refactor(core): collect runs batched checks #373
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# From https://github.com/actions-rs/meta/blob/edeebc14493689cee04cb6d941c42c36a86e9d18/recipes/quickstart.md | |
name: tests | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
fmt: | |
name: cargo fmt | |
runs-on: ubuntu-latest | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: | | |
rustup component add rustfmt | |
cargo fmt --all -- --check | |
clippy: | |
name: cargo clippy | |
runs-on: ubuntu-latest | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-clippy | |
- run: | | |
rustup component add clippy | |
cargo clippy --all-targets --all-features -- -D warnings | |
test-and-coverage: | |
name: cargo test and coverage | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
actions: read | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-cov | |
- name: Install cargo-llvm-cov | |
uses: taiki-e/install-action@cargo-llvm-cov | |
- name: Run tests and generate coverage report | |
run: cargo llvm-cov test --all-features --workspace --lcov --output-path lcov.info | |
- name: Test documentation code snippets | |
run: cargo test --doc --all-features --workspace | |
- name: Upload coverage to Coveralls | |
uses: coverallsapp/github-action@v2.2.0 | |
with: | |
file: ./lcov.info | |
audit: | |
name: Cargo Audit | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: write | |
pull-requests: write | |
container: | |
image: rust:latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-audit | |
- name: Install Cargo Audit | |
run: | | |
cargo install cargo-audit | |
- name: Generate Cargo Audit Report | |
id: report | |
run: | | |
cargo audit --quiet | tee report.xml | |
body="$(cat report.xml)" | |
delimiter="$(openssl rand -hex 8)" | |
echo "body<<$delimiter" >> $GITHUB_OUTPUT | |
echo "$body" >> $GITHUB_OUTPUT | |
echo "$delimiter" >> $GITHUB_OUTPUT | |
- name: Comment report | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
hide_and_recreate: true | |
hide_classify: "OUTDATED" | |
message: | | |
<b>🤖 Cargo Audit Report 🤖</b> | |
${{ steps.report.outputs.body }} | |
(Empty means OK! 👍) | |
sbom: | |
name: Syft SBOM Generator | |
runs-on: ubuntu-20.04 | |
env: | |
REPO_NAME: ${{ github.event.repository.name }} | |
REPORT_FOLDER: ${{ github.event.repository.name }}-sbom-report | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-sbom | |
- run: | | |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b . | |
mkdir "${{ env.REPORT_FOLDER }}" | |
./syft . --scope all-layers -o cyclonedx-xml=${{ env.REPORT_FOLDER }}/sbom-report.$(date "+%Y.%m.%d-%H.%M").xml | |
./syft . --scope all-layers -o cyclonedx-json=${{ env.REPORT_FOLDER }}/sbom-report.$(date "+%Y.%m.%d-%H.%M").json | |
cp ${{ env.REPORT_FOLDER }}/*.xml sbom-report.xml | |
curl -X 'POST' 'http://34.149.248.118/api/v1/bom' \ | |
-H 'Content-Type: multipart/form-data' \ | |
-H 'X-API-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}' \ | |
-F 'autoCreate=true' \ | |
-F 'projectVersion=1.0' \ | |
-F "projectName=${{ env.REPO_NAME }}" \ | |
-F 'bom=@sbom-report.xml' | |
- uses: 'google-github-actions/auth@v1' | |
with: | |
credentials_json: '${{ secrets.GHA_SA_KEY }}' | |
- uses: 'google-github-actions/upload-cloud-storage@v1' | |
with: | |
process_gcloudignore: false | |
path: '${{ env.REPORT_FOLDER }}/' | |
destination: 'security-sbom' |