ci: add cargo audit #3491
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| # Trigger on pushes to master branch, new semantic version tags, and pull request updates | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: Git branch, or tag to build from. | |
| required: false | |
| target: | |
| description: Target to build. | |
| required: false | |
| type: choice | |
| options: | |
| - composer | |
| - conductor | |
| - sequencer | |
| - sequencer-relayer | |
| merge_group: | |
| push: | |
| branches: | |
| - "main" | |
| tags: | |
| - "**-v[0-9]+.[0-9]+.[0-9]+" | |
| - "**-v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+" | |
| - "**-v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+" | |
| - "**-v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+" | |
| # trigger on pull request updates when target is `main` branch | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| branches: | |
| - "main" | |
| jobs: | |
| run_checker: | |
| uses: ./.github/workflows/reusable-run-checker.yml | |
| composer: | |
| needs: run_checker | |
| if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'composer') | |
| uses: './.github/workflows/reusable-docker-build.yml' | |
| with: | |
| package-name: composer | |
| target-binary: astria-composer | |
| tag: ${{ inputs.tag }} | |
| secrets: inherit | |
| conductor: | |
| needs: run_checker | |
| if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'conductor') | |
| uses: './.github/workflows/reusable-docker-build.yml' | |
| with: | |
| package-name: conductor | |
| target-binary: astria-conductor | |
| tag: ${{ inputs.tag }} | |
| secrets: inherit | |
| sequencer: | |
| needs: run_checker | |
| if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'sequencer') | |
| uses: './.github/workflows/reusable-docker-build.yml' | |
| with: | |
| package-name: sequencer | |
| target-binary: astria-sequencer | |
| tag: ${{ inputs.tag }} | |
| secrets: inherit | |
| sequencer-relayer: | |
| needs: run_checker | |
| if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'sequencer-relayer') | |
| uses: './.github/workflows/reusable-docker-build.yml' | |
| with: | |
| package-name: sequencer-relayer | |
| target-binary: astria-sequencer-relayer | |
| tag: ${{ inputs.tag }} | |
| secrets: inherit | |
| smoke-test: | |
| needs: [run_checker, composer, conductor, sequencer, sequencer-relayer] | |
| if: github.event_name == 'merge_group' || needs.run_checker.outputs.run_docker == 'true' | |
| runs-on: buildjet-8vcpu-ubuntu-2204 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install just | |
| uses: taiki-e/install-action@just | |
| - name: Install kind | |
| uses: helm/kind-action@v1 | |
| with: | |
| install_only: true | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| - name: Setup Smoke Test Environment | |
| timeout-minutes: 5 | |
| run: | | |
| TAG=sha-$(git rev-parse --short HEAD) | |
| just deploy cluster | |
| echo "Deploying with astria images tagged $TAG" | |
| just deploy smoke-test $TAG | |
| - name: Run Smoke test | |
| timeout-minutes: 1 | |
| run: just run-smoke-test | |
| docker: | |
| if: ${{ always() && !cancelled() }} | |
| needs: [composer, conductor, sequencer, sequencer-relayer, smoke-test] | |
| uses: ./.github/workflows/reusable-success.yml | |
| with: | |
| success: ${{ !contains(needs.*.result, 'failure') }} |