name: Test Build on: #pull_request: # branches: [ main, develop ] push: branches: [test-build] jobs: test-build: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 1 - name: Set up Docker uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract version info id: get_version run: | echo "VERSION=test-$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT echo "HASH=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Build frontend files working-directory: frontend run: | sudo docker run --rm \ -v "$(pwd)":/app \ -w /app \ node:alpine \ sh -c "npm ci && npm run build-production" - name: Move frontend build to backend run: | rm -rf backend/frontend/build mkdir -p backend/frontend/build cp -r frontend/build/* backend/frontend/build/ - name: Build binary run: | sudo docker run --rm \ -v "$(pwd)":/app \ -w /app/backend \ -e CGO_ENABLED=1 \ golang:1.25.1 \ go build -trimpath \ -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }}' \ -tags production -o ../build/phishingclub main.go - name: Fix build directory permissions run: | sudo chown -R $USER:$USER build/ chmod 755 build/ ls -la build/ - name: Test binary signing (if keys available) run: | if [ -n "${{ secrets.SIGNKEY_1 }}" ]; then echo "Testing binary signing..." # Create directory for keys mkdir -p /tmp/keys chmod 700 /tmp/keys # Save private key from GitHub secrets echo "${{ secrets.SIGNKEY_1 }}" > /tmp/keys/private1.pem chmod 600 /tmp/keys/private1.pem # Sign binary with primary key openssl pkeyutl -sign -inkey /tmp/keys/private1.pem \ -rawin -in build/phishingclub \ -out build/phishingclub.sig # Clean up keys rm -rf /tmp/keys echo "✅ Binary signing test successful" else echo "⚠️ SIGNKEY_1 not available - skipping signing test" fi - name: Test package creation run: | mkdir -p packages # Test packaging if [ -f build/phishingclub.sig ]; then tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz \ -C build \ phishingclub \ phishingclub.sig echo "✅ Package created with signature" else tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz \ -C build \ phishingclub echo "✅ Package created without signature" fi - name: Build and push test Docker image uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.release push: true platforms: linux/amd64 tags: | ghcr.io/${{ github.repository }}:test-latest labels: | org.opencontainers.image.title=PhishingClub-Test ${{ steps.get_version.outputs.VERSION }} org.opencontainers.image.description=PhishingClub test build image (linux/amd64). Not for production deployment. org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }} org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }} org.opencontainers.image.created=${{ github.event.head_commit.timestamp }} org.opencontainers.image.revision=${{ github.sha }} - name: Verify build artifacts run: | echo "=== Build Summary ===" echo "Binary size: $(du -h build/phishingclub | cut -f1)" echo "Binary info:" file build/phishingclub if [ -f build/phishingclub.sig ]; then echo "Signature size: $(du -h build/phishingclub.sig | cut -f1)" fi echo "Package size: $(du -h packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz | cut -f1)" echo "Package contents:" tar -tzf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz - name: Upload build artifacts (for review) uses: actions/upload-artifact@v4 with: name: phishingclub-test-build-${{ steps.get_version.outputs.HASH }} path: | build/phishingclub build/phishingclub.sig packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz retention-days: 2