Skip to content

chore(ci): upgrade audit-check #5943

chore(ci): upgrade audit-check

chore(ci): upgrade audit-check #5943

Workflow file for this run

name: Test
env:
CI: true
RUSTFLAGS: "-D warnings -D unreachable-pub --cfg tokio_unstable"
# This must match the entry in rust-toolchain.toml at the repository root
RUSTUP_TOOLCHAIN: "1.81.0"
on:
pull_request:
merge_group:
push:
branches:
- "main"
workflow_dispatch:
jobs:
run_checker:
uses: ./.github/workflows/reusable-run-checker.yml
protos-compiled:
runs-on: ubuntu-22.04
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
- name: Install `buf` protobuf manager
uses: bufbuild/buf-setup-action@v1
with:
version: "1.32.0"
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- name: Install just
uses: taiki-e/install-action@just
- name: Check if protobuf specs compile to commited Rust sources
run: |
just compile-protos
modified=$(git status --porcelain)
if [[ -n "$modified" ]]; then
echo "ERROR: protobuf specs are out of sync with the commited Rust sources"
echo "Recompile locally with \`just compile-protos\` and commit to the repository."
echo "Files that reported differences:"
echo "$modified"
exit 1
fi
solidity-contracts-compiled:
runs-on: ubuntu-22.04
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- name: Install just
uses: taiki-e/install-action@just
- name: Check if protobuf specs compile to commited Rust sources
run: |
just compile-solidity-contracts
modified=$(git status --porcelain)
if [[ -n "$modified" ]]; then
echo "ERROR: solidity contracts are out of sync with the commited Rust sources"
echo "Recompile locally with \`just compile-solidity-contracts\` and commit to the repository."
echo "Files that reported differences:"
echo "$modified"
exit 1
fi
compiles:
runs-on: buildjet-4vcpu-ubuntu-2204
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: taiki-e/install-action@v2.15.2
with:
tool: cargo-hack@0.5.29
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- uses: arduino/setup-protoc@v3
with:
version: "24.4"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Check that each crate compiles individually (circumventing workspace wide dependency resolution)
run: |
: # exclude all lints because cargo-hack ignores default-members and operates on all workspace members
cargo hack check --workspace --all-targets --all-features \
--exclude tracing_debug_field
lockfile:
runs-on: ubuntu-22.04
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "github"
- name: Check that the lockfile is updated
run: cargo fetch --locked
audit:
runs-on: ubuntu-22.04
needs: run_checker
if: needs.run_checker.outputs.run_audit == 'true'
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
rust:
runs-on: buildjet-8vcpu-ubuntu-2204
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- name: Install nextest
uses: taiki-e/install-action@nextest
- uses: arduino/setup-protoc@v3
with:
version: "24.4"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build tests
run: |
cargo nextest archive --archive-file=archive.tar.zst --release \
--all-features \
--all-targets
- name: Run tests
timeout-minutes: 20
run: |
cargo nextest run --archive-file=archive.tar.zst
rust-ethereum:
runs-on: buildjet-8vcpu-ubuntu-2204
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- name: Install nextest
uses: taiki-e/install-action@nextest
- uses: arduino/setup-protoc@v3
with:
version: "24.4"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Run tests
timeout-minutes: 20
run: |
cargo nextest run --package astria-bridge-withdrawer -- --include-ignored
doctest:
runs-on: buildjet-8vcpu-ubuntu-2204
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- uses: arduino/setup-protoc@v3
with:
version: "24.4"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: run doctests
run: cargo test --doc --all-features
clippy:
runs-on: buildjet-8vcpu-ubuntu-2204
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true' && needs.run_checker.outputs.run_lint_rust == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
components: clippy
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- uses: arduino/setup-protoc@v3
with:
version: "24.4"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: run pedantic clippy on workspace crates
run: |
cargo clippy --all-targets --all-features \
-- --warn clippy::pedantic --warn clippy::arithmetic-side-effects --deny warnings
- name: run pedantic clippy on tools/protobuf-compiler
run: |
cargo clippy --manifest-path tools/protobuf-compiler/Cargo.toml \
--all-targets --all-features \
-- --warn clippy::pedantic --deny warnings
custom-lints:
runs-on: buildjet-8vcpu-ubuntu-2204
needs: run_checker
if: needs.run_checker.outputs.run_tests == 'true' && needs.run_checker.outputs.run_lint_rust == 'true'
steps:
- uses: actions/checkout@v4
with:
submodules: 'true'
- uses: dtolnay/rust-toolchain@master
with:
# This has to match `rust-toolchain` in the rust-toolchain file of the dylint lints
toolchain: nightly-2024-09-05
components: "clippy, llvm-tools-preview, rustc-dev, rust-src"
- uses: Swatinem/rust-cache@v2.7.3
with:
cache-provider: "buildjet"
- name: install cargo-dylint and dylint-link
run: cargo install cargo-dylint@3.2.0 dylint-link@3.2.0 --locked
- uses: arduino/setup-protoc@v3
with:
version: "24.4"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: run clippy against custom lints
run: |
: # list all lint packages here to have clippy explicitly test them
: # uses the same nightly installed above to work around the entry in rust-toolchain.toml
cargo +nightly-2024-09-05 clippy --all-targets --all-features \
-p tracing_debug_field \
-- --warn clippy::pedantic --deny warnings
- name: run dylint clippy on workspace crates
env:
# set the dylint driver path to the target/ directory so that it's hopefully cached by rust-cache
DYLINT_DRIVER_PATH: ${{ github.workspace }}/target/dylint_drivers/
DYLINT_RUSTFLAGS: "-D warnings"
run: |
mkdir -p "$DYLINT_DRIVER_PATH"
cargo dylint --all --workspace
test:
if: ${{ always() && !cancelled() }}
needs: [compiles, protos-compiled, solidity-contracts-compiled, rust, doctest, clippy, lockfile, custom-lints]
uses: ./.github/workflows/reusable-success.yml
with:
success: ${{ !contains(needs.*.result, 'failure') }}