STARTcloud
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 66 additions & 2 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 66 additions & 2 deletions
diff --git a/‎.github/workflows/dev-build.yml‎
Lines changed: 272 additions & 0 deletions b/‎.github/workflows/dev-build.yml‎
Lines changed: 272 additions & 0 deletions
diff --git a/‎.github/workflows/release-please.yml‎
Lines changed: 9 additions & 1 deletion b/‎.github/workflows/release-please.yml‎
Lines changed: 9 additions & 1 deletion
@@ -10,8 +10,14 @@ permissions:
   contents: read
 
 jobs:
-  lint-and-test:
-    name: Lint & Format Check
+  security-checks:
+    name: Security Checks
+    uses: ./.github/workflows/reusable/security-checks.yml
+    with:
+      fail-on-error: false
+
+  lint-and-format:
+    name: Lint & Format
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -32,6 +38,64 @@ jobs:
       - name: Check Prettier formatting
         run: npm run format:check
 
+  backend-tests:
+    name: Backend Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install backend dependencies
+        run: npm run cinstall:backend
+
+      - name: Run backend tests
+        run: npm run test:run
+
+  frontend-tests:
+    name: Frontend Tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install frontend dependencies
+        run: npm run cinstall:frontend
+
+      - name: Run frontend tests
+        run: npm run test:frontend
+
+  build-frontend:
+    name: Build Frontend
+    uses: ./.github/workflows/reusable/build-frontend.yml
+
+  verify-scripts:
+    name: Verify Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm run cinstall:backend
+
       - name: Verify scripts exist
         run: |
           echo "Checking sync-versions script..."
 
@@ -0,0 +1,272 @@
+name: Development Build
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  check-trigger:
+    name: Check if triggered by Release Please
+    runs-on: ubuntu-latest
+    outputs:
+      should_build: ${{ steps.check.outputs.should_build }}
+      dev_version: ${{ steps.version.outputs.dev_version }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 2
+
+      - name: Check if triggered by Release Please
+        id: check
+        run: |
+          # Get the commit message and author
+          COMMIT_MESSAGE=$(git log -1 --pretty=format:"%s")
+          COMMIT_AUTHOR=$(git log -1 --pretty=format:"%an")
+          
+          echo "Commit message: $COMMIT_MESSAGE"
+          echo "Commit author: $COMMIT_AUTHOR"
+          
+          # Skip if this is a release-please commit
+          if [[ "$COMMIT_MESSAGE" =~ ^chore\(main\): ]] || [[ "$COMMIT_AUTHOR" == "github-actions[bot]" ]]; then
+            echo "Skipping development build - triggered by Release Please"
+            echo "should_build=false" >> $GITHUB_OUTPUT
+          else
+            echo "Proceeding with development build"
+            echo "should_build=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Calculate development version
+        id: version
+        if: steps.check.outputs.should_build == 'true'
+        run: |
+          # Get current version from package.json
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+          
+          # Split version into parts
+          IFS='.' read -ra VERSION_PARTS <<< "$CURRENT_VERSION"
+          MAJOR=${VERSION_PARTS[0]}
+          MINOR=${VERSION_PARTS[1]}
+          PATCH=${VERSION_PARTS[2]}
+          
+          # Increment patch version for development
+          NEW_PATCH=$((PATCH + 1))
+          DEV_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}-dev"
+          
+          echo "Current version: $CURRENT_VERSION"
+          echo "Development version: $DEV_VERSION"
+          echo "dev_version=$DEV_VERSION" >> $GITHUB_OUTPUT
+
+  security-pre-check:
+    name: Security Pre-Check
+    needs: check-trigger
+    if: needs.check-trigger.outputs.should_build == 'true'
+    uses: ./.github/workflows/reusable/security-checks.yml
+    with:
+      fail-on-error: true
+
+  build-development-packages:
+    name: Build Development Packages
+    needs: [check-trigger, security-pre-check]
+    if: needs.check-trigger.outputs.should_build == 'true'
+    runs-on: self-hosted
+    env:
+      VERSION: ${{ needs.check-trigger.outputs.dev_version }}
+      PACKAGE_NAME: armor-dev
+      ARCH: amd64
+    steps:
+      # Debian Build Steps
+      - name: Checkout for Debian build
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm run cinstall:all:nodev
+
+      - name: Build frontend
+        run: npm run build
+
+      - name: Create Debian package structure
+        run: |
+          mkdir -p "${PACKAGE_NAME}_${VERSION}_${ARCH}"/{opt/armor/web,opt/armor,etc/systemd/system,var/lib/armor,var/log/armor,usr/share/man/man8,usr/share/man/man5,DEBIAN}
+
+      - name: Copy application files to Debian package
+        run: |
+          cp -r models routes middleware config utils services packaging app.js package.json "${PACKAGE_NAME}_${VERSION}_${ARCH}/opt/armor/"
+          cp -r node_modules "${PACKAGE_NAME}_${VERSION}_${ARCH}/opt/armor/"
+          cp -r web/dist "${PACKAGE_NAME}_${VERSION}_${ARCH}/opt/armor/web/dist"
+          # Keep public assets for Swagger theming
+          cp -r web/public "${PACKAGE_NAME}_${VERSION}_${ARCH}/opt/armor/web/public"
+
+      - name: Copy configuration files to Debian package
+        run: |
+          cp packaging/DEBIAN/systemd/armor.service "${PACKAGE_NAME}_${VERSION}_${ARCH}/etc/systemd/system/"
+          cp packaging/DEBIAN/postinst packaging/DEBIAN/prerm packaging/DEBIAN/postrm "${PACKAGE_NAME}_${VERSION}_${ARCH}/DEBIAN/"
+
+      - name: Install man pages
+        run: |
+          # Copy and compress man pages following Debian Policy
+          gzip -9 -c packaging/DEBIAN/man/armor.8 > "${PACKAGE_NAME}_${VERSION}_${ARCH}/usr/share/man/man8/armor.8.gz"
+          gzip -9 -c packaging/DEBIAN/man/armor.yaml.5 > "${PACKAGE_NAME}_${VERSION}_${ARCH}/usr/share/man/man5/armor.yaml.5.gz"
+
+      - name: Create Debian control file
+        run: |
+          cat > "${PACKAGE_NAME}_${VERSION}_${ARCH}/DEBIAN/control" << EOF
+          Package: armor-dev
+          Version: ${VERSION}
+          Section: misc
+          Priority: optional
+          Architecture: ${ARCH}
+          Maintainer: MarkProminic <MarkProminic@users.noreply.github.com>
+          Depends: nodejs (>= 22.0.0), sqlite3, openssl
+          Conflicts: armor
+          Description: Armor (Development) - Armor Reliably Manages Online Resources
+           A secure Node.js file server that provides directory listings with SHA256 checksums and authenticated file upload capabilities over HTTPS.
+           This is a development version.
+          Homepage: https://github.com/STARTcloud/armor_private
+          EOF
+
+      - name: Set Debian package permissions
+        run: |
+          find "${PACKAGE_NAME}_${VERSION}_${ARCH}" -type d -exec chmod 755 {} \;
+          find "${PACKAGE_NAME}_${VERSION}_${ARCH}" -type f -exec chmod 644 {} \;
+          chmod 755 "${PACKAGE_NAME}_${VERSION}_${ARCH}/DEBIAN"/{postinst,prerm,postrm}
+
+      - name: Build Debian package
+        run: |
+          dpkg-deb --build "${PACKAGE_NAME}_${VERSION}_${ARCH}" "${PACKAGE_NAME}_${VERSION}_${ARCH}.deb"
+
+      # OmniOS Build Steps
+      - name: Fresh checkout for OmniOS build
+        uses: actions/checkout@v5
+        with:
+          path: omnios-source
+          clean: true
+
+      - name: Clean OmniOS build directory
+        run: |
+          ssh ghrunner@omnios.packages.startcloud.com "rm -rf /local/builds/armor-dev/* /local/builds/armor-dev/.*" || true
+
+      - name: Sync source code to OmniOS
+        run: |
+          rsync -av \
+            --exclude='.git' \
+            --exclude='node_modules' \
+            --exclude='web/node_modules' \
+            --exclude='web/dist' \
+            --exclude='*.deb' \
+            omnios-source/ ghrunner@omnios.packages.startcloud.com:/local/builds/armor-dev/
+
+      - name: Build package on OmniOS
+        run: |
+          ssh ghrunner@omnios.packages.startcloud.com "
+            cd /local/builds/armor-dev && 
+            export PATH=/opt/ooce/bin:/opt/ooce/node-22/bin:\$PATH &&
+            export MAKE=gmake &&
+            export DEV_VERSION=${VERSION} &&
+            chmod +x packaging/omnios/build.sh &&
+            ./packaging/omnios/build.sh
+          "
+
+      - name: Transfer OmniOS package back
+        run: |
+          rsync -av ghrunner@omnios.packages.startcloud.com:/local/builds/armor-dev/*.p5p ./ || echo "No .p5p files found"
+
+      - name: Upload Debian package to repository server
+        run: |
+          rsync -av ${PACKAGE_NAME}_*.deb startcloud@172.17.204.177:/tmp/
+
+      - name: Add package to repository pool
+        run: |
+          ssh startcloud@172.17.204.177 "
+            mkdir -p /local/public/debian/pool/main/z/armor-dev
+            cp /tmp/${PACKAGE_NAME}_*.deb /local/public/debian/pool/main/z/armor-dev/
+          "
+
+      - name: Update repository Packages files for all suites
+        run: |
+          ssh startcloud@172.17.204.177 "
+            cd /local/public/debian
+            # Generate Packages files for each suite
+            for suite in bookworm trixie; do
+              dpkg-scanpackages --arch amd64 pool/ > dists/\$suite/main/binary-amd64/Packages
+              gzip -c dists/\$suite/main/binary-amd64/Packages > dists/\$suite/main/binary-amd64/Packages.gz
+            done
+          "
+
+      - name: Generate Release files for all suites
+        run: |
+          ssh startcloud@172.17.204.177 "
+            cd /local/public/debian
+            # Generate Release files for each suite
+            for suite in bookworm trixie; do
+              cd dists/\$suite
+              /local/generate-release.sh \$suite > Release
+              cd ../..
+            done
+          "
+
+      - name: Create stable distribution with proper Release file
+        run: |
+          ssh startcloud@172.17.204.177 "
+            cd /local/public/debian/dists
+            rm -rf stable 2>/dev/null || true
+            cp -r trixie stable
+            cd stable
+            /local/generate-release.sh stable > Release
+          "
+
+      - name: Sign repository for all suites including stable
+        run: |
+          ssh startcloud@172.17.204.177 "
+            cd /local/public/debian
+            # Sign each suite including stable
+            for suite in bookworm trixie stable; do
+              cd dists/\$suite
+              export GNUPGHOME=\$(mktemp -d /local/pgp/pgpkeys-XXXXXX)
+              cat /local/pgp/pgp-key.private | gpg --import
+              cat Release | gpg --default-key startcloud -abs > Release.gpg
+              cat Release | gpg --default-key startcloud -abs --clearsign > InRelease
+              rm -rf \$GNUPGHOME
+              cd ../..
+            done
+          "
+
+      - name: Publish OmniOS package to repository
+        run: |
+          ssh ghrunner@omnios.packages.startcloud.com "
+            cd /local/builds/armor-dev &&
+            pfexec pkgsend publish -d proto -s file:///local/public/r151054/pkg armor.p5m.final &&
+            pfexec pkgrepo refresh -s /local/public/r151054/pkg &&
+            pfexec svcadm restart pkg/server:r151054_STARTcloud
+          "
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: 'development-packages'
+          path: |
+            *.deb
+            *.p5p
+          retention-days: 30
+
+      - name: Clean up
+        run: |
+          ssh ghrunner@omnios.packages.startcloud.com "rm -rf /local/builds/armor-dev/*"
+          ssh startcloud@172.17.204.177 "rm -f /tmp/${PACKAGE_NAME}_*.deb"
+
+      - name: Summary
+        run: |
+          echo "Development packages built and published:"
+          echo "- Version: ${VERSION}"
+          echo "- Debian package: ${PACKAGE_NAME}_${VERSION}_${ARCH}.deb"
+          echo "- Packages published to repositories"
@@ -28,9 +28,17 @@ jobs:
         uses: googleapis/release-please-action@v4
         id: release
 
-  build-packages:
+  security-pre-check:
+    name: Security Pre-Check
     needs: release-please
     if: ${{ needs.release-please.outputs.release_created }}
+    uses: ./.github/workflows/reusable/security-checks.yml
+    with:
+      fail-on-error: true
+
+  build-packages:
+    needs: [release-please, security-pre-check]
+    if: ${{ needs.release-please.outputs.release_created }}
     runs-on: self-hosted
     steps:
       # Debian Build Steps