ci: up ver runner image #19992
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: All | |
permissions: | |
contents: read | |
on: | |
merge_group: | |
pull_request: | |
push: | |
branches: | |
- develop | |
workflow_dispatch: | |
inputs: | |
commit_sha: | |
description: Git commit sha, on which, to run this workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
lint_commits: | |
name: All - lint_commits | |
runs-on: ubuntu-22.04 | |
# We assume that commit 2fd0d36fe6ae0c2d527368683ec3a6352617b381 will be in the history | |
# of all commits based on ockam develop branch | |
# https://github.com/build-trust/ockam/commit/2fd0d36fe6ae0c2d527368683ec3a6352617b381 | |
env: | |
FIRST_COMMIT: 2fd0d36fe6ae0c2d527368683ec3a6352617b381 | |
CONTRIBUTORS_CSV_PATH: .github/CONTRIBUTORS.csv | |
COMMITLINT_CONFIG_PATH: tools/commitlint/commitlint.config.js | |
steps: | |
- name: Check Commit Lint | |
uses: build-trust/.github/actions/commit_lint@0455ed96606ee7021639e74a1ae0289a30e33d86 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
lint_editorconfig: | |
name: All - lint_editorconfig | |
runs-on: ubuntu-22.04 | |
container: # gitlab.com/greut/eclint | |
image: greut/eclint:v0.3.3@sha256:95e9a3dcbd236bae6569625cd403175cbde3705303774e7baca418b6442b8d77 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
ref: ${{ github.event.inputs.commit_sha }} | |
- shell: sh | |
run: eclint -color=always | |
# Semgrep is a static analysis tool to lint code for patterns we want to forbid | |
# https://github.com/returntocorp/semgrep | |
lint_semgrep: | |
name: All - lint_semgrep | |
runs-on: ubuntu-22.04 | |
container: | |
image: returntocorp/semgrep@sha256:2fd35fa409f209e0fea0c2d72cf1e5b801a607959a93b13d04822bb3b6a9dfe4 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
ref: ${{ github.event.inputs.commit_sha }} | |
- name: Run Semgrep | |
# Bash is not available in the specified docker image of semgrep | |
shell: sh | |
# .semgrepignore is not processed outside of working directory. See https://github.com/returntocorp/semgrep/issues/5669 | |
run: | | |
mv tools/semgrep/.semgrepignore . & \ | |
semgrep --verbose --config="r2c" --config="tools/semgrep/rules/example.yaml" | |
# Check notice file for update | |
notice_update: | |
name: All - notice_update | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Update Notice File | |
shell: nix shell nixpkgs#jq nixpkgs#cargo-deny --command bash {0} | |
run: make notice_file_update | |
- name: Fail if notice update needed | |
shell: bash | |
run: | | |
set -ex | |
git diff --exit-code NOTICE.md &> /dev/null || \ | |
{ \ | |
echo "NOTICE file outdated"; \ | |
git diff; | |
exit 1; \ | |
} | |
check_crates: | |
runs-on: ubuntu-latest | |
name: All - check_crates | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y jq | |
- name: Install Rust | |
uses: actions-rs/toolchain@88dc2356392166efad76775c878094f4e83ff746 | |
with: | |
toolchain: stable | |
profile: minimal | |
override: true | |
- name: Install tomlq | |
run: cargo install --locked tomlq --version 0.1.0 | |
- name: Check for CHANGELOG.md | |
run: | | |
for crate in $(find implementations/rust/ockam -name Cargo.toml); do | |
dir=$(dirname $crate) | |
if [ ! -f "$dir/CHANGELOG.md" ]; then | |
echo "Error: $dir/CHANGELOG.md is missing" | |
exit 1 | |
fi | |
done | |
- name: Check for README.md | |
run: | | |
for crate in $(find implementations/rust/ockam -name Cargo.toml); do | |
dir=$(dirname $crate) | |
if [ ! -f "$dir/README.md" ]; then | |
echo "Error: $dir/README.md is missing" | |
exit 1 | |
fi | |
done | |
- name: Validate Cargo.toml categories | |
run: | | |
allowed_categories=" | |
accessibility | |
aerospace | |
drones | |
protocols | |
simulation | |
space-protocols | |
unmanned-aerial-vehicles | |
algorithms | |
api-bindings | |
asynchronous | |
authentication | |
caching | |
command-line-interface | |
command-line-utilities | |
compilers | |
compression | |
computer-vision | |
concurrency | |
config | |
cryptography | |
cryptocurrencies | |
data-structures | |
database | |
database-implementations | |
date-and-time | |
development-tools | |
build-utils | |
cargo-plugins | |
debugging | |
ffi | |
procedural-macro-helpers | |
profiling | |
testing | |
embedded | |
emulators | |
encoding | |
external-ffi-bindings | |
filesystem | |
finance | |
game-development | |
game-engines | |
games | |
graphics | |
gui | |
hardware-support | |
internationalization | |
localization | |
mathematics | |
memory-management | |
multimedia | |
audio | |
encoding | |
images | |
video | |
network-programming | |
no-std | |
no-std::no-alloc | |
os | |
android-apis | |
freebsd-apis | |
linux-apis | |
macos-apis | |
unix-apis | |
windows-apis | |
parser-implementations | |
parsing | |
rendering | |
rendering::data-formats | |
rendering::engine | |
rendering::graphics-api | |
rust-patterns | |
science | |
bioinformatics | |
genomics | |
proteomics | |
sequence-analysis | |
geo | |
neuroscience | |
robotics | |
simulation | |
template-engine | |
text-editors | |
text-processing | |
value-formatting | |
virtualization | |
visualization | |
wasm | |
web-programming | |
http-client | |
http-server | |
websocket | |
" | |
for crate in $(find implementations/rust/ockam -name Cargo.toml); do | |
categories=$(tomlq package.categories -f "$crate" | jq -r '.[]') | |
for category in $categories; do | |
if ! echo "$allowed_categories" | grep -q "$category"; then | |
echo "Error: $crate contains invalid category $category" | |
exit 1 | |
fi | |
done | |
done | |
- name: Check Cargo.toml To Ensure That All 3rd Party Crates Have Specified Versions | |
run: | | |
set -ex | |
cargo install [email protected] | |
regex="^[\^|=]*[0-9]+(\.[0-9]+)*(\.[0-9]+)*" | |
for crate in $(find implementations/rust/ockam -name Cargo.toml); do | |
deps=$(toml2json <<< cat "$crate" | jq -r '.dependencies') | |
dev_deps=$(toml2json <<< cat "$crate" | jq -r ".\"dev-dependencies\"") | |
dependencies=$(echo "$deps $dev_deps" | jq -s add) | |
dependencies=$(toml2json <<< cat "$crate" | jq -r '.dependencies') | |
dependencies_keys=$(echo $dependencies | jq -r 'keys') | |
dependencies_keys_len=$(echo $dependencies | jq -r 'keys | length') | |
for ((i=0; i<$dependencies_keys_len; i++)); do | |
crate_name=$(jq -r ".[$i]" <<< $dependencies_keys) | |
version=$(jq -r ".\"$crate_name\".version" <<< $dependencies || jq -r ".\"$crate_name\"" <<< $dependencies) | |
# It is mandatory that to publish to the crates.io repository, all our dependencies must have a version specified (must have been published to crates.io) | |
if [[ $version =~ $regex ]]; then | |
echo "crate_name: $crate_name" | |
echo "version: $version" | |
else | |
echo "No version found for $crate_name $version in crate $crate" | |
exit 1 | |
fi | |
done | |
done |