-
Notifications
You must be signed in to change notification settings - Fork 5
202 lines (187 loc) · 6.48 KB
/
rust.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
name: Rust
on:
pull_request:
# Run CI on the main branch after every merge.
# This is important to fill the GitHub Actions cache in a way that PRs can see it.
push:
branches:
- main
# Run CI on the main branch every Sunday.
schedule:
- cron: '14 3 * * 0'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
CLICOLOR_FORCE: 1
# Disable incremental compilation.
#
# Incremental compilation is useful as part of an edit-build-test-edit cycle,
# as it lets the compiler avoid recompiling code that hasn't changed. However,
# on CI, we're not making small edits; we're almost always building the entire
# project from scratch. Thus, incremental compilation on CI actually
# introduces *additional* overhead to support making future builds
# faster...but no future builds will ever occur in any given CI environment.
#
# See https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow
# for details.
CARGO_INCREMENTAL: 0
# Allow more retries for network requests in cargo (downloading crates) and
# rustup (installing toolchains). This should help to reduce flaky CI failures
# from transient network timeouts or other issues.
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
# Don't emit giant backtraces in the CI logs.
RUST_BACKTRACE: short
RUSTDOCFLAGS: -D warnings
jobs:
diff:
runs-on: [ubuntu-ghcloud]
permissions:
contents: read
pull-requests: read
outputs:
isRust: ${{ steps.diff.outputs.isRust }}
steps:
- uses: actions/checkout@v4
- name: Detect Changes
uses: dorny/[email protected]
id: diff
with:
filters: |
isRust:
- 'crates/**'
- 'Cargo.toml'
- 'Cargo.lock'
- 'rust-toolchain.toml'
- '.github/workflows/rust.yml'
dependencies:
name: Check dependencies
needs: diff
if: ${{ needs.diff.outputs.isRust == 'true' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
# do not check advisories to prevent sudden failure due to new announcement
command: check bans licenses sources
dependencies-schedule:
name: Check dependencies (including vulnerabilities)
needs: diff
if: ${{ github.event_name == 'schedule' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
test:
name: Test Rust code and report coverage
needs: diff
if: ${{ github.event_name == 'schedule' || needs.diff.outputs.isRust == 'true' }}
runs-on: ubuntu-ghcloud
permissions:
contents: read
pull-requests: write
env:
RUSTC_BOOTSTRAP: 1
steps:
- uses: actions/checkout@v4
- uses: "./.github/actions/setup-dependencies"
with:
save-cache: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }}
- run: cargo install [email protected]
- name: Install SCION and run local topology
uses: "./.github/actions/setup-scion"
with:
scion-ref: v0.11.0
id: scion
- name: Run tests (including integration tests) and record coverage
run: >
SCION_DAEMON_ADDRESS=${{ steps.scion.outputs.daemon-address-as111 }}
cargo tarpaulin --workspace --skip-clean
--lib --bins --examples --tests --doc
--out html --out xml
--exclude-files "crates/scion-grpc/*"
--exclude-files "crates/**/tests/*"
--exclude-files "crates/**/benches/*"
-- --include-ignored
- name: Upload coverage report
uses: actions/upload-artifact@v4
with:
name: Coverage report
path: tarpaulin-report.html
- name: Code-coverage report
uses: irongut/[email protected]
with:
filename: cobertura.xml
badge: true
fail_below_min: false
format: markdown
hide_branch_rate: false
hide_complexity: true
indicators: true
output: both
thresholds: '50 75'
- name: Add coverage PR comment
uses: marocchino/sticky-pull-request-comment@v2
if: ${{ github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' }}
with:
path: code-coverage-results.md
- name: Cache SCION binaries
if: ${{ github.ref == 'refs/heads/main' && steps.scion.outputs.cache-hit != 'true' }}
uses: actions/cache/save@v4
with:
path: ${{ steps.scion.outputs.scion-bin-path }}
key: ${{ steps.scion.outputs.cache-primary-key }}
lint:
name: Lint Rust code
needs: diff
if: ${{ github.event_name == 'schedule' || needs.diff.outputs.isRust == 'true' }}
runs-on: ubuntu-ghcloud
steps:
- uses: actions/checkout@v4
- uses: "./.github/actions/setup-dependencies"
with:
save-cache: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }}
- run: cargo install [email protected]
- name: Check formatting with rustfmt
run: >
cargo fmt --all -- --check
--config group_imports=StdExternalCrate,imports_granularity=Crate,imports_layout=HorizontalVertical
- name: Check sorting of dependencies
run: cargo sort -w -c
- name: Lint using clippy (w/o tests)
run: cargo clippy --all-features --no-deps -- -D warnings
- name: Lint using clippy (w/ tests)
run: cargo clippy --all-features --tests --no-deps -- -D warnings
- name: Check documentation
run: cargo doc --no-deps --workspace
build:
name: Build Rust code
needs: diff
if: ${{ github.event_name == 'schedule' || needs.diff.outputs.isRust == 'true' }}
runs-on: ubuntu-ghcloud
steps:
- uses: actions/checkout@v4
- uses: "./.github/actions/setup-dependencies"
with:
save-cache: ${{ github.ref == 'refs/heads/main' && 'true' || 'false' }}
- name: Build Rust code
run: cargo build --verbose
check-all:
name: Check if all Rust jobs succeeded
if: always()
needs:
- diff
- dependencies
- test
- lint
- build
runs-on: ubuntu-latest
steps:
- name: Decide whether all needed jobs succeeded
uses: re-actors/alls-green@release/v1
with:
allowed-skips: ${{ toJSON(needs) }}
jobs: ${{ toJSON(needs) }}