chore(ci): upgrade audit-check #5943
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
env: | |
CI: true | |
RUSTFLAGS: "-D warnings -D unreachable-pub --cfg tokio_unstable" | |
# This must match the entry in rust-toolchain.toml at the repository root | |
RUSTUP_TOOLCHAIN: "1.81.0" | |
on: | |
pull_request: | |
merge_group: | |
push: | |
branches: | |
- "main" | |
workflow_dispatch: | |
jobs: | |
run_checker: | |
uses: ./.github/workflows/reusable-run-checker.yml | |
protos-compiled: | |
runs-on: ubuntu-22.04 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install `buf` protobuf manager | |
uses: bufbuild/buf-setup-action@v1 | |
with: | |
version: "1.32.0" | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- name: Install just | |
uses: taiki-e/install-action@just | |
- name: Check if protobuf specs compile to commited Rust sources | |
run: | | |
just compile-protos | |
modified=$(git status --porcelain) | |
if [[ -n "$modified" ]]; then | |
echo "ERROR: protobuf specs are out of sync with the commited Rust sources" | |
echo "Recompile locally with \`just compile-protos\` and commit to the repository." | |
echo "Files that reported differences:" | |
echo "$modified" | |
exit 1 | |
fi | |
solidity-contracts-compiled: | |
runs-on: ubuntu-22.04 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- name: Install just | |
uses: taiki-e/install-action@just | |
- name: Check if protobuf specs compile to commited Rust sources | |
run: | | |
just compile-solidity-contracts | |
modified=$(git status --porcelain) | |
if [[ -n "$modified" ]]; then | |
echo "ERROR: solidity contracts are out of sync with the commited Rust sources" | |
echo "Recompile locally with \`just compile-solidity-contracts\` and commit to the repository." | |
echo "Files that reported differences:" | |
echo "$modified" | |
exit 1 | |
fi | |
compiles: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: taiki-e/install-action@v2.15.2 | |
with: | |
tool: cargo-hack@0.5.29 | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- uses: arduino/setup-protoc@v3 | |
with: | |
version: "24.4" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check that each crate compiles individually (circumventing workspace wide dependency resolution) | |
run: | | |
: # exclude all lints because cargo-hack ignores default-members and operates on all workspace members | |
cargo hack check --workspace --all-targets --all-features \ | |
--exclude tracing_debug_field | |
lockfile: | |
runs-on: ubuntu-22.04 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "github" | |
- name: Check that the lockfile is updated | |
run: cargo fetch --locked | |
audit: | |
runs-on: ubuntu-22.04 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_audit == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: rustsec/audit-check@v2.0.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
rust: | |
runs-on: buildjet-8vcpu-ubuntu-2204 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- name: Install nextest | |
uses: taiki-e/install-action@nextest | |
- uses: arduino/setup-protoc@v3 | |
with: | |
version: "24.4" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build tests | |
run: | | |
cargo nextest archive --archive-file=archive.tar.zst --release \ | |
--all-features \ | |
--all-targets | |
- name: Run tests | |
timeout-minutes: 20 | |
run: | | |
cargo nextest run --archive-file=archive.tar.zst | |
rust-ethereum: | |
runs-on: buildjet-8vcpu-ubuntu-2204 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- name: Install nextest | |
uses: taiki-e/install-action@nextest | |
- uses: arduino/setup-protoc@v3 | |
with: | |
version: "24.4" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
- name: Run tests | |
timeout-minutes: 20 | |
run: | | |
cargo nextest run --package astria-bridge-withdrawer -- --include-ignored | |
doctest: | |
runs-on: buildjet-8vcpu-ubuntu-2204 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- uses: arduino/setup-protoc@v3 | |
with: | |
version: "24.4" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: run doctests | |
run: cargo test --doc --all-features | |
clippy: | |
runs-on: buildjet-8vcpu-ubuntu-2204 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' && needs.run_checker.outputs.run_lint_rust == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTUP_TOOLCHAIN }} | |
components: clippy | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- uses: arduino/setup-protoc@v3 | |
with: | |
version: "24.4" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: run pedantic clippy on workspace crates | |
run: | | |
cargo clippy --all-targets --all-features \ | |
-- --warn clippy::pedantic --warn clippy::arithmetic-side-effects --deny warnings | |
- name: run pedantic clippy on tools/protobuf-compiler | |
run: | | |
cargo clippy --manifest-path tools/protobuf-compiler/Cargo.toml \ | |
--all-targets --all-features \ | |
-- --warn clippy::pedantic --deny warnings | |
custom-lints: | |
runs-on: buildjet-8vcpu-ubuntu-2204 | |
needs: run_checker | |
if: needs.run_checker.outputs.run_tests == 'true' && needs.run_checker.outputs.run_lint_rust == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
# This has to match `rust-toolchain` in the rust-toolchain file of the dylint lints | |
toolchain: nightly-2024-09-05 | |
components: "clippy, llvm-tools-preview, rustc-dev, rust-src" | |
- uses: Swatinem/rust-cache@v2.7.3 | |
with: | |
cache-provider: "buildjet" | |
- name: install cargo-dylint and dylint-link | |
run: cargo install cargo-dylint@3.2.0 dylint-link@3.2.0 --locked | |
- uses: arduino/setup-protoc@v3 | |
with: | |
version: "24.4" | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: run clippy against custom lints | |
run: | | |
: # list all lint packages here to have clippy explicitly test them | |
: # uses the same nightly installed above to work around the entry in rust-toolchain.toml | |
cargo +nightly-2024-09-05 clippy --all-targets --all-features \ | |
-p tracing_debug_field \ | |
-- --warn clippy::pedantic --deny warnings | |
- name: run dylint clippy on workspace crates | |
env: | |
# set the dylint driver path to the target/ directory so that it's hopefully cached by rust-cache | |
DYLINT_DRIVER_PATH: ${{ github.workspace }}/target/dylint_drivers/ | |
DYLINT_RUSTFLAGS: "-D warnings" | |
run: | | |
mkdir -p "$DYLINT_DRIVER_PATH" | |
cargo dylint --all --workspace | |
test: | |
if: ${{ always() && !cancelled() }} | |
needs: [compiles, protos-compiled, solidity-contracts-compiled, rust, doctest, clippy, lockfile, custom-lints] | |
uses: ./.github/workflows/reusable-success.yml | |
with: | |
success: ${{ !contains(needs.*.result, 'failure') }} |