Skip to content

ci: Add release workflow with SBOM and attestation #482

ci: Add release workflow with SBOM and attestation

ci: Add release workflow with SBOM and attestation #482

Workflow file for this run

name: Rust workflow
# Trigger the CI on any tags, pushes to any branch and PRs to any branch.
on:
push:
branches: [ "main" ]
tags: [ "*" ]
pull_request:
branches: [ "*" ]
env:
CARGO_TERM_COLOR: always
# Make sure there is no pipeline running uselessly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Defined CI jobs.
jobs:
simple-checks:
container: ghcr.io/famedly/rust-container:nightly
runs-on: ubuntu-latest
steps:
- name: Checkout current repository
uses: actions/checkout@v3
with:
path: head
- uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
with:
gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
gitlab_user: ${{ secrets.GITLAB_USER }}
gitlab_pass: ${{ secrets.GITLAB_PASS }}
- name: Caching
uses: Swatinem/rust-cache@b8a6852b4f997182bdea832df3f9e153038b5191
with:
cache-on-failure: true
cache-all-crates: true
- name: Rustfmt
shell: bash
working-directory: head
run: cargo +${NIGHTLY_VERSION} fmt -- --check
- name: Clippy
working-directory: head
shell: bash
run: cargo +${NIGHTLY_VERSION} clippy --workspace --all-targets -- -D warnings
- name: Doc-test
shell: bash
working-directory: head
run: cargo +${NIGHTLY_VERSION} test --doc --workspace --verbose
- name: Udeps
shell: bash
working-directory: head
run: cargo +${NIGHTLY_VERSION} udeps
- name: Typos
shell: bash
working-directory: head
run: typos --exclude '*.key' --exclude '*.crt' --exclude '*.csr' --exclude '*.srl'
tests:
runs-on: ubuntu-latest
steps:
- name: Checkout current repository
uses: actions/checkout@v3
with:
path: head
- uses: famedly/backend-build-workflows/.github/actions/rust-prepare@main
with:
gitlab_ssh: ${{ secrets.CI_SSH_PRIVATE_KEY}}
gitlab_user: ${{ secrets.GITLAB_USER }}
gitlab_pass: ${{ secrets.GITLAB_PASS }}
- name: Add llvm-tools rust component
run: rustup component add llvm-tools-preview --toolchain stable-x86_64-unknown-linux-gnu
- name: Caching
uses: Swatinem/rust-cache@b8a6852b4f997182bdea832df3f9e153038b5191
with:
cache-on-failure: true
cache-all-crates: true
- name: Install additional cargo tooling
shell: bash
run: cargo install cargo-nextest cargo-llvm-cov --locked
- name: Test
timeout-minutes: 20
shell: bash
working-directory: head
run: |
docker compose --project-directory ./tests/environment down -v
cargo llvm-cov nextest --no-fail-fast --workspace --lcov --output-path '${{github.workspace}}/lcov.info'
sed "s|$PWD/||g" -i '${{github.workspace}}/lcov.info'
- name: Get docker logs on failure
shell: bash
if: failure()
working-directory: head
run: |
docker compose --project-directory ./tests/environment logs
- name: Setup LCOV
uses: hrishikesh-kadam/setup-lcov@6c1aa0cc9e1c02f9f58f01ac599f1064ccc83470
- name: Report code coverage
uses: zgosalvez/github-actions-report-lcov@fea161ae6d85807479ea109d42259c9165558a64
with:
working-directory: ./head/
coverage-files: ${{github.workspace}}/lcov.info
artifact-name: code-coverage-report
github-token: ${{ secrets.GITHUB_TOKEN }}
update-comment: true
# review_app_coverage:
# if: github.event_name == 'pull_request'
# needs: [tests]
# secrets: inherit
# uses: famedly/frontend-ci-templates/.github/workflows/review-app.yml@main
# with:
# projectname: "ldap-sync-coverage"
# pr: ${{ github.event.pull_request.number }}
# environment: "review"
# artifact-name: "code-coverage-report"