Skip to content

feat(github-action): Update dependencies and build (#555) #818

feat(github-action): Update dependencies and build (#555)

feat(github-action): Update dependencies and build (#555) #818

Workflow file for this run

name: Pull Request
on:
push:
branches: [main, development]
paths-ignore:
- 'guard/ts-lib/**'
pull_request:
branches: [main, development]
paths-ignore:
- 'guard/ts-lib/**'
env:
CARGO_TERM_COLOR: always
FUZZ_TIME: 420
jobs:
build:
name: Build all crates & run unit tests
strategy:
matrix:
os: [ubuntu-latest, macos-latest, macos-13-xlarge, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: set git to use LF
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@v2
- name: Build all crates on ${{ matrix.os }}
run: cargo build --release --verbose
- name: Run unit tests ${{ matrix.os }}
run: cargo test --verbose
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Shellcheck
run: shellcheck install-guard.sh
formatting:
name: Formatting check (cargo fmt)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: rustfmt
- name: Rustfmt Check
uses: actions-rust-lang/rustfmt@v1
installScript:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, macos-13-xlarge]
runs-on: ${{ matrix.os }}
name: Testing Install Script (install-guard.sh)
steps:
- uses: actions/checkout@v3
name: Checkout cfn-guard
with:
path: cloudformation-guard
- name: Test install script on ${{ matrix.os }}
run: |
set -e
cd cloudformation-guard
sh install-guard.sh
installScriptWindows:
runs-on: windows-latest
name: Testing Windows Install Script (install-guard.ps1)
steps:
- uses: actions/checkout@v3
name: Checkout cfn-guard
with:
path: cloudformation-guard
- name: Test install script on windows-latest
run: |
cd cloudformation-guard
./install-guard.ps1
linting:
name: Linting check (clippy)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: clippy
- uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: -- -D warnings
typocheck:
name: Spell Check with Typos
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: crate-ci/typos@master
with:
files: .
config: ./_typos.toml
fuzz:
strategy:
matrix:
target: ["guard_dsl", "yaml"]
runs-on: ubuntu-latest
name: Run Fuzz Checks
steps:
- uses: actions/checkout@v3
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: nightly
matcher: false
rustflags: ""
- uses: actions-rs/cargo@v1
name: Install cargo-fuzz
with:
command: install
args: cargo-fuzz
- name: fuzz ${{ matrix.target }}
run: |
cd guard/fuzz
cargo +nightly fuzz run fuzz_${{ matrix.target }} -- -max_total_time=${{ env.FUZZ_TIME }}
aws-guard-rules-registry-integration-tests-linux-and-macos:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, macos-13-xlarge]
runs-on: ${{ matrix.os }}
name: Integration tests against aws-guard-rules-registry
steps:
- uses: actions/checkout@v3
name: Checkout cfn-guard
with:
path: cloudformation-guard
- name: Build binary
run: |
cd cloudformation-guard/guard/
cargo build --release
- uses: actions/checkout@v3
name: Checkout aws-guard-rules-registry
with:
repository: aws-cloudformation/aws-guard-rules-registry
path: aws-guard-rules-registry
ref: main
- name: Run integration tests using test command
run: |
if cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules; then
echo "The integration tests for test command have passed."
else
echo "The integration tests for test command have failed."
exit 1
fi
- name: Run integration tests using parse-tree command
run: |
cd aws-guard-rules-registry/rules
FAILED_RULES=()
SKIPPED_RULES=()
rules=( $(find . -type f -name "*.guard") )
for rule in "${rules[@]}"
do
if [ $(sed -e '/^[ \s]*#.*$/d' $rule | sed -r '/^\s*$/d' | wc -l) -eq 0 ]; then
SKIPPED_RULES+=("$rule")
elif ../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule; then
continue
else
FAILED_RULES+=("$rule")
fi
done
SKIPPED_RULE_COUNT=${#SKIPPED_RULES[@]}
if [ $SKIPPED_RULE_COUNT -gt 0 ]; then
echo "The following $SKIPPED_RULE_COUNT rule(s) were skipped because they contained only comments:"
for skipped_rule in "${SKIPPED_RULES[@]}"
do
echo "$skipped_rule"
done
fi
FAILED_RULE_COUNT=${#FAILED_RULES[@]}
if [ $FAILED_RULE_COUNT -gt 0 ]; then
echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
for failed_rule in "${FAILED_RULES[@]}"
do
echo "$failed_rule"
done
exit 1
else
echo "All the rules have succeeded the parse-tree integration tests."
fi
aws-guard-rules-registry-integration-tests-windows:
runs-on: windows-latest
name: Integration tests against aws-guard-rules-registry for Windows
steps:
- uses: actions/checkout@v3
name: Checkout cfn-guard
with:
path: cloudformation-guard
- name: Build binary
run: |
cd cloudformation-guard/guard/
cargo build --release
- uses: actions/checkout@v3
name: Checkout aws-guard-rules-registry
with:
repository: aws-cloudformation/aws-guard-rules-registry
path: aws-guard-rules-registry
ref: main
- name: Run integration tests using test command
run: |
if (cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules) {
echo "The integration tests for test command have passed."
}
else {
echo "The integration tests for test command have failed."
exit 1
}
- name: Run integration tests using parse-tree command
run: |
cd aws-guard-rules-registry/rules
$FAILED_RULES = @()
$SKIPPED_RULES = @()
$rules = @(Get-ChildItem -Path .\ -Filter *.guard -Recurse -File)
Foreach ($rule in $rules) {
$rule_files_without_comments = (Get-Content $rule.FullName) -replace '^[ \s]*#.*$', ''
if ([String]::IsNullOrWhiteSpace($rule_files_without_comments)){
$SKIPPED_RULES += "$rule"
}
elseif (../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule.FullName) {
continue
} else {
$FAILED_RULES += "$rule"
}
}
$SKIPPED_RULE_COUNT = $SKIPPED_RULES.Length
if ($SKIPPED_RULE_COUNT -gt 0) {
echo "The following `$SKIPPED_RULE_COUNT.Length` rule(s) were skipped because they contained only comments:"
echo $SKIPPED_RULES
}
$FAILED_RULE_COUNT = $FAILED_RULES.Length
if ($FAILED_RULE_COUNT -gt 0) {
echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
echo $FAILED_RULES
exit 1
} else {
echo "All the rules have succeeded the parse-tree integration tests."
}