+    uses: ./.github/workflows/run-license-check.yml
+
+  # Main job to gather reports and publish artifacts to the GitHub release
+  tag_release_artifacts:
+    # Run this job only for version tag pushes
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    name: Collect and upload release artifacts
+    runs-on: ubuntu-latest
+
+    # Ensure all upstream jobs complete successfully before running this one
+    needs:
+      - run-rust-ci
+      - run-doc-lint
+      - run-yaml-validation
+      - run-license-report
+
+    # Grant full write access for upload operations
+    permissions: write-all
+
+    steps:
+      # Checkout code and all submodules
+      - uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+
+      # Download deny-check report generated in prior jobs
+      - name: Download deny report
+        uses: actions/download-artifact@v4
+        with:
+          name: deny-report
+          path: dist/reports/deny/
+
+      # Download formatting (cargo fmt) report
+      - name: Download fmt report
+        uses: actions/download-artifact@v4
+        with:
+          name: fmt-report
+          path: dist/reports/fmt/
+
+      # Download test reports (Junit XML)
+      - name: Download test report
+        uses: actions/download-artifact@v4
+        with:
+          name: test-report
+          path: dist/tests/
+
+      # Download license HTML report
+      - name: Download license report
+        uses: actions/download-artifact@v4
+        with:
+          name: license-report
+          path: dist/licenses/
+
+      # Upload deny report to the GitHub release assets
+      - name: Upload deny report to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_deny_report
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: dist/reports/deny/deny_summary.md
+          tag: ${{ github.ref }}
+
+      # Upload formatting (cargo fmt) report
+      - name: Upload fmt report to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_fmt_report
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: dist/reports/fmt/fmt_summary.md
+          tag: ${{ github.ref }}
+
+      # Upload the combined JUnit test report XML
+      - name: Upload test report to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_test_report
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: dist/tests/test_summary.xml
+          file_glob: true
+          tag: ${{ github.ref }}
+
+      # Upload license HTML report (e.g., for apiserver)
+      - name: Upload license report to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_license_report
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: dist/licenses/*.html
+          file_glob: true
+          tag: ${{ github.ref }}
+
+      # Fetch details of the latest release (needed for quevee)
+      - name: Gets latest created release info
+        id: latest_release_info
+        uses: joutvhu/get-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # Upload README file to release assets
+      - name: Upload README to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_readme
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: README.md
+          tag: ${{ github.ref }}
+
+      # Upload coding rules or guidelines to release assets
+      - name: Upload Coding Guidelines to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_coding_guidelines
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: src/coding-rule.md
+          tag: ${{ github.ref }}
+
+      # Upload release process to release assets
+      - name: Upload Release Process to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_release_process
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: .github/workflows/release.yml
+          tag: ${{ github.ref }}
+
+      # Step to create a compressed archive of the entire 'doc/' folder
+      - name: Archive doc folder
+        shell: bash
+        run: |
+          # Create a tar.gz archive named 'doc-archive.tar.gz' containing everything in 'doc/'
+          tar czf doc-archive.tar.gz doc/
+
+      # Step to upload the archived docs as a release asset to the current Git tag release
+      - name: Upload doc archive to release
+        uses: svenstaro/upload-release-action@v2
+        id: upload_doc
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: doc-archive.tar.gz
+          tag: ${{ github.ref }}
+
+      # Generate a quality manifest (quality metadata file) using Eclipse Dash QueVee
+      - name: Collect quality artifacts with quevee
+        id: quevee_manifest
+        uses: eclipse-dash/quevee@v1
+        with:
+          release_url: ${{ steps.latest_release_info.outputs.html_url }}
+          artifacts_readme: ${{ steps.upload_readme.outputs.browser_download_url }} 
+          artifacts_coding_guidelines: ${{ steps.upload_coding_guidelines.outputs.browser_download_url }}
+          artifacts_release_process: ${{ steps.upload_release_process.outputs.browser_download_url }} 
+          artifacts_documentation: ${{ steps.upload_doc.outputs.browser_download_url }}
+          artifacts_requirements: ${{ steps.upload_doc.outputs.browser_download_url }}
+          artifacts_testing: ${{ steps.upload_test_report.outputs.browser_download_url }}, ${{ steps.upload_license_report.outputs.browser_download_url }}, ${{ steps.upload_fmt_report.outputs.browser_download_url }}, ${{ steps.upload_deny_report.outputs.browser_download_url }} 
+
+      # Upload the final manifest file (produced by quevee) to the GitHub release
+      - name: Upload quality manifest to release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: ${{ steps.quevee_manifest.outputs.manifest_file }}
+          tag: ${{ github.ref }}

.github/workflows/run-ci.yml

@@ -6,20 +6,84 @@ on:
 
 jobs:
   rust_ci:
-    runs-on: ubuntu-latest
-    container:
-      image: rust:latest
+    runs-on: ubuntu-latest  # Use GitHub-hosted runner with Docker installed
+
     steps:
-      - uses: actions/checkout@v4
-      - name: Install deps
+      # Step 1: Checkout the code
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Step 2: Install Rust toolchain
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+
+      # Step 3: Install Docker Compose dependencies (if needed)
+      - name: Install Docker Compose and utilities
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y docker-compose jq curl lsb-release
+
+      # Step 4: Make all scripts executable
+      - name: Make scripts executable
+        run: chmod +x scripts/*.sh
+
+      # Step 5: Install Rust project dependencies
+      - name: Install project dependencies
         run: ./scripts/installdeps.sh
-      - name: Build
+
+      # Step 6: Create output folders for reports
+      - name: Create reports directory
+        run: |
+          mkdir -p dist/reports/fmt
+          mkdir -p dist/reports/deny
+          mkdir -p dist/tests
+          mkdir -p dist/licenses
+
+      # Step 7: Run project build and parse logs
+      - name: Build and parse project
         run: ./scripts/buildNparse.sh
-      - name: Test
+
+      # Step 8: Run all Rust unit/integration tests and generate reports
+      - name: Run tests and generate report
         run: ./scripts/testNparse.sh
-      - name: Lint
+
+      # Step 9: Linting (clippy)
+      - name: Run Clippy (lint)
         run: ./scripts/clippy_check.sh
-      - name: Format
+
+      # Step 10: Formatting check
+      - name: Run format check
         run: ./scripts/fmt_check.sh
-      - name: Cargo Deny (License, Advisories, Bans)
+
+      # Step 11: License, ban, and security checks with cargo-deny
+      - name: Run cargo-deny checks
         run: ./scripts/deny_check.sh
+
+      # === Upload All Reports ===
+
+      # Step 12: Upload deny report
+      - name: Upload deny report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: deny-report
+          path: dist/reports/deny/deny_summary.md
+
+      # Step 13: Upload format report
+      - name: Upload fmt report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fmt-report
+          path: dist/reports/fmt/fmt_summary.md
+
+      # Step 14: Upload all test reports (JUnit-style)
+      - name: Upload test reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-report
+          path: dist/tests/*