diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..f661b9b --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,33 @@ +name: Security audit +on: + push: + paths: + - '**/Cargo.toml' + - '**/Cargo.lock' + +permissions: + issues: write + checks: write + contents: read + +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Cache dependencies + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 #v2.7.3 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Configure sccache + run: | + echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV + echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Run sccache-cache + uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af #v0.0.5 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Install Protoc + uses: arduino/setup-protoc@v3 + - uses: rustsec/audit-check@v1.4.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml new file mode 100644 index 0000000..36c87d9 --- /dev/null +++ b/.github/workflows/conventional-commits.yml @@ -0,0 +1,22 @@ +name: "Lint PR" + +on: + pull_request: + +jobs: + conventional-commits-check: + name: Check conventional commits + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5 + with: + python-version: "3.10" + - name: Install commitizen + run: pip install commitizen + - name: commitizen check + run: cz check --rev-range ${{ github.event.pull_request.base.sha }}..HEAD diff --git a/.github/workflows/license_headers_check.yml b/.github/workflows/license_headers_check.yml new file mode 100644 index 0000000..35e2068 --- /dev/null +++ b/.github/workflows/license_headers_check.yml @@ -0,0 +1,32 @@ +name: License headers check + +on: + push: + branches: [main] + pull_request: + workflow_dispatch: + +jobs: + check: + name: License headers check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: Install addlicense + run: | + wget https://github.com/google/addlicense/releases/download/v1.1.1/addlicense_1.1.1_Linux_x86_64.tar.gz + tar -xzf addlicense_1.1.1_Linux_x86_64.tar.gz + sudo mv addlicense /usr/local/bin + - name: Check license headers + run: > + addlicense \ + -check \ + -c "Semiotic AI, Inc." \ + -l "apache" \ + -s=only \ + -ignore '.github/workflows/*.yml' \ + -ignore '.github/*.yml' \ + -ignore '.github/workflows/*.yaml' \ + -ignore '.github/*.yaml' \ + -ignore 'protos/type.proto' \ + . diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..6e226f5 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,122 @@ +name: tests + +on: + push: + branches: [main] + pull_request: + workflow_dispatch: + +jobs: + fmt: + name: cargo fmt + runs-on: ubuntu-latest + container: + image: rust:1.82-bookworm + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - run: | + rustup component add rustfmt + cargo fmt --all -- --check + + clippy: + name: cargo clippy + runs-on: ubuntu-latest + container: + image: rust:1.82-bookworm + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: Cache dependencies + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 #v2.7.3 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Configure sccache + run: | + echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV + echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Run sccache-cache + uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af #v0.0.5 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Install Protoc + uses: arduino/setup-protoc@v3 + - run: | + rustup component add clippy + # Temporarily allowing dead-code, while denying all other warnings + cargo clippy --all-features --all-targets -- -A dead-code -D warnings + + test: + name: cargo test + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + actions: read + container: + image: rust:1.82-bookworm + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: Cache dependencies + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 #v2.7.3 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Configure sccache + run: | + echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV + echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Run sccache-cache + uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af #v0.0.5 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Install Protoc + uses: arduino/setup-protoc@v3 + - name: Run tests + run: cargo test --all-features --workspace + + # Cannot do with llvm-cov, see https://github.com/taiki-e/cargo-llvm-cov/issues/2 + test-docs: + name: cargo test docs code snippets + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + actions: read + container: + image: rust:1.82-bookworm + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: Cache dependencies + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 #v2.7.3 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Configure sccache + run: | + echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV + echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Run sccache-cache + uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af #v0.0.5 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Install Protoc + uses: arduino/setup-protoc@v3 + - name: Test documentation code snippets + run: cargo test --doc --all-features --workspace + + build: + name: cargo check + runs-on: ubuntu-latest + container: + image: rust:1.82-bookworm + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: Cache dependencies + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 #v2.7.3 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Configure sccache + run: | + echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV + echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Run sccache-cache + uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af #v0.0.5 + if: ${{ !startsWith(github.head_ref, 'renovate/') }} + - name: Install Protoc + uses: arduino/setup-protoc@v3 + - name: Cargo check + run: cargo check