config: update production policy file #625
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: [push, pull_request] | |
name: Format and Clippy | |
env: | |
AS: nasm | |
AR: llvm-ar | |
CC: clang | |
permissions: | |
contents: read | |
jobs: | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: read | |
security-events: write | |
actions: read | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
submodules: recursive | |
# Install first since it's needed to build NASM | |
- name: Install LLVM and Clang | |
uses: KyleMayes/install-llvm-action@e0a8dc9cb8a22e8a7696e8a91a4e9581bec13181 # v2.0.5 | |
with: | |
version: "10.0" | |
directory: ${{ runner.temp }}/llvm | |
- name: install NASM | |
uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028 # v1.5.1 | |
- name: Install toolchain with clippy available | |
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
with: | |
profile: minimal | |
toolchain: nightly-2023-12-31 | |
override: true | |
components: clippy | |
- name: Install required cargo | |
run: cargo install clippy-sarif sarif-fmt | |
- name: Preparation Work | |
run: bash sh_script/preparation.sh | |
- name: Run rust-clippy for result collection | |
run: | |
cargo clippy | |
--features stack-guard,virtio-vsock,virtio-serial,vmcall-interrupt | |
--message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt | |
continue-on-error: true | |
- name: Upload analysis results to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: rust-clippy-results.sarif | |
wait-for-processing: true | |
- name: Run rust-clippy | |
run: cargo clippy --features stack-guard,virtio-vsock,virtio-serial,vmcall-interrupt | |
rustfmt: | |
name: Format | |
runs-on: ubuntu-20.04 | |
steps: | |
# Install first since it's needed to build NASM | |
- name: Install LLVM and Clang | |
uses: KyleMayes/install-llvm-action@e0a8dc9cb8a22e8a7696e8a91a4e9581bec13181 # v2.0.5 | |
with: | |
version: "10.0" | |
directory: ${{ runner.temp }}/llvm | |
- name: install NASM | |
uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028 # v1.5.1 | |
- name: Checkout sources | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
submodules: recursive | |
- name: Install toolchain with rustfmt available | |
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 | |
with: | |
profile: minimal | |
toolchain: nightly-2023-12-31 | |
override: true | |
components: rustfmt | |
- name: Preparation Work | |
run: bash sh_script/preparation.sh | |
- name: Run cargo check | |
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
with: | |
command: check | |
- name: Run cargo fmt | |
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 | |
with: | |
command: fmt | |
args: -- --check |