updating circleci arch #291
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| name: main | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: kickable - std build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| toolchain: | |
| - stable | |
| target: | |
| - x86_64-pc-windows-gnu | |
| - aarch64-unknown-linux-gnu | |
| - x86_64-unknown-linux-gnu | |
| steps: | |
| - name: harden runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: install stable | |
| uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: ${{ matrix.toolchain }} | |
| target: ${{ matrix.target }} | |
| override: true | |
| - name: install rust | |
| run: rustup update ${{ matrix.rust }} && rustup target add ${{ matrix.target }} | |
| - name: install cross-compilation tools | |
| uses: taiki-e/setup-cross-toolchain-action@e0fdbe18d70a8bbed8a44d3319a1842949a63671 # v1.18.0 | |
| with: | |
| target: ${{ matrix.target }} | |
| - name: install dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install protobuf-compiler -y -o Acquire::Retries=5 | |
| - name: cargo cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| continue-on-error: false | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: build-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: build-${{ matrix.target }}-cargo- | |
| - name: build | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| use-cross: false | |
| command: check | |
| args: --verbose --release --all-targets --all-features --target ${{ matrix.target }} | |
| test: | |
| name: kickable - test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: install toolchain | |
| uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - name: install dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install protobuf-compiler -y -o Acquire::Retries=5 | |
| - name: cargo cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| continue-on-error: false | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: test-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: test-${{ matrix.target }}-cargo- | |
| - name: test | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: test | |
| lint: | |
| name: kickable - lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: install stable | |
| uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| components: rustfmt, clippy | |
| - name: install dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install protobuf-compiler -y -o Acquire::Retries=5 | |
| - name: cargo cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| continue-on-error: false | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: lint-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: lint-${{ matrix.target }}-cargo- | |
| - name: cargo fmt | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: fmt | |
| args: --all -- --check | |
| - name: cargo clippy | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: clippy | |
| args: -- -D warnings | |
| tarpaulin: | |
| name: kickable - coverage | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: install dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install protobuf-compiler -y -o Acquire::Retries=5 | |
| - name: cargo install tarpaulin | |
| uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
| with: | |
| command: install | |
| args: cargo-tarpaulin | |
| - name: cargo cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| continue-on-error: false | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: tarpaulin-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: tarpaulin-${{ matrix.target }}-cargo- | |
| - name: cargo tarpaulin | |
| run: | |
| cargo-tarpaulin tarpaulin --ciserver github --coveralls ${{ secrets.COVERALLS }} --out Xml --out Lcov | |
| - name: archive code coverage results | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| with: | |
| name: code-coverage-report | |
| path: cobertura.xml | |
| - name: upload to Coveralls | |
| uses: coverallsapp/github-action@c203f016dd0ff7855ebef0ed852000c20c117148 # master | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| path-to-lcov: './lcov.info' | |
| - name: Codecov | |
| uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 | |
| with: | |
| fail_ci_if_error: false | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: lcov.info,cobertura.xml | |
| name: kickable-rs | |
| verbose: true | |
| audit: | |
| name: kickable - audit | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - name: harden runner | |
| uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| crates.io:443 | |
| esm.ubuntu.com:443 | |
| github.com:443 | |
| index.crates.io:443 | |
| motd.ubuntu.com:443 | |
| packages.microsoft.com:443 | |
| ppa.launchpadcontent.net:443 | |
| static.crates.io:443 | |
| static.rust-lang.org:443 | |
| - name: checkout | |
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
| - name: cargo cache | |
| uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
| continue-on-error: false | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: audit-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: audit-${{ matrix.target }}-cargo- | |
| - name: audit | |
| uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # v1.2.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: OSSF scorecard action | |
| uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 | |
| with: | |
| results_file: results.sarif | |
| results_format: sarif | |
| publish_results: true | |
| - name: upload to code-scanning | |
| uses: github/codeql-action/upload-sarif@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 | |
| with: | |
| sarif_file: results.sarif | |