-
Notifications
You must be signed in to change notification settings - Fork 60
186 lines (171 loc) · 6.21 KB
/
rust.yml
File metadata and controls
186 lines (171 loc) · 6.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
name: Rust
on:
push:
branches: [ "main" ]
paths-ignore:
- '*.md'
- 'docs/**'
- 'LICENSE'
- 'MAINTAINERS'
- 'NOTICE'
pull_request:
branches: [ "main" ]
paths-ignore:
- '*.md'
- 'docs/**'
- 'LICENSE'
- 'MAINTAINERS'
- 'NOTICE'
env:
CARGO_TERM_COLOR: always
jobs:
license-headers:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Verify Rust license headers
shell: bash
run: |
set -euo pipefail
bash ./scripts/copyright.sh
# If the script made any changes to Rust files, fail and list them
if git diff --name-only -- '*.rs' | grep -q .; then
echo "The following Rust files are missing license headers:" >&2
git diff --name-only -- '*.rs' >&2
echo >&2
echo "Please run ./scripts/copyright.sh locally and commit the changes." >&2
exit 1
fi
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- run: ./scripts/install-protobuf.sh
shell: bash
- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
with:
components: rustfmt, clippy
- run:
# needed to run rustfmt in nightly toolchain
rustup toolchain install nightly --component rustfmt
- uses: ./.github/actions/rust-cache
- name: Run fmt
run: cargo +nightly fmt --all -- --check
- name: Run Clippy
run: cargo clippy --verbose --workspace
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff # v3.0.0
- run: ./scripts/install-protobuf.sh
shell: bash
- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
- run: rustup target add wasm32-wasip2
- uses: ./.github/actions/rust-cache
- name: Build
run: just build
- name: Run tests
run: just test
- name: Upload artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: wassette
path: bin/wassette
deps:
name: unused dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
- name: Check unused dependencies
uses: bnjbvr/cargo-machete@7959c845782fed02ee69303126d4a12d64f1db18 # v0.9.1
security:
name: security audit
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Install cargo-deny
run: cargo install cargo-deny
- name: Run cargo audit
run: |
# Run cargo audit - fail only on actual vulnerabilities, not warnings
cargo audit
- name: Run cargo deny check
run: cargo deny check advisories licenses bans sources
coverage:
name: test coverage
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- run: ./scripts/install-protobuf.sh
shell: bash
- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
with:
toolchain: nightly
components: llvm-tools-preview
- run: rustup target add wasm32-wasip2
- uses: ./.github/actions/rust-cache
- name: Install cargo-llvm-cov
run: cargo install cargo-llvm-cov
- name: Generate coverage report
run: |
cargo llvm-cov --all-features --workspace --ignore-run-fail --lcov --output-path lcov.info
cargo llvm-cov --all-features --workspace --ignore-run-fail --json --output-path coverage.json
- name: Upload coverage to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v6.1.0
with:
file: ./lcov.info
fail_ci_if_error: false
- name: Coverage summary
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7.1.0
with:
script: |
const fs = require('fs');
const coverage = JSON.parse(fs.readFileSync('coverage.json', 'utf8'));
const totalLines = coverage.data[0].totals.lines.count;
const coveredLines = coverage.data[0].totals.lines.covered;
const coveragePercent = ((coveredLines / totalLines) * 100).toFixed(2);
const summary = `## 📊 Test Coverage Report
**Overall Coverage: ${coveragePercent}%** (${coveredLines}/${totalLines} lines)`;
await core.summary
.addRaw(summary)
.write();
- name: Upload coverage artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: coverage-report
path: |
lcov.info
coverage.json
spelling:
name: spell check with typos
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Spell Check Repo
uses: crate-ci/typos@80c8a4945eec0f6d464eaf9e65ed98ef085283d1 # v1.38.1
linkChecker:
name: link checker
permissions:
contents: read
if: github.repository == 'microsoft/wassette'
timeout-minutes: 15
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2.6.1
with:
fail: false # don't fail the build on broken links
format: markdown
jobSummary: true
args: '--config lychee.toml .'