feat(github-action): Update dependencies and build (#555) #818
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request | |
on: | |
push: | |
branches: [main, development] | |
paths-ignore: | |
- 'guard/ts-lib/**' | |
pull_request: | |
branches: [main, development] | |
paths-ignore: | |
- 'guard/ts-lib/**' | |
env: | |
CARGO_TERM_COLOR: always | |
FUZZ_TIME: 420 | |
jobs: | |
build: | |
name: Build all crates & run unit tests | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, macos-13-xlarge, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: set git to use LF | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v2 | |
- name: Build all crates on ${{ matrix.os }} | |
run: cargo build --release --verbose | |
- name: Run unit tests ${{ matrix.os }} | |
run: cargo test --verbose | |
shellcheck: | |
name: Shellcheck | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Shellcheck | |
run: shellcheck install-guard.sh | |
formatting: | |
name: Formatting check (cargo fmt) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
components: rustfmt | |
- name: Rustfmt Check | |
uses: actions-rust-lang/rustfmt@v1 | |
installScript: | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, macos-13-xlarge] | |
runs-on: ${{ matrix.os }} | |
name: Testing Install Script (install-guard.sh) | |
steps: | |
- uses: actions/checkout@v3 | |
name: Checkout cfn-guard | |
with: | |
path: cloudformation-guard | |
- name: Test install script on ${{ matrix.os }} | |
run: | | |
set -e | |
cd cloudformation-guard | |
sh install-guard.sh | |
installScriptWindows: | |
runs-on: windows-latest | |
name: Testing Windows Install Script (install-guard.ps1) | |
steps: | |
- uses: actions/checkout@v3 | |
name: Checkout cfn-guard | |
with: | |
path: cloudformation-guard | |
- name: Test install script on windows-latest | |
run: | | |
cd cloudformation-guard | |
./install-guard.ps1 | |
linting: | |
name: Linting check (clippy) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
components: clippy | |
- uses: actions-rs/clippy-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: -- -D warnings | |
typocheck: | |
name: Spell Check with Typos | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: crate-ci/typos@master | |
with: | |
files: . | |
config: ./_typos.toml | |
fuzz: | |
strategy: | |
matrix: | |
target: ["guard_dsl", "yaml"] | |
runs-on: ubuntu-latest | |
name: Run Fuzz Checks | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
toolchain: nightly | |
matcher: false | |
rustflags: "" | |
- uses: actions-rs/cargo@v1 | |
name: Install cargo-fuzz | |
with: | |
command: install | |
args: cargo-fuzz | |
- name: fuzz ${{ matrix.target }} | |
run: | | |
cd guard/fuzz | |
cargo +nightly fuzz run fuzz_${{ matrix.target }} -- -max_total_time=${{ env.FUZZ_TIME }} | |
aws-guard-rules-registry-integration-tests-linux-and-macos: | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, macos-13-xlarge] | |
runs-on: ${{ matrix.os }} | |
name: Integration tests against aws-guard-rules-registry | |
steps: | |
- uses: actions/checkout@v3 | |
name: Checkout cfn-guard | |
with: | |
path: cloudformation-guard | |
- name: Build binary | |
run: | | |
cd cloudformation-guard/guard/ | |
cargo build --release | |
- uses: actions/checkout@v3 | |
name: Checkout aws-guard-rules-registry | |
with: | |
repository: aws-cloudformation/aws-guard-rules-registry | |
path: aws-guard-rules-registry | |
ref: main | |
- name: Run integration tests using test command | |
run: | | |
if cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules; then | |
echo "The integration tests for test command have passed." | |
else | |
echo "The integration tests for test command have failed." | |
exit 1 | |
fi | |
- name: Run integration tests using parse-tree command | |
run: | | |
cd aws-guard-rules-registry/rules | |
FAILED_RULES=() | |
SKIPPED_RULES=() | |
rules=( $(find . -type f -name "*.guard") ) | |
for rule in "${rules[@]}" | |
do | |
if [ $(sed -e '/^[ \s]*#.*$/d' $rule | sed -r '/^\s*$/d' | wc -l) -eq 0 ]; then | |
SKIPPED_RULES+=("$rule") | |
elif ../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule; then | |
continue | |
else | |
FAILED_RULES+=("$rule") | |
fi | |
done | |
SKIPPED_RULE_COUNT=${#SKIPPED_RULES[@]} | |
if [ $SKIPPED_RULE_COUNT -gt 0 ]; then | |
echo "The following $SKIPPED_RULE_COUNT rule(s) were skipped because they contained only comments:" | |
for skipped_rule in "${SKIPPED_RULES[@]}" | |
do | |
echo "$skipped_rule" | |
done | |
fi | |
FAILED_RULE_COUNT=${#FAILED_RULES[@]} | |
if [ $FAILED_RULE_COUNT -gt 0 ]; then | |
echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:" | |
for failed_rule in "${FAILED_RULES[@]}" | |
do | |
echo "$failed_rule" | |
done | |
exit 1 | |
else | |
echo "All the rules have succeeded the parse-tree integration tests." | |
fi | |
aws-guard-rules-registry-integration-tests-windows: | |
runs-on: windows-latest | |
name: Integration tests against aws-guard-rules-registry for Windows | |
steps: | |
- uses: actions/checkout@v3 | |
name: Checkout cfn-guard | |
with: | |
path: cloudformation-guard | |
- name: Build binary | |
run: | | |
cd cloudformation-guard/guard/ | |
cargo build --release | |
- uses: actions/checkout@v3 | |
name: Checkout aws-guard-rules-registry | |
with: | |
repository: aws-cloudformation/aws-guard-rules-registry | |
path: aws-guard-rules-registry | |
ref: main | |
- name: Run integration tests using test command | |
run: | | |
if (cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules) { | |
echo "The integration tests for test command have passed." | |
} | |
else { | |
echo "The integration tests for test command have failed." | |
exit 1 | |
} | |
- name: Run integration tests using parse-tree command | |
run: | | |
cd aws-guard-rules-registry/rules | |
$FAILED_RULES = @() | |
$SKIPPED_RULES = @() | |
$rules = @(Get-ChildItem -Path .\ -Filter *.guard -Recurse -File) | |
Foreach ($rule in $rules) { | |
$rule_files_without_comments = (Get-Content $rule.FullName) -replace '^[ \s]*#.*$', '' | |
if ([String]::IsNullOrWhiteSpace($rule_files_without_comments)){ | |
$SKIPPED_RULES += "$rule" | |
} | |
elseif (../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule.FullName) { | |
continue | |
} else { | |
$FAILED_RULES += "$rule" | |
} | |
} | |
$SKIPPED_RULE_COUNT = $SKIPPED_RULES.Length | |
if ($SKIPPED_RULE_COUNT -gt 0) { | |
echo "The following `$SKIPPED_RULE_COUNT.Length` rule(s) were skipped because they contained only comments:" | |
echo $SKIPPED_RULES | |
} | |
$FAILED_RULE_COUNT = $FAILED_RULES.Length | |
if ($FAILED_RULE_COUNT -gt 0) { | |
echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:" | |
echo $FAILED_RULES | |
exit 1 | |
} else { | |
echo "All the rules have succeeded the parse-tree integration tests." | |
} |