.github/workflows/Tests.yml CI
.github/workflows/Release.yml CD
Triggers:
pull_request
push branches
workflow_dispatch
Permissions:
permissions:
contents: readGates:
cmake -S "$GITHUB_WORKSPACE" -B "$GITHUB_WORKSPACE/$BUILD_DIR" ...
cmake --build "$BUILD_DIR" --config "$BUILD_TYPE" --parallel "$(nproc)"
ctest --test-dir "$BUILD_DIR" --build-config "$BUILD_TYPE" --output-on-failure --timeout 120
timeout 180 python -m pytest "$GITHUB_WORKSPACE/C2Client/tests" -vv -s
cmake --build "$BUILD_DIR" --target validate_release_bundle --config "$BUILD_TYPE"
cmake --build "$BUILD_DIR" --target stage_integration_runtime --config "$BUILD_TYPE"Triggers:
push tags
workflow_dispatch
Build job permissions:
permissions:
contents: readPublish job permissions:
permissions:
contents: writeGates before publishing:
ctest --test-dir "$BUILD_DIR" --build-config "$BUILD_TYPE" --output-on-failure --timeout 120
timeout 180 python -m pytest "$GITHUB_WORKSPACE/C2Client/tests" -vv -s
cmake --build "$BUILD_DIR" --target validate_release_bundle --config "$BUILD_TYPE"
python packaging/import_implant_releases.py ...
python packaging/validate_release.py --release-root "$BUILD_DIR/release-staging/Release" --require-implants
tar -C "$BUILD_DIR/release-staging" -czf Release.tar.gz Releasepip cache from C2Client dependency files
Conan cache from conanfile.txt, conan.lock, conan/profiles/linux-gcc13
- CI runs before release.
- CD publishes only after build and tests pass.
- Archive is created from validated staging.
- Default GitHub token permission is read-only.
- Only the publish job gets
contents: write.