-
Notifications
You must be signed in to change notification settings - Fork 1
195 lines (182 loc) · 6.29 KB
/
rust.yml
File metadata and controls
195 lines (182 loc) · 6.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
name: Build with Rust and Docker
on:
workflow_call:
inputs:
image-prefix:
description: "The Docker Hub Repository prefix to push to, e.g samply/"
required: true
type: string
profile:
required: false
type: string
default: "release"
architectures:
required: false
type: string
default: '[ "amd64", "arm64" ]'
features:
required: false
type: string
default: '[ "" ]'
cache-version:
description: "To invalidate old caches, increase this to v1, v2, ..."
required: false
type: string
default: "v0"
components:
description: 'Name all components here in JSON (e.g. [ "beam-proxy", "beam-broker" ])'
required: true
type: string
test-via-script:
description: "Whether to test via ./dev/test ci [feature]"
required: false
type: boolean
default: false
push-to:
description: "Set to none, docker.io or ghcr.io. By default, will push to dockerhub for branches 'main' and 'develop' and to ghcr for all other branches"
required: false
type: string
default: "auto"
ghcr-retention-policy:
description: "delete GHCR images older than ... (default: '6months'; state 'keep' to skip)"
required: false
default: "6months"
type: string
cargo-fmt-check:
description: "Whether to check code style with cargo fmt"
required: false
type: boolean
default: false
secrets:
DOCKERHUB_USERNAME:
required: true
DOCKERHUB_TOKEN:
required: true
env:
PROFILE: ${{ inputs.profile }}
jobs:
pre-check:
name: Security, License Check
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v5
- name: Write deny.toml
run: |
if [[ -f "deny.toml" ]]; then
echo "::warning title=cargo-deny::File deny.toml exists and will be ignored by CI! Consider removing it from your project!"
fi
cat <<EOF > deny.toml
[licenses]
version = 2
allow = [
"MIT",
"Apache-2.0",
"ISC",
"BSD-2-Clause",
"BSD-3-Clause",
"Unicode-DFS-2016",
"Unicode-3.0",
"Zlib",
"OpenSSL",
"MPL-2.0",
"CDLA-Permissive-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSL-1.0"
]
[sources.allow-org]
github = ["samply"]
[advisories]
ignore = [
{ id = "RUSTSEC-2023-0071", reason = "beam needs it to build" },
{ id = "RUSTSEC-2024-0384", reason = "transative dep of beam"},
{ id = "RUSTSEC-2024-0436", reason = "paste is unmaintained but focus transitively depends on it" },
]
EOF
- uses: EmbarkStudios/cargo-deny-action@v2
build:
strategy:
matrix:
arch: ${{ fromJSON(inputs.architectures) }}
features: ${{ fromJSON(inputs.features) }}
uses: ./.github/workflows/rust-inner.yml
with:
architecture: ${{ matrix.arch }}
features: ${{ matrix.features }}
profile: ${{ inputs.profile }}
test:
name: Test
needs: [build]
runs-on: ubuntu-22.04
strategy:
matrix:
features: ${{ fromJSON(inputs.features) }}
steps:
- uses: actions/checkout@v5
- name: Download bins
uses: actions/download-artifact@v5
with:
name: binaries-amd64-${{ matrix.features }}
path: artifacts/binaries-amd64/
- name: Download tests
uses: actions/download-artifact@v5
with:
name: testbinaries-amd64-${{ matrix.features }}
path: testbinaries/
- name: Run tests via cargo
if: ${{ ! inputs.test-via-script }}
run: |
for testbin in testbinaries/*; do
chmod +x $testbin
$testbin
done
- name: Run tests via script
if: ${{ inputs.test-via-script }}
run: |
./dev/test ci ${{ matrix.features && format('--features {0}', matrix.features) }}
cargo-fmt-check:
name: Cargo fmt check
if: ${{ inputs.cargo-fmt-check }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --all --check
docker:
name: Docker
needs: [build, pre-check, test]
if: ${{ inputs.push-to }}
strategy:
matrix:
components: ${{ fromJSON(inputs.components) }}
features: ${{ fromJSON(inputs.features) }}
# This workflow defines how a maven package is built, tested and published.
# Visit: https://github.com/samply/github-workflows/blob/develop/.github/workflows/docker-ci.yml, for more information
uses: ./.github/workflows/docker-ci.yml
with:
# The Docker Hub Repository you want eventually push to, e.g samply/share-client
image-name: ${{ inputs.image-prefix }}${{ matrix.components }}
image-tag-suffix: ${{ matrix.features && format('-{0}', matrix.features) }}
# Define special prefixes for docker tags. They will prefix each images tag.
# image-tag-prefix: "foo"
# Define the build context of your image, typically default '.' will be enough
# build-context: '.'
# Define the Dockerfile of your image, typically default './Dockerfile' will be enough
build-file: "./Dockerfile"
# NOTE: This doesn't work currently
# A list of build arguments, passed to the docker build
build-args: |
FEATURE=-${{ matrix.features }}
COMPONENT=${{ matrix.components }}
# Define the target platforms of the docker build (default "linux/amd64,linux/arm64/v8")
# build-platforms: ${{ env.build_platforms }}
build-platforms-short: ${{ inputs.architectures }}
# If your actions generate an artifact in a previous build step, you can tell this workflow to download it
artifact-name: "*"
binary-name: ${{ matrix.components }}
push-to: ${{ inputs.push-to }}
ghcr-retention-policy: ${{ inputs.ghcr-retention-policy }}
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}