Skip to content

ci: add CI/CD, release automation, code quality, and dev tooling#1

Open
tolgakaratas wants to merge 5 commits intomasterfrom
ci/add-cicd-and-tooling
Open

ci: add CI/CD, release automation, code quality, and dev tooling#1
tolgakaratas wants to merge 5 commits intomasterfrom
ci/add-cicd-and-tooling

Conversation

@tolgakaratas
Copy link
Copy Markdown

@tolgakaratas tolgakaratas commented May 5, 2026

Summary

Production-grade CI/CD pipeline, release automation, and code quality infrastructure for Clone VMM.

5 commits, logically grouped:

  1. Code quality -- rustfmt (max_width=120), all clippy lints resolved, musl compatibility (IoctlReq, SendPthreadT, SYS_renameat2), cross-platform module gating
  2. Build optimization -- LTO fat, codegen-units=1, panic=abort, strip; MSRV 1.87; project metadata
  3. CI/CD -- GitHub Actions: fmt, clippy, build+test (musl static), MSRV check, cargo-deny, security audit, release-please, cosign signing, SBOM, aarch64 cross-compilation
  4. Documentation -- SECURITY.md, CONTRIBUTING.md, CHANGELOG.md, README badges
  5. Dev tooling -- mise, pre-commit hooks, deny.toml, release-please config

Key decisions

  • musl static binary: 2.3MB, runs on any Linux without glibc dependency
  • MSRV 1.87: required by is_multiple_of() and div_ceil() stdlib methods
  • max_width=120: matches original codebase style, minimizes formatting churn
  • Cross-platform gating: storage/virtio modules portable (188 tests on macOS), rest Linux-only
  • Shift-left testing: make ci runs full local CI before push; pre-commit hooks enforce

Verified

  • All 188 unit tests pass
  • cargo clippy -D warnings: 0 errors
  • cargo fmt --check: clean
  • Binary smoke test: clone --help runs on production server (static linked)
  • Compatible with docs/SPEC.md (zero functional changes)

Test plan

  • CI workflow passes all 7 jobs on this PR
  • Binary artifact downloadable and executable
  • release-please creates release PR after merge

@tolgakaratas tolgakaratas force-pushed the ci/add-cicd-and-tooling branch 2 times, most recently from 366225b to 481f40b Compare May 5, 2026 12:35
@tolgakaratas
fix: code quality, musl compatibility, and cross-platform module gating
9c467c6 
Source code changes (no CI/infrastructure):
- Cross-platform module gating: storage/virtio keep tests portable,
  Linux-only modules gated with cfg(target_os = "linux")
- Shared compat module (IoctlReq, SendPthreadT) for glibc/musl differences
- All clippy lints resolved via cargo fix + cargo clippy --fix on Rust 1.95
- musl static build compatibility: SYS_renameat2 raw syscall, platform-
  correct ioctl types, Send wrapper for pthread_t
- Fix _host_offset naming bug in balloon inflate (compile error on Linux)
- Platform-conditional cast for libc::S_IFMT (u16 macOS, u32 Linux)
- dead_code allow on modules with forward-declared upstream API
- rustfmt applied with max_width=120

Verified: 0 clippy errors on Linux (rust:1.95) and macOS, 266+188 tests pass.
@tolgakaratas
build: optimize release profile and project metadata
72e8325 
- profile.release: LTO fat, codegen-units=1, panic=abort, strip=true
- Cargo.toml: homepage, repository, keywords, MSRV 1.87
- Workspace members: add rust-version = "1.87"
- rustfmt.toml: max_width=120 matching original codebase style
- .editorconfig: consistent settings across editors
- Makefile: add shift-left targets (make ci, make fix, make lint)
- .gitignore: add VM artifact patterns (*.img, *.qcow2)
@tolgakaratas
ci: add GitHub Actions CI/CD with release automation
d0ec713 
Workflows:
- build.yml: fmt, clippy, musl static build+test, MSRV 1.87 check,
  cargo-deny, security audit (with smart change detection)
- release-please.yml: conventional commits to automated release PRs
- release.yml: x86_64+aarch64 musl static binaries, SHA256 checksums,
  cosign keyless signing, SLSA attestation, SBOM (SPDX)
- security-scan.yml: weekly cargo audit, cargo deny, CodeQL Rust
- dependabot.yml: weekly cargo+actions updates with semantic grouping
- dependabot-auto-merge.yml: auto-squash-merge patch/minor updates

Templates:
- Issue templates (bug report, feature request)
- Pull request template with checklist
@tolgakaratas
docs: add project documentation and README badges
1bc4b37 
- SECURITY.md: vulnerability reporting via GitHub private advisories
- CONTRIBUTING.md: setup, shift-left local CI (make ci), pre-commit
  hooks, conventional commits, code style guide
- CHANGELOG.md: initial file for release-please automation
- README.md: CI status, license, and MSRV badges
@tolgakaratas
chore: add development tooling and release configuration
f4c9ef8 
- mise: rust + cargo-binstall + pre-commit; setup/ci tasks
- pre-commit: cargo autofix on commit, test+deny on push
- deny.toml: license allowlist (MIT/Apache/BSD/ISC), advisory checks
- release-please: Rust release type, version sync, changelog sections
@tolgakaratas tolgakaratas force-pushed the ci/add-cicd-and-tooling branch from 481f40b to f4c9ef8 Compare May 5, 2026 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tolgakaratas