From 2b28e216f7c83cd88e16dca042b304198e58278e Mon Sep 17 00:00:00 2001 From: Savannah Jackson Date: Wed, 4 Jan 2023 14:00:07 -0600 Subject: [PATCH 1/2] first try --- .github/CODEOWNERS | 1 + .github/dependabot.yml | 20 ++++ .github/workflow/audit.yml | 18 ++++ .github/workflow/bench.yml | 58 +++++++++++ .github/workflow/coverage.yml | 61 +++++++++++ .github/workflow/docker.yml | 117 +++++++++++++++++++++ .github/workflow/release.yml | 141 ++++++++++++++++++++++++++ .github/workflow/tests_and_checks.yml | 103 +++++++++++++++++++ 8 files changed, 519 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/dependabot.yml create mode 100644 .github/workflow/audit.yml create mode 100644 .github/workflow/bench.yml create mode 100644 .github/workflow/coverage.yml create mode 100644 .github/workflow/docker.yml create mode 100644 .github/workflow/release.yml create mode 100644 .github/workflow/tests_and_checks.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..9b6d8eb --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @fission-codes/development \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b1ec0d9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +version: 2 + +updates: + - package-ecosystem: "cargo" + directory: "/" + commit-message: + prefix: "chore" + include: "scope" + target-branch: "main" + schedule: + interval: "weekly" + + - package-ecosystem: "github-actions" + directory: "/" + commit-message: + prefix: "chore(ci)" + include: "scope" + target-branch: "main" + schedule: + interval: "weekly" \ No newline at end of file diff --git a/.github/workflow/audit.yml b/.github/workflow/audit.yml new file mode 100644 index 0000000..aaaf74f --- /dev/null +++ b/.github/workflow/audit.yml @@ -0,0 +1,18 @@ +name: ๐Ÿ›ก Audit-Check + +on: + schedule: + - cron: '0 0 * * *' + +jobs: + security-audit: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Run Audit-Check + uses: rustsec/audit-check@v0.1.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflow/bench.yml b/.github/workflow/bench.yml new file mode 100644 index 0000000..8d42846 --- /dev/null +++ b/.github/workflow/bench.yml @@ -0,0 +1,58 @@ +name: ๐Ÿ“ˆ Benchmark + +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + benchmark: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: stable + + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Run Benchmark + run: cargo bench --features test_utils -- --output-format bencher | tee output.txt + + - name: Upload Benchmark Result Artifact + uses: actions/upload-artifact@v3 + with: + name: bench_result + path: output.txt + + - name: Create gh-pages Branch + uses: peterjgrainger/action-create-branch@v2.3.0 + env: + GITHUB_TOKEN: {{ "${{ secrets.GITHUB_TOKEN " }}}} + with: + branch: gh-pages + + - name: Store Benchmark Result + uses: benchmark-action/github-action-benchmark@v1 + with: + name: Rust Benchmark + tool: 'cargo' + output-file-path: output.txt + github-token: {{ "${{ secrets.GITHUB_TOKEN " }}}} + auto-push: {{ "${{ github.event_name == 'push' " }}&& github.repository == '{{github-name}}/{{repo-name}}' && github.ref == 'refs/heads/main' }} + alert-threshold: '200%' + comment-on-alert: true + fail-on-alert: true + alert-comment-cc-users: '@{{github-codeowner}}' \ No newline at end of file diff --git a/.github/workflow/coverage.yml b/.github/workflow/coverage.yml new file mode 100644 index 0000000..653f860 --- /dev/null +++ b/.github/workflow/coverage.yml @@ -0,0 +1,61 @@ +name: โ˜‚ Code Coverage + +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + coverage: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: nightly + components: llvm-tools-preview + profile: minimal + + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Generate Code coverage + env: + CARGO_INCREMENTAL: '0' + LLVM_PROFILE_FILE: "{{project-name}}-%p-%m.profraw" + RUSTFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests' + RUSTDOCFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests' + run: cargo test --all-features + + - name: Install grcov + run: "curl -L https://github.com/mozilla/grcov/releases/download/v0.8.12/grcov-x86_64-unknown-linux-gnu.tar.bz2 | tar jxf -" + + - name: Run grcov + run: "./grcov . --llvm --binary-path target/debug/ -s . -t lcov --branch --ignore-not-existing --ignore '/*' -o lcov.info" + + - name: Install covfix + uses: actions-rs/install@v0.1 + with: + crate: rust-covfix + use-tool-cache: true + + - name: Run covfix + run: rust-covfix lcov.info -o lcov.info --verbose + + - name: Upload to codecov.io + uses: codecov/codecov-action@v3 + with: + token: {{ "${{ secrets.CODECOV_TOKEN " }}}} + fail_ci_if_error: true + files: lcov.info \ No newline at end of file diff --git a/.github/workflow/docker.yml b/.github/workflow/docker.yml new file mode 100644 index 0000000..3c2e84a --- /dev/null +++ b/.github/workflow/docker.yml @@ -0,0 +1,117 @@ +name: ๐Ÿณ Docker + +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + build-docker: + runs-on: ubuntu-latest + if: {{ "${{ github.event_name == 'pull_request' " }}}} + + env: + DOCKER_BUILDKIT: 1 + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + # https://github.com/docker/setup-qemu-action + - name: Setup QEMU + uses: docker/setup-qemu-action@v2 + + # https://github.com/docker/setup-buildx-action + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + with: + buildkitd-flags: "--debug" + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: {{ "${{ github.repository_owner " }}}} + password: {{ "${{ secrets.GITHUB_TOKEN " }}}} + + - name: Docker Build + uses: docker/build-push-action@v3 + with:{% if dockerbuild == "glibc" %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye + DEBIAN_TAG=bullseye-slim + {% else %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye{% endif %} + cache-from: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + cache-to: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest,mode=max + context: .{% if dockerbuild == "glibc" %} + # We don't add `linux/arm64` here, as it can cause GitHub runners to + # stall for too long. + platforms: linux/amd64 + {% else %} + platforms: linux/amd64, linux/arm64{% endif %} + push: false + tags: | + {{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + push-docker-build: + runs-on: ubuntu-latest + if: {{ "${{ github.event_name == 'push' " }}}} + + env: + DOCKER_BUILDKIT: 1 + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + # https://github.com/docker/setup-qemu-action + - name: Setup QEMU + uses: docker/setup-qemu-action@v2 + + # https://github.com/docker/setup-buildx-action + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + with: + buildkitd-flags: "--debug" + + - name: Login to Dockerhub + uses: docker/login-action@v2 + with: + username: {{ "${{ secrets.DOCKERHUB_USERNAME " }}}} + password: {{ "${{ secrets.DOCKERHUB_TOKEN " }}}} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: {{ "${{ github.repository_owner " }}}} + password: {{ "${{ secrets.GITHUB_TOKEN " }}}} + + - name: Docker Build and Push + uses: docker/build-push-action@v3 + with:{% if dockerbuild == "glibc" %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye + DEBIAN_TAG=bullseye-slim + {% else %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye{% endif %} + cache-from: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + cache-to: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest,mode=max + context: .{% if dockerbuild == "glibc" %} + # We don't add `linux/arm64` here, as it can cause GitHub runners to + # stall for too long. + platforms: linux/amd64 + {% else %} + platforms: linux/amd64, linux/arm64{% endif %} + push: true + tags: | + {{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest \ No newline at end of file diff --git a/.github/workflow/release.yml b/.github/workflow/release.yml new file mode 100644 index 0000000..a8bc6f2 --- /dev/null +++ b/.github/workflow/release.yml @@ -0,0 +1,141 @@ +name: ๐Œš Release + +on: + workflow_dispatch: + inputs: + force-publish: + required: true + type: boolean + description: Publish Releases at Anytime + + workflow_run: + workflows: [ ๐Ÿงช Tests and Checks ] + branches: [main] + types: [ completed ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + release-please: + runs-on: ubuntu-latest + if: > + github.ref == 'refs/heads/main' && + github.repository_owner == '{{github-name}}' && + github.event.workflow_run.conclusion == 'success' + outputs: + release_created: {{ "${{ steps.release.outputs.release_created " }}}}{% if auditable %} + tag: {{ "${{ steps.release.outputs.tag_name " }}}}{% endif %} + + steps: + - name: Run release-please + id: release + uses: google-github-actions/release-please-action@v3 + with: + token: {{ "${{ secrets.GITHUB_TOKEN " }}}} + default-branch: main + command: manifest + extra-files: | + README.md +{% if auditable %} + # Build auditable (https://github.com/rust-secure-code/cargo-auditable) binaries across os's/target's. + build-and-release-auditable-bin: + runs-on: {{ "${{ matrix.os " }}}} + needs: [ release-please, publish-release ] + + permissions: + contents: write + + if: {{ "${{ needs.release-please.outputs.release_created " }}|| github.event.inputs.force-publish }} + + strategy: + fail-fast: false + matrix: + include: + - target: aarch64-unknown-linux-gnu + os: ubuntu-latest + - target: aarch64-unknown-linux-musl + os: ubuntu-latest + - target: x86_64-unknown-linux-gnu + os: ubuntu-latest + - target: x86_64-unknown-linux-musl + os: ubuntu-latest + - target: x86_64-apple-darwin + os: macos-latest + - target: aarch64-apple-darwin + os: macos-latest + - target: x86_64-pc-windows-msvc + os: windows-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install cargo tools + uses: actions-rs/cargo@v1 + with: + command: install + args: cargo-auditable + + - name: Install Cross-Compilation Tools + uses: taiki-e/setup-cross-toolchain-action@v1 + with: + target: {{ "${{ matrix.target " }}}} + if: startsWith(matrix.os, 'ubuntu') && !contains(matrix.target, '-musl') + + - name: Install cross for Musl + uses: taiki-e/install-action@cross + if: contains(matrix.target, '-musl') + + - name: Build Auditable Binary + uses: actions-rs/cargo@v1 + with: + command: auditable + args: build --release + + - name: Upload release binaries + uses: taiki-e/upload-rust-binary-action@v1 + with: + bin: {{project-name}} + ref: refs/tags/{{ "${{ needs.release-please.outputs.tag " }}}} + include: {% if license == "dual" %}LICENSE-MIT,LICENSE-APACHE,README.md{% else %}LICENSE,README.md{% endif %} + archive: $bin-$tag-$target + target: {{ "${{ matrix.target " }}}} + token: {{ "${{ secrets.GITHUB_TOKEN " }}}} + env: + CARGO_PROFILE_RELEASE_LTO: true + CARGO_PROFILE_RELEASE_CODEGEN_UNITS: 1 +{% endif %} + publish-release: + runs-on: ubuntu-latest + needs: [ release-please ] + + permissions: + contents: write + + if: {{ "${{ needs.release-please.outputs.release_created " }}|| github.event.inputs.force-publish }} + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + profile: minimal + toolchain: stable + + - name: Verify Publishing of crate + uses: katyo/publish-crates@v1 + with: + dry-run: true + + - name: Cargo Publish to crates.io + uses: katyo/publish-crates@v1 + with: + registry-token: {{ "${{ secrets.CARGO_REGISTRY_TOKEN " }}}} \ No newline at end of file diff --git a/.github/workflow/tests_and_checks.yml b/.github/workflow/tests_and_checks.yml new file mode 100644 index 0000000..15af803 --- /dev/null +++ b/.github/workflow/tests_and_checks.yml @@ -0,0 +1,103 @@ +name: ๐Ÿงช Tests and Checks + +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + run-checks: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + rust-toolchain: + - stable + - nightly + # minimum version + - 1.64 + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + # Smarter caching action, speeds up build times compared to regular cache: + # https://github.com/Swatinem/rust-cache + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + # Widely adopted suite of Rust-specific boilerplate actions, especially + # toolchain/cargo use: https://actions-rs.github.io/ + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + components: rustfmt, clippy + toolchain: ${{ matrix.rust-toolchain }} + + - name: Check Format + uses: actions-rs/cargo@v1 + with: + args: --all -- --check + command: fmt + toolchain: ${{ matrix.rust-toolchain }} + + - name: Run Linter + uses: actions-rs/cargo@v1 + with: + args: --all -- -D warnings + command: clippy + toolchain: ${{ matrix.rust-toolchain }} + + # Check for security advisories + - name: Check Advisories + if: ${{ matrix.rust-toolchain == 'stable' }} + uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check advisories + continue-on-error: true + + # Audit licenses, unreleased crates, and unexpected duplicate versions. + - name: Check Bans, Licenses, and Sources + if: ${{ matrix.rust-toolchain == 'stable' }} + uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check bans licenses sources + + # Only "test" release build on push event. + - name: Test Release + if: ${{ matrix.rust-toolchain == 'stable' && github.event_name == 'push' }} + run: cargo build --release + + run-tests: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + rust-toolchain: + - stable + - nightly + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install Environment Packages + run: | + sudo apt-get update -qqy + sudo apt-get install jq + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: ${{ matrix.rust-toolchain }} + + - name: Run Tests + run: cargo test --all-features From ca3224031344a9ec21c452910a2044ef40aae20f Mon Sep 17 00:00:00 2001 From: Savannah Jackson Date: Fri, 20 Jan 2023 22:53:09 -0600 Subject: [PATCH 2/2] Removed Templating Stuff --- .github/workflow/bench.yml | 58 ------------------------------ .github/workflow/docker.yml | 2 -- .github/workflow/release.yml | 69 ------------------------------------ 3 files changed, 129 deletions(-) delete mode 100644 .github/workflow/bench.yml diff --git a/.github/workflow/bench.yml b/.github/workflow/bench.yml deleted file mode 100644 index 8d42846..0000000 --- a/.github/workflow/bench.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: ๐Ÿ“ˆ Benchmark - -on: - push: - branches: [ main ] - - pull_request: - branches: [ '*' ] - -concurrency: - group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} - cancel-in-progress: true - -jobs: - benchmark: - runs-on: ubuntu-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v3 - - - name: Install Rust Toolchain - uses: actions-rs/toolchain@v1 - with: - override: true - toolchain: stable - - - name: Cache Project - uses: Swatinem/rust-cache@v2 - - - name: Run Benchmark - run: cargo bench --features test_utils -- --output-format bencher | tee output.txt - - - name: Upload Benchmark Result Artifact - uses: actions/upload-artifact@v3 - with: - name: bench_result - path: output.txt - - - name: Create gh-pages Branch - uses: peterjgrainger/action-create-branch@v2.3.0 - env: - GITHUB_TOKEN: {{ "${{ secrets.GITHUB_TOKEN " }}}} - with: - branch: gh-pages - - - name: Store Benchmark Result - uses: benchmark-action/github-action-benchmark@v1 - with: - name: Rust Benchmark - tool: 'cargo' - output-file-path: output.txt - github-token: {{ "${{ secrets.GITHUB_TOKEN " }}}} - auto-push: {{ "${{ github.event_name == 'push' " }}&& github.repository == '{{github-name}}/{{repo-name}}' && github.ref == 'refs/heads/main' }} - alert-threshold: '200%' - comment-on-alert: true - fail-on-alert: true - alert-comment-cc-users: '@{{github-codeowner}}' \ No newline at end of file diff --git a/.github/workflow/docker.yml b/.github/workflow/docker.yml index 3c2e84a..2128c72 100644 --- a/.github/workflow/docker.yml +++ b/.github/workflow/docker.yml @@ -1,5 +1,3 @@ -name: ๐Ÿณ Docker - on: push: branches: [ main ] diff --git a/.github/workflow/release.yml b/.github/workflow/release.yml index a8bc6f2..da1897d 100644 --- a/.github/workflow/release.yml +++ b/.github/workflow/release.yml @@ -38,75 +38,6 @@ jobs: command: manifest extra-files: | README.md -{% if auditable %} - # Build auditable (https://github.com/rust-secure-code/cargo-auditable) binaries across os's/target's. - build-and-release-auditable-bin: - runs-on: {{ "${{ matrix.os " }}}} - needs: [ release-please, publish-release ] - - permissions: - contents: write - - if: {{ "${{ needs.release-please.outputs.release_created " }}|| github.event.inputs.force-publish }} - - strategy: - fail-fast: false - matrix: - include: - - target: aarch64-unknown-linux-gnu - os: ubuntu-latest - - target: aarch64-unknown-linux-musl - os: ubuntu-latest - - target: x86_64-unknown-linux-gnu - os: ubuntu-latest - - target: x86_64-unknown-linux-musl - os: ubuntu-latest - - target: x86_64-apple-darwin - os: macos-latest - - target: aarch64-apple-darwin - os: macos-latest - - target: x86_64-pc-windows-msvc - os: windows-latest - - steps: - - name: Checkout Repository - uses: actions/checkout@v3 - - - name: Install cargo tools - uses: actions-rs/cargo@v1 - with: - command: install - args: cargo-auditable - - - name: Install Cross-Compilation Tools - uses: taiki-e/setup-cross-toolchain-action@v1 - with: - target: {{ "${{ matrix.target " }}}} - if: startsWith(matrix.os, 'ubuntu') && !contains(matrix.target, '-musl') - - - name: Install cross for Musl - uses: taiki-e/install-action@cross - if: contains(matrix.target, '-musl') - - - name: Build Auditable Binary - uses: actions-rs/cargo@v1 - with: - command: auditable - args: build --release - - - name: Upload release binaries - uses: taiki-e/upload-rust-binary-action@v1 - with: - bin: {{project-name}} - ref: refs/tags/{{ "${{ needs.release-please.outputs.tag " }}}} - include: {% if license == "dual" %}LICENSE-MIT,LICENSE-APACHE,README.md{% else %}LICENSE,README.md{% endif %} - archive: $bin-$tag-$target - target: {{ "${{ matrix.target " }}}} - token: {{ "${{ secrets.GITHUB_TOKEN " }}}} - env: - CARGO_PROFILE_RELEASE_LTO: true - CARGO_PROFILE_RELEASE_CODEGEN_UNITS: 1 -{% endif %} publish-release: runs-on: ubuntu-latest needs: [ release-please ]