From dfae955d044dac35b846050cbb9f5e9a1c55c44f Mon Sep 17 00:00:00 2001 From: Georgios Smyrlis Date: Wed, 17 Jun 2026 23:01:39 +0200 Subject: [PATCH] Add CI workflow and v1 roadmap --- .github/dependabot.yml | 27 +++++++++++++++++++ .github/workflows/ci.yml | 57 ++++++++++++++++++++++++++++++++++++++++ README.md | 2 ++ 3 files changed, 86 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..50c035e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,27 @@ +version: 2 + +updates: + # .NET / NuGet package references across the solution. + - package-ecosystem: nuget + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 5 + # Bundle minor and patch bumps into a single weekly PR to cut noise; major bumps stay + # individual so a potentially breaking update gets its own review. + groups: + nuget-minor-and-patch: + update-types: + - minor + - patch + + # GitHub Actions used by the workflows. Few and low-risk, so group them into one PR. + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 5 + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..5192170 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,57 @@ +name: CI + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +# Least privilege: the build only needs to read the repository. No publishing, no secrets. +permissions: + contents: read + +# Cancel superseded runs on the same ref to save CI minutes. +concurrency: + group: ci-${{ github.ref }} + cancel-in-progress: true + +jobs: + build-test: + name: Build & Test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup .NET 8 + uses: actions/setup-dotnet@v4 + with: + # Floats to the latest 8.0 patch (picks up SDK security fixes) while staying on the + # net8.0 target line the projects build against. No global.json to maintain. + dotnet-version: 8.0.x + + - name: Restore + run: dotnet restore + + - name: Build + run: dotnet build -c Release --no-restore + + - name: Test + run: dotnet test -c Release --no-build + + # Pack runs only on push to main: it validates packaging (the bundled netstandard2.0 analyzer + # and package validation) without publishing anything. Release is required because the EF Core + # package picks up the analyzer DLL from its bin/Release output. + - name: Pack (validation only, no publish) + if: github.event_name == 'push' + run: dotnet pack -c Release --no-build --output artifacts + + - name: Upload packages + if: github.event_name == 'push' + uses: actions/upload-artifact@v4 + with: + name: nuget-packages + path: | + artifacts/*.nupkg + artifacts/*.snupkg + if-no-files-found: error diff --git a/README.md b/README.md index db438f7..243469a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Proteos — Application Layer Encryption for .NET +[![CI](https://github.com/ProteosEncryption/Proteos.Encryption/actions/workflows/ci.yml/badge.svg)](https://github.com/ProteosEncryption/Proteos.Encryption/actions/workflows/ci.yml) + Encrypt sensitive entity fields **in the application**, before they reach the database, blob storage or any cloud system. A database, backup or storage leak then exposes only ciphertext — not your customers' data.