From 158462136b1a7846e55043e0db7e736dbe89c5b6 Mon Sep 17 00:00:00 2001
From: Midou <midou@midou.dev>
Date: Tue, 22 Jul 2025 14:05:51 +0100
Subject: [PATCH] CI attempt Uno

---
 .gitea/workflows/build.yaml | 71 +++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 .gitea/workflows/build.yaml

diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..d9f2d06
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,71 @@
+---
+name: CI/CD Pipeline
+on:
+  push:
+    branches: [master, build-test]
+  pull_request:
+  release:
+    types: [published]
+  workflow_dispatch:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        architecture: [amd64, arm64]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: '1.24'
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y git
+      - name: Build go-away
+        run: |
+          mkdir .bin
+          go build -v -pgo=auto -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/go-away ./cmd/go-away
+          go build -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
+      - name: Check policy for Forgejo
+        run: |
+          ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/forgejo.yml --policy-snippets examples/snippets/
+      - name: Check policy for Generic
+        run: |
+          ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/generic.yml --policy-snippets examples/snippets/
+      - name: Check policy for SPA
+        run: |
+          ./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/spa.yml --policy-snippets examples/snippets/
+      - name: Test WASM Runtime Success
+        run: |
+          ./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm -make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out ./embed/challenge/js-pow-sha256/test/make-challenge-out.json -verify-challenge ./embed/challenge/js-pow-sha256/test/verify-challenge.json -verify-challenge-out 0
+      - name: Test WASM Runtime Fail
+        run: |
+          ./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm -make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out ./embed/challenge/js-pow-sha256/test/make-challenge-out.json -verify-challenge ./embed/challenge/js-pow-sha256/test/verify-challenge-fail.json -verify-challenge-out 1
+  publish:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to Git Forge registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.projectsegfau.lt
+          username: ${{ secrets.GIT_USERNAME }}
+          password: ${{ secrets.GIT_TOKEN }}
+      - name: Build and push Docker images
+        env:
+          SOURCE_DATE_EPOCH: 0
+          TZ: UTC
+        run: |-
+          docker buildx build \
+            --platform linux/amd64,linux/arm64,linux/riscv64 \
+            --tag git.projectsegfau.lt/${{ secrets.GIT_USERNAME }}/go-away:latest \
+            --push \
+            .