Skip to content

fix: Audit 11/27

fix: Audit 11/27 #4628

Workflow file for this run

name: Rust
on:
push:
branches:
- master
pull_request:
paths:
- .cargo/config.toml
- .github/workflows/rust.yml
- crates/**
- legacy/**
- tests/**
- Cargo.lock
- Cargo.toml
- rust-toolchain.toml
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-wasm:
name: Build WASM
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: moonrepo/setup-rust@v1
with:
bins: just,cargo-wasi
cache: false
- run: rustup target add wasm32-wasi
- name: Building crates
run: just build-wasm
format:
name: Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: moonrepo/setup-rust@v1
with:
bins: just
cache: false
components: rustfmt
- name: Check formatting
run: just format-check
lint:
name: Lint
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: moonrepo/setup-rust@v1
with:
bins: just
cache: false
components: clippy
- name: Run linter
run: just lint
test:
name: Test
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [buildjet-4vcpu-ubuntu-2204, self-hosted-laptop-macos-m1, self-hosted-laptop-windows-i7]
fail-fast: false
env:
# sccache
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# RUST_LOG: trace
RUSTC_WRAPPER: ${{ vars.ENABLE_SCCACHE == 'true' && 'sccache' || '' }}
SCCACHE_BUCKET: moon-ci-sccache
SCCACHE_S3_KEY_PREFIX: v1
SCCACHE_GHA_ENABLED: ${{ vars.ENABLE_SCCACHE == 'true' }}
# SCCACHE_LOG: trace
# SCCACHE_NO_DAEMON: 1
SCCACHE_REGION: us-east-2
SCCACHE_S3_SERVER_SIDE_ENCRYPTION: true
steps:
- uses: actions/checkout@v4
- uses: moonrepo/setup-rust@v1
with:
bins: just, cargo-nextest, cargo-llvm-cov
cache: false
components: llvm-tools-preview
- uses: moonrepo/setup-toolchain@v0
with:
auto-install: true
cache: ${{ runner.os == 'Linux' }}
proto-version: '0.42.2' # Keep in sync
- uses: mozilla-actions/[email protected]
if: ${{ vars.ENABLE_SCCACHE == 'true' }}
- name: Checking coverage status
id: coverage
shell: bash
run: echo "coverage=$WITH_COVERAGE" >> $GITHUB_OUTPUT
env:
WITH_COVERAGE: false
# Disabled coverage is it doesn't work well in Linux/Windows
# WITH_COVERAGE:
# ${{ (github.event_name == 'pull_request' && contains(github.head_ref, 'develop-') ||
# github.event_name == 'push' && github.ref_name == 'master') && runner.os != 'Linux' }}
- name: Run tests
if: ${{ steps.coverage.outputs.coverage == 'false' }}
run: just test-ci
- name: Run tests with coverage
if: ${{ steps.coverage.outputs.coverage == 'true' }}
run: just cov
- name: Generate code coverage
if: ${{ steps.coverage.outputs.coverage == 'true' }}
run: just gen-report
- name: Upload coverage report
uses: actions/upload-artifact@v4
if: ${{ steps.coverage.outputs.coverage == 'true' }}
with:
name: coverage-${{ runner.os }}
path: ./report.txt
if-no-files-found: error
coverage:
if:
${{ github.event_name == 'pull_request' && contains(github.head_ref, 'develop-') ||
github.event_name == 'push' && github.ref_name == 'master' }}
name: Code coverage
runs-on: ubuntu-latest
needs:
- test
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
name: Download coverage reports
with:
path: coverage
- uses: codecov/codecov-action@v4
name: Upload to Codecov
with:
# files: ./coverage/coverage-Linux/report.txt,./coverage/coverage-macOS/report.txt,./coverage/coverage-Windows/report.txt
files: ./coverage/coverage-macOS/report.txt,./coverage/coverage-Windows/report.txt
flags: rust
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true