diff options
| author | Thomas O'Donnell <andytom@users.noreply.github.com> | 2020-05-25 02:45:47 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-24 20:45:47 -0400 |
| commit | 4f481e0a7d97a2428bc2cc4587f9c7c4b7865bf5 (patch) | |
| tree | f79fac3b48e9ba0688565c2e7914b4d9e255188f /.github | |
| parent | fbfde79b08caa2c95e40442cac60caede03b8e64 (diff) | |
ci: refactor GitHub Actions workflow file (#1249)
* Clean up the workflow file
This removes the trailing whitespace from the workflow, removes an
unused step and fixes up some yaml formatting.
* Make the caching more aggressive
This makes the caching more aggressive by allowing for partial
restoration of the cached data and use the cache for more jobs.
* Run all the tests in parallel
Have stopped the testsuites from requiring the compile checks, Github
Actions doesn't mind that we are running multiple tests in parallel and
this does over a bit of a speed up.
* Separate Security Audit into a separate workflow
Have moved the Cargo Audit check into it's own workflow and switched it
to use the `actions-rs/audit-check` to simplify the setup. Have also
added in a daily security scan.
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/security_audit.yml | 29 | ||||
| -rw-r--r-- | .github/workflows/workflow.yml | 65 |
2 files changed, 73 insertions, 21 deletions
diff --git a/.github/workflows/security_audit.yml b/.github/workflows/security_audit.yml new file mode 100644 index 000000000..0e679b9fe --- /dev/null +++ b/.github/workflows/security_audit.yml @@ -0,0 +1,29 @@ +--- +name: Security audit +on: + push: + paths: + - '**/Cargo.toml' + - '**/Cargo.lock' +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + +--- +name: Security audit [Daily] +on: + schedule: + - cron: '0 0 * * *' +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 4c3f7bb68..6ea1eba33 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -1,3 +1,4 @@ +--- name: Main workflow on: push: @@ -22,7 +23,6 @@ jobs: toolchain: stable components: rustfmt override: true - - run: rustup component add rustfmt - uses: actions-rs/cargo@v1 with: command: fmt @@ -45,28 +45,33 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} args: --all-targets --all-features -- -D clippy::all - # Run a security audit on dependencies - cargo_audit: - name: Cargo Audit [Security] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - run: cargo install --force cargo-audit - - run: cargo generate-lockfile - - uses: actions-rs/cargo@v1 - with: - command: audit - # Ensure that the project could be successfully compiled cargo_check: name: Compile runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + + - name: Cache cargo registry + uses: actions/cache@v1 + with: + path: ~/.cargo/registry + key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-registry- + - name: Cache cargo index + uses: actions/cache@v1 + with: + path: ~/.cargo/git + key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-index- + - name: Cache cargo build + uses: actions/cache@v1 + with: + path: target + key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} + - uses: actions-rs/toolchain@v1 with: profile: minimal @@ -81,7 +86,6 @@ jobs: # On both Rust stable and Rust nightly test: name: Test Suite - needs: [cargo_check] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -98,11 +102,15 @@ jobs: with: path: ~/.cargo/registry key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-registry- - name: Cache cargo index uses: actions/cache@v1 with: path: ~/.cargo/git key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-index- - name: Cache cargo build uses: actions/cache@v1 with: @@ -174,9 +182,9 @@ jobs: git config --global user.name "Matan Kushner" git config --global user.email "hello@matchai.dev" - cd $(brew --repo homebrew/core) + cd $(brew --repo homebrew/core) git fetch origin - sudo git reset --hard origin/master + sudo git reset --hard origin/master cd - brew bump-formula-pr --url=https://github.com/starship/starship/archive/$(git describe --tags).tar.gz --message="Automated release pull request using continuous integration." --no-browse -v starship --force @@ -212,6 +220,21 @@ jobs: steps: - uses: actions/checkout@v2 + - name: Cache cargo registry + uses: actions/cache@v1 + with: + path: ~/.cargo/registry + key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-registry- + - name: Cache cargo index + uses: actions/cache@v1 + with: + path: ~/.cargo/git + key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-index- + - name: Install Rust toolchain uses: actions-rs/toolchain@v1 with: @@ -230,7 +253,7 @@ jobs: with: command: build args: --release --target ${{ matrix.target }} - + - name: Build target (musl) if: matrix.target == 'x86_64-unknown-linux-musl' uses: actions-rs/cargo@v1 |