Some improvements on economic security #784
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint | |
on: | |
push: | |
branches: | |
- develop | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
- name: Get nightly version to use | |
id: nightly | |
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT | |
- name: Build Dependencies | |
uses: ./.github/actions/build-dependencies | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install nightly rust | |
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32-unknown-unknown -c clippy | |
- name: Run Clippy | |
run: cargo +${{ steps.nightly.outputs.version }} clippy --all-features --all-targets -- -D warnings -A clippy::items_after_test_module | |
# Also verify the lockfile isn't dirty | |
# This happens when someone edits a Cargo.toml yet doesn't do anything | |
# which causes the lockfile to be updated | |
# The above clippy run will cause it to be updated, so checking there's | |
# no differences present now performs the desired check | |
- name: Verify lockfile | |
run: git diff | wc -l | grep -x "0" | |
deny: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
- name: Advisory Cache | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 | |
with: | |
path: ~/.cargo/advisory-db | |
key: rust-advisory-db | |
- name: Install cargo deny | |
run: cargo install --locked cargo-deny | |
- name: Run cargo deny | |
run: cargo deny -L error --all-features check | |
fmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
- name: Get nightly version to use | |
id: nightly | |
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT | |
- name: Install nightly rust | |
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -c rustfmt | |
- name: Run rustfmt | |
run: cargo +${{ steps.nightly.outputs.version }} fmt -- --check | |
dockerfiles: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
- name: Verify Dockerfiles are up to date | |
# Runs the file which generates them and checks the diff has no lines | |
run: cd orchestration && ./dockerfiles.sh && git diff | wc -l | grep -x "0" | |
machete: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
- name: Verify all dependencies are in use | |
run: | | |
cargo install cargo-machete | |
cargo machete |