Skip to content

Add rule: Sensitive value in .NET configuration (#237) #1543

Add rule: Sensitive value in .NET configuration (#237)

Add rule: Sensitive value in .NET configuration (#237) #1543

Workflow file for this run

name: CI
on:
pull_request:
push:
branches:
- main
schedule:
# Force a run every day at 0005 UTC
- cron: '00 05 * * *'
env:
CI: '1'
CARGO_TERM_COLOR: 'always'
# Emit backtraces on panics (though these may be worthless without debug info).
RUST_BACKTRACE: '1'
# Disable incremental builds; see https://matklad.github.io/2021/09/04/fast-rust-builds.html:
#
# CI builds often are closer to from-scratch builds, as changes are typically much bigger than from a local edit-compile cycle.
# For from-scratch builds, incremental adds an extra dependency-tracking overhead.
# It also significantly increases the amount of IO and the size of ./target, which make caching less effective.
CARGO_INCREMENTAL: '0'
# Explicitly disable LTO in release builds here, even though Nosey Parker
# explicitly sets it. For actual release builds that get distributed we want
# it, but for builds used only for testing, it adds significant time to the
# build.
#
# https://doc.rust-lang.org/cargo/reference/profiles.html#lto
CARGO_PROFILE_RELEASE_LTO: 'false'
# Disable debug info in CI; speeds up builds and shrinks Actions caches a bit
CARGO_PROFILE_RELEASE_DEBUG: '0'
CARGO_PROFILE_DEV_DEBUG: '0'
CARGO_PROFILE_TEST_DEBUG: '0'
# Enable Cargo output explaining why things are being rebuilt.
# This can be useful to investigate why caching is not working as expected.
#
# https://stackoverflow.com/a/70174212
# https://doc.crates.io/contrib/implementation/debugging.html#logging
# CARGO_LOG: 'cargo::core::compiler::fingerprint=info'
jobs:
tests:
name: CI (${{ matrix.name }})
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- name: ubuntu-20.04.x86_64.stable.release
os: ubuntu-20.04
rust: stable
profile: release
features: -F release
install_dependencies: |
sudo apt-get install zsh libboost-all-dev
cpu_info_cmd: 'cat /proc/cpuinfo'
check_docs: false
run_tests: true
- name: ubuntu-22.04.x86_64.stable.test
os: ubuntu-22.04
rust: stable
profile: test
features:
install_dependencies: |
sudo apt-get install zsh libboost-all-dev
cpu_info_cmd: 'cat /proc/cpuinfo'
check_docs: true
run_tests: true
- name: ubuntu-24.04.x86_64.stable.nodefaultfeatures
os: ubuntu-24.04
rust: stable
profile: test
features: --no-default-features
install_dependencies: |
sudo apt-get install zsh libboost-all-dev
cpu_info_cmd: 'cat /proc/cpuinfo'
check_docs: true
run_tests: true
- name: ubuntu-22.04.arm64.stable.release
os: ubuntu-22.04-arm64-8-core
rust: stable
profile: release
features: -F release
install_dependencies: |
sudo apt-get install zsh libboost-all-dev
cpu_info_cmd: 'cat /proc/cpuinfo'
check_docs: false
run_tests: true
- name: ubuntu-24.04.arm64.stable.test
os: ubuntu-24.04-arm64-8-core
rust: stable
profile: test
features:
install_dependencies: |
sudo apt-get install zsh libboost-all-dev
cpu_info_cmd: 'cat /proc/cpuinfo'
check_docs: true
run_tests: true
- name: macos-13.x86_64.stable.test
os: macos-13
rust: stable
profile: test
features:
install_dependencies: |
brew install coreutils boost
cpu_info_cmd: 'sysctl -a | grep machdep.cpu'
check_docs: false
run_tests: true
- name: macos-14.arm64.stable.test
os: macos-14 # m1-based macos
rust: stable
profile: test
features:
install_dependencies: |
brew install coreutils boost
cpu_info_cmd: 'sysctl -a | grep machdep.cpu'
check_docs: false
run_tests: true
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: ${{ matrix.install_dependencies }}
- name: Install Rust toolchain
id: install-rust-toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
- name: Print CPU info
run: ${{ matrix.cpu_info_cmd }}
- name: Cache
uses: Swatinem/rust-cache@v2
with:
prefix-key: 'ci-tests'
key: ${{ matrix.name }}
- name: Build tests
if: ${{ matrix.run_tests }}
run: cargo test --no-run --locked --verbose --profile=${{ matrix.profile }} ${{ matrix.features }} --timings
- name: Nosey Parker version
run: cargo run --locked --verbose --profile=${{ matrix.profile }} ${{ matrix.features }} -- --version
- name: Run tests
if: ${{ matrix.run_tests }}
env:
# We use the GitHub Actions automatic token when running tests, to avoid
# spurious failures from rate limiting when testing Nosey Parker's github
# enumeration capabilities.
NP_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: cargo test --locked --verbose --profile=${{ matrix.profile }} ${{ matrix.features }} --timings
- name: Check documentation
if: ${{ matrix.check_docs }}
env:
RUSTDOCFLAGS: -D warnings
run: cargo doc --locked --verbose --profile=${{ matrix.profile }} ${{ matrix.features }} --timings --no-deps --document-private-items
# See https://doc.rust-lang.org/nightly/cargo/reference/timings.html for details
- name: Upload build timings
uses: actions/upload-artifact@v4
with:
name: build-timings.${{ matrix.name }}
path: target/cargo-timings
if-no-files-found: error