orb-ui: cone poc #193
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Rust CI | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| workflow_call: | |
| secrets: | |
| GIT_HUB_TOKEN: | |
| required: true | |
| CACHIX_AUTH_TOKEN: | |
| required: false | |
| push: | |
| branches: | |
| - main | |
| - prod | |
| tags: | |
| - '**' | |
| jobs: | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22 | |
| with: | |
| github_access_token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12 | |
| continue-on-error: true | |
| with: | |
| name: worldcoin | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Check Rust formatting | |
| run: cargo fmt --check --all | |
| - name: Check Nix formatting | |
| run: | | |
| nix develop -c \ | |
| nixpkgs-fmt --check flake.nix | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22 | |
| with: | |
| github_access_token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12 | |
| continue-on-error: true | |
| with: | |
| name: worldcoin | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Authorize private git repos | |
| run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com | |
| - name: Cache cargo dependencies | |
| uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2 | |
| - name: Clippy lints | |
| run: | | |
| nix develop -c \ | |
| cargo clippy --all --all-features --all-targets --no-deps -- -D warnings | |
| doc: | |
| name: Doc | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22 | |
| with: | |
| github_access_token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12 | |
| continue-on-error: true | |
| with: | |
| name: worldcoin | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Authorize private git repos | |
| run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com | |
| - name: Cache cargo dependencies | |
| uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2 | |
| - name: Cargo Doc | |
| run: | | |
| nix develop -c \ | |
| cargo doc --all --all-features --no-deps --document-private-items | |
| test: | |
| name: Test | |
| strategy: | |
| matrix: | |
| platform: [ public-ubuntu-22.04-32core, macos-13 ] | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22 | |
| with: | |
| github_access_token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12 | |
| continue-on-error: true | |
| with: | |
| name: worldcoin | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Authorize private git repos | |
| run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com | |
| - name: Cache cargo dependencies | |
| uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2 | |
| - name: Configure cargo to exclude platform-specific crates | |
| if: ${{ matrix.platform == 'macos-13' }} | |
| run: | | |
| MAC_EXCLUDE=( | |
| "--exclude orb-thermal-cam-ctrl" | |
| "--exclude seek-camera" | |
| "--exclude seek-camera-sys" | |
| "--exclude can-rs" | |
| "--exclude mcu-util" | |
| "--exclude orb-sound" | |
| "--exclude orb-ui" | |
| ) | |
| echo MAC_EXCLUDE="${MAC_EXCLUDE[*]}" >>${GITHUB_ENV} | |
| cat ${GITHUB_ENV} | |
| - name: Cargo Test | |
| run: | | |
| uname -a | |
| nix develop -c env | |
| nix develop -c \ | |
| cargo test --all --all-features --all-targets $MAC_EXCLUDE | |
| build: | |
| name: Build | |
| runs-on: public-ubuntu-22.04-32core | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22 | |
| with: | |
| github_access_token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12 | |
| continue-on-error: true | |
| with: | |
| name: worldcoin | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Authorize private git repos | |
| run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com | |
| - name: Cache cargo dependencies | |
| uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2 | |
| - name: Choose cargo profile | |
| run: | | |
| set -Eeuxo pipefail | |
| if [[ ${{ github.event_name }} == "pull_request" || ${{ github.event_name }} == "push" ]]; then | |
| CI_PROFILE="release" | |
| else | |
| CI_PROFILE="artifact" | |
| fi | |
| echo CI_PROFILE=${CI_PROFILE} >>${GITHUB_ENV} | |
| - name: Compile ${{ matrix.target }} Binaries | |
| run: | | |
| set -Eeuxo pipefail | |
| uname -a | |
| nix develop -c env | |
| binaries=( | |
| mcu-util | |
| orb-attest | |
| orb-backend-state | |
| orb-slot-ctrl | |
| orb-thermal-cam-ctrl | |
| orb-ui | |
| verity-tree-calc | |
| ) | |
| nix develop -c scripts/build_rust_artifacts.py \ | |
| binaries ${CI_PROFILE} ${binaries[@]} | |
| ls -aRsh binaries | |
| - name: Bundle artifacts | |
| run: | | |
| set -Eeuxo pipefail | |
| mkdir artifacts | |
| for b in binaries/*; do | |
| b="$(basename ${b})" | |
| # We make sure that the tarball is idempotent: | |
| # https://stackoverflow.com/a/54908072 | |
| tar --sort=name --owner=root:0 --group=root:0 --mtime='@0' \ | |
| -vahcf artifacts/${b}.tar.zst -C binaries/${b} . | |
| done | |
| ls -aRsh artifacts | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3 | |
| with: | |
| name: artifacts | |
| path: artifacts | |
| if-no-files-found: error | |
| cargo-deny: | |
| name: Check licensing | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
| with: | |
| token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22 | |
| with: | |
| github_access_token: ${{ secrets.GIT_HUB_TOKEN }} | |
| - uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12 | |
| continue-on-error: true | |
| with: | |
| name: worldcoin | |
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Authorize private git repos | |
| run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com | |
| - name: Check licenses and security advisories | |
| run: | | |
| nix develop -c \ | |
| cargo deny check |