Introduce JSON schema for deny.toml #1454
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
# Lightweight check for typos in any files. Config lives in 'typos.toml' | |
typos: | |
name: Typos | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
# Typos check should be pinned to the very specific version | |
# to prevent sudden dictionary updates from making our CI fail | |
- uses: crate-ci/typos@v1.19.0 | |
lint: | |
name: Lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: "clippy, rustfmt" | |
- uses: Swatinem/rust-cache@v2 | |
# make sure all code has been formatted with rustfmt and linted with clippy | |
- name: rustfmt | |
run: cargo fmt -- --check --color always | |
# run clippy to verify we have no warnings | |
- run: cargo fetch | |
- name: cargo clippy | |
run: cargo clippy --all-targets --all-features -- -D warnings | |
test: | |
name: Test | |
strategy: | |
matrix: | |
os: [ubuntu-22.04, macos-14] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- run: cargo fetch | |
- name: cargo test build | |
run: cargo build --tests | |
- run: cargo test | |
self: | |
name: Check Users | |
strategy: | |
matrix: | |
include: | |
- os: ubuntu-22.04 | |
target: x86_64-unknown-linux-musl | |
runs-on: ${{ matrix.os }} | |
env: | |
TARGET: x86_64-unknown-linux-musl | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
target: ${{ matrix.target }} | |
- uses: Swatinem/rust-cache@v2 | |
- name: Install musl tools | |
if: matrix.target == 'x86_64-unknown-linux-musl' | |
run: | | |
sudo apt-get install -y musl-tools | |
- name: cargo fetch | |
run: cargo fetch --target ${{ matrix.target }} | |
- name: cargo install | |
# Install in debug mode since this part is sloooooow and | |
# release doesn't really matter much for runtime | |
# Also, build and run with musl, this lets us ensure that | |
# musl still works, which is important for the linux binaries | |
# we release, but wasn't exercised until now | |
run: cargo install --path . --debug --target ${{ matrix.target }} | |
- name: self check | |
run: cargo deny -L debug --all-features --locked check | |
# - name: check external users | |
# run: ./scripts/check_external.sh | |
# Build `mdBook` documentation and upload it as a temporary build artifact | |
doc-book: | |
name: Build the book | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- env: | |
version: "0.4.32" | |
run: | | |
set -e | |
curl -L https://github.com/rust-lang-nursery/mdBook/releases/download/v${version}/mdbook-v${version}-x86_64-unknown-linux-gnu.tar.gz | tar xzf - | |
echo `pwd` >> $GITHUB_PATH | |
- run: (cd docs && mdbook build) | |
- uses: actions/upload-artifact@v1 | |
with: | |
name: doc-book | |
path: docs/book | |
publish-check: | |
name: Publish Check | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- run: cargo fetch | |
- name: cargo publish | |
run: cargo publish --dry-run | |
release: | |
name: Release | |
if: startsWith(github.ref, 'refs/tags/') | |
strategy: | |
matrix: | |
include: | |
- os: ubuntu-22.04 | |
rust: stable | |
target: x86_64-unknown-linux-musl | |
bin: cargo-deny | |
- os: windows-2022 | |
rust: stable | |
target: x86_64-pc-windows-msvc | |
bin: cargo-deny.exe | |
- os: macos-14 | |
rust: stable | |
target: x86_64-apple-darwin | |
bin: cargo-deny | |
- os: macos-14 | |
rust: stable | |
target: aarch64-apple-darwin | |
bin: cargo-deny | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.rust }} | |
target: ${{ matrix.target }} | |
- name: Install musl tools | |
if: matrix.target == 'x86_64-unknown-linux-musl' | |
run: | | |
sudo apt-get install -y musl-tools | |
- uses: Swatinem/rust-cache@v2 | |
- name: cargo fetch | |
run: cargo fetch --target ${{ matrix.target }} | |
- name: Release build | |
run: cargo build --release --target ${{ matrix.target }} | |
- name: Package | |
shell: bash | |
run: | | |
name=cargo-deny | |
tag=$(git describe --tags --abbrev=0) | |
release_name="$name-$tag-${{ matrix.target }}" | |
release_tar="${release_name}.tar.gz" | |
mkdir "$release_name" | |
if [ "${{ matrix.target }}" != "x86_64-pc-windows-msvc" ]; then | |
strip "target/${{ matrix.target }}/release/${{ matrix.bin }}" | |
fi | |
cp "target/${{ matrix.target }}/release/${{ matrix.bin }}" "$release_name/" | |
cp README.md LICENSE-APACHE LICENSE-MIT "$release_name/" | |
tar czvf "$release_tar" "$release_name" | |
rm -r "$release_name" | |
# Windows environments in github actions don't have the gnu coreutils installed, | |
# which includes the shasum exe, so we just use powershell instead | |
if [ "${{ matrix.target }}" == "x86_64-pc-windows-msvc" ]; then | |
echo "(Get-FileHash \"${release_tar}\" -Algorithm SHA256).Hash | Out-File -Encoding ASCII -NoNewline \"${release_tar}.sha256\"" | pwsh -c - | |
else | |
echo -n "$(shasum -ba 256 "${release_tar}" | cut -d " " -f 1)" > "${release_tar}.sha256" | |
fi | |
- name: Publish | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: true | |
files: "cargo-deny*" | |
env: | |
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} | |
publish: | |
name: Publish Docs | |
needs: [doc-book] | |
runs-on: ubuntu-22.04 | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download book | |
uses: actions/download-artifact@v1 | |
with: | |
name: doc-book | |
- name: Assemble gh-pages | |
run: | | |
mv doc-book gh-pages | |
# If this is a push to the main branch push to the `gh-pages` using a | |
# deploy key. Note that a deploy key is necessary for now because otherwise | |
# using the default token for github actions doesn't actually trigger a page | |
# rebuild. | |
- name: Push to gh-pages | |
# Uses a rust script to setup and push to the gh-pages branch | |
run: rustc scripts/build-pages.rs && (cd gh-pages && ../build-pages) | |
env: | |
GITHUB_DEPLOY_KEY: ${{ secrets.GITHUB_DEPLOY_KEY }} | |
BUILD_REPOSITORY_ID: ${{ github.repository }} | |
BUILD_SOURCEVERSION: ${{ github.sha }} | |
test_success: | |
runs-on: ubuntu-22.04 | |
needs: [typos,lint,test,self,publish-check,doc-book] | |
steps: | |
- run: echo "All test jobs passed" |