-
Notifications
You must be signed in to change notification settings - Fork 5
255 lines (236 loc) · 8.6 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
---
name: ci
permissions: write-all
on:
merge_group:
pull_request:
push:
branches:
- master
- dev
- staging
schedule:
- cron: "0 1 * * *"
workflow_dispatch:
concurrency:
group:
${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_TEST_THREADS: 1
RUSTDOCFLAGS: -D warnings
RUSTFLAGS: -D warnings
RUSTUP_MAX_RETRIES: 10
RUST_LOG: info
defaults:
run:
shell: bash
jobs:
test-versions:
name: Test Suite on ${{ matrix.rust }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
# if you have an MSRV, you can of course include it here too.
rust: [stable, beta, nightly]
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
with:
toolchain: ${{ matrix.rust }}
components: rust-src
- uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: cargo-hack
- uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: nextest
- uses: Swatinem/rust-cache@378c8285a4eaf12899d11bea686a763e906956af
with:
key: ${{ matrix.rust }}
# - run: cargo hack nextest run --no-capture --each-feature --profile ci
- run: cargo nextest run --no-capture --all-features --profile ci
timeout-minutes: 15
msrv:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
persist-credentials: false
- uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: cargo-hack
- run:
# cargo hack build -vvv --workspace --feature-powerset --optional-deps
# --ignore-private --no-dev-deps --version-range ..
cargo hack build -vvv --workspace --all-features --ignore-private
--no-dev-deps --version-range ..
tidy:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
with:
toolchain: nightly
components: clippy,rustfmt
- uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: cargo-hack
- uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: cargo-minimal-versions
- run: cargo fmt --all --check
if: always()
- run: cargo clippy --workspace --all-targets
if: always()
- run: cargo minimal-versions build --workspace --ignore-private
if: always()
docs:
name: Docs
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
with:
toolchain: stable
- uses: Swatinem/rust-cache@378c8285a4eaf12899d11bea686a763e906956af
- name: Check documentation
env:
RUSTDOCFLAGS: -D warnings
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72
with:
command: doc
args: --no-deps --document-private-items --workspace --examples
publish-dry-run:
name: Publish dry run
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
with:
toolchain: stable
- uses: Swatinem/rust-cache@378c8285a4eaf12899d11bea686a763e906956af
- uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72
with:
command: publish
args: --dry-run -p stratum-server
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
with:
toolchain: nightly
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: cargo-llvm-cov
- uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352
with:
tool: nextest
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2
- name: Generate code coverage
run: |
cargo llvm-cov clean --workspace
cargo llvm-cov nextest --profile ci --no-report --all-features
cargo llvm-cov report --lcov --output-path lcov.info
- name: Upload coverage to Codecov
uses: codecov/codecov-action@98ab2c591b94478f4c3606d68ff73601df85ec43
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: lcov.info
fail_ci_if_error: true
bloat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
with:
toolchain:
stable
# @todo potentially switch these with Swatinem rust-cache see above.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
with:
path: ~/.cargo/registry
key:
bloat-${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock')
}}
- name: Cache cargo index
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4
with:
path: ~/.cargo/git
key:
bloat-${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Run cargo bloat
if: ${{ github.event_name != 'schedule' }}
# @todo For security, let's fork this into the OpenPoolProject/actions
# folder - the original (this is a fork) no longer works because it uses
# a 3rd parter server to cache builds that is no longer existant.
uses: Kobzol/cargo-bloat-action@85b93f37dec06662054e045b5cf1d79cfdb0d748
with:
token: ${{ secrets.GITHUB_TOKEN }}
bloat_args: -p stratum-server --release --example basic
cargo-deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- uses: EmbarkStudios/cargo-deny-action@748857f070c53667b2b8de8bdf468ac75a6b757c # v1
ci-success:
name: ci
if: success()
needs:
- test-versions
- msrv
- tidy
- docs
- publish-dry-run
- coverage
- bloat
- cargo-deny
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Mark the job as a success
run: exit 0