Upgrade deps, force musl to static #1304
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: "clippy, rustfmt" | |
- uses: Swatinem/rust-cache@v2 | |
# make sure all code has been formatted with rustfmt and linted with clippy | |
- name: rustfmt | |
run: cargo fmt -- --check --color always | |
# run clippy to verify we have no warnings | |
- run: cargo fetch | |
- name: cargo clippy | |
run: cargo clippy --all-targets --all-features -- -D warnings | |
test: | |
name: Test | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
runs-on: ${{ matrix.os }} | |
steps: | |
# We need to disable conversion to CRLF line endings on windows because it's | |
# dumb and causes advisory tests to fails since the submodule is checked | |
# out with the broken line endings | |
- if: matrix.os == 'windows-2022' | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- run: cargo fetch | |
- name: cargo test build | |
run: cargo build --tests | |
- run: cargo test | |
# Verifies we can build aarch64-apple-darwin binaries until GHA actually has | |
# runners for them that we can actually run tests on | |
build-aarch64-apple-darwin: | |
name: Build aarch64-apple-darwin | |
runs-on: macos-11 | |
# Only run this PRs | |
if: false #github.ref != 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: aarch64-apple-darwin | |
- uses: Swatinem/rust-cache@v2 | |
- run: cargo fetch --target aarch64-apple-darwin | |
- run: cargo build --release --target aarch64-apple-darwin | |
self: | |
name: Check Users | |
strategy: | |
matrix: | |
include: | |
- os: ubuntu-22.04 | |
target: x86_64-unknown-linux-musl | |
runs-on: ${{ matrix.os }} | |
env: | |
TARGET: x86_64-unknown-linux-musl | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
target: ${{ matrix.target }} | |
- uses: Swatinem/rust-cache@v2 | |
- name: Install musl tools | |
if: matrix.target == 'x86_64-unknown-linux-musl' | |
run: | | |
sudo apt-get install -y musl-tools | |
- name: cargo fetch | |
run: cargo fetch --target ${{ matrix.target }} | |
- name: cargo install | |
# Install in debug mode since this part is sloooooow and | |
# release doesn't really matter much for runtime | |
# Also, build and run with musl, this lets us ensure that | |
# musl still works, which is important for the linux binaries | |
# we release, but wasn't exercised until now | |
run: cargo install --path . --debug --target ${{ matrix.target }} | |
- name: self check | |
run: cargo deny -L debug --all-features --locked check | |
- name: check external users | |
run: ./scripts/check_external.sh | |
# Build `mdBook` documentation and upload it as a temporary build artifact | |
doc-book: | |
name: Build the book | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- env: | |
version: "0.4.32" | |
run: | | |
set -e | |
curl -L https://github.com/rust-lang-nursery/mdBook/releases/download/v${version}/mdbook-v${version}-x86_64-unknown-linux-gnu.tar.gz | tar xzf - | |
echo `pwd` >> $GITHUB_PATH | |
- run: (cd docs && mdbook build) | |
- uses: actions/upload-artifact@v1 | |
with: | |
name: doc-book | |
path: docs/book | |
publish-check: | |
name: Publish Check | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- run: cargo fetch | |
- name: cargo publish | |
run: cargo publish --dry-run | |
release: | |
name: Release | |
#needs: [test, self, doc-book] | |
if: startsWith(github.ref, 'refs/tags/') | |
strategy: | |
matrix: | |
include: | |
- os: ubuntu-22.04 | |
rust: stable | |
target: x86_64-unknown-linux-musl | |
bin: cargo-deny | |
- os: windows-2022 | |
rust: stable | |
target: x86_64-pc-windows-msvc | |
bin: cargo-deny.exe | |
- os: macos-11 | |
rust: stable | |
target: x86_64-apple-darwin | |
bin: cargo-deny | |
- os: macos-11 | |
rust: stable | |
target: aarch64-apple-darwin | |
bin: cargo-deny | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.rust }} | |
target: ${{ matrix.target }} | |
- name: Install musl tools | |
if: matrix.target == 'x86_64-unknown-linux-musl' | |
run: | | |
sudo apt-get install -y musl-tools | |
- uses: Swatinem/rust-cache@v2 | |
- name: cargo fetch | |
run: cargo fetch --target ${{ matrix.target }} | |
- name: Release build | |
run: cargo build --release --target ${{ matrix.target }} | |
- name: Package | |
shell: bash | |
run: | | |
name=cargo-deny | |
tag=$(git describe --tags --abbrev=0) | |
release_name="$name-$tag-${{ matrix.target }}" | |
release_tar="${release_name}.tar.gz" | |
mkdir "$release_name" | |
if [ "${{ matrix.target }}" != "x86_64-pc-windows-msvc" ]; then | |
strip "target/${{ matrix.target }}/release/${{ matrix.bin }}" | |
fi | |
cp "target/${{ matrix.target }}/release/${{ matrix.bin }}" "$release_name/" | |
cp README.md LICENSE-APACHE LICENSE-MIT "$release_name/" | |
tar czvf "$release_tar" "$release_name" | |
rm -r "$release_name" | |
# Windows environments in github actions don't have the gnu coreutils installed, | |
# which includes the shasum exe, so we just use powershell instead | |
if [ "${{ matrix.target }}" == "x86_64-pc-windows-msvc" ]; then | |
echo "(Get-FileHash \"${release_tar}\" -Algorithm SHA256).Hash | Out-File -Encoding ASCII -NoNewline \"${release_tar}.sha256\"" | pwsh -c - | |
else | |
echo -n "$(shasum -ba 256 "${release_tar}" | cut -d " " -f 1)" > "${release_tar}.sha256" | |
fi | |
- name: Publish | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: true | |
files: "cargo-deny*" | |
env: | |
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} | |
publish: | |
name: Publish Docs | |
needs: [doc-book] | |
runs-on: ubuntu-22.04 | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download book | |
uses: actions/download-artifact@v1 | |
with: | |
name: doc-book | |
- name: Assemble gh-pages | |
run: | | |
mv doc-book gh-pages | |
# If this is a push to the main branch push to the `gh-pages` using a | |
# deploy key. Note that a deploy key is necessary for now because otherwise | |
# using the default token for github actions doesn't actually trigger a page | |
# rebuild. | |
- name: Push to gh-pages | |
# Uses a rust script to setup and push to the gh-pages branch | |
run: rustc scripts/build-pages.rs && (cd gh-pages && ../build-pages) | |
env: | |
GITHUB_DEPLOY_KEY: ${{ secrets.GITHUB_DEPLOY_KEY }} | |
BUILD_REPOSITORY_ID: ${{ github.repository }} | |
BUILD_SOURCEVERSION: ${{ github.sha }} |