ci: refactor GitHub Actions workflow file (#1249)

* Clean up the workflow file

This removes the trailing whitespace from the workflow, removes an
unused step and fixes up some yaml formatting.

* Make the caching more aggressive

This makes the caching more aggressive by allowing for partial
restoration of the cached data and use the cache for more jobs.

* Run all the tests in parallel

Have stopped the testsuites from requiring the compile checks, Github
Actions doesn't mind that we are running multiple tests in parallel and
this does over a bit of a speed up.

* Separate Security Audit into a separate workflow

Have moved the Cargo Audit check into it's own workflow and switched it
to use the `actions-rs/audit-check` to simplify the setup. Have also
added in a daily security scan.
This commit is contained in:
Thomas O'Donnell 2020-05-25 02:45:47 +02:00 committed by GitHub
parent fbfde79b08
commit 4f481e0a7d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 73 additions and 21 deletions

29
.github/workflows/security_audit.yml vendored Normal file
View file

@ -0,0 +1,29 @@
---
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
---
name: Security audit [Daily]
on:
schedule:
- cron: '0 0 * * *'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}

View file

@ -1,3 +1,4 @@
---
name: Main workflow name: Main workflow
on: on:
push: push:
@ -22,7 +23,6 @@ jobs:
toolchain: stable toolchain: stable
components: rustfmt components: rustfmt
override: true override: true
- run: rustup component add rustfmt
- uses: actions-rs/cargo@v1 - uses: actions-rs/cargo@v1
with: with:
command: fmt command: fmt
@ -45,28 +45,33 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
args: --all-targets --all-features -- -D clippy::all args: --all-targets --all-features -- -D clippy::all
# Run a security audit on dependencies
cargo_audit:
name: Cargo Audit [Security]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- run: cargo install --force cargo-audit
- run: cargo generate-lockfile
- uses: actions-rs/cargo@v1
with:
command: audit
# Ensure that the project could be successfully compiled # Ensure that the project could be successfully compiled
cargo_check: cargo_check:
name: Compile name: Compile
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache cargo index
uses: actions/cache@v1
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Cache cargo build
uses: actions/cache@v1
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
- uses: actions-rs/toolchain@v1 - uses: actions-rs/toolchain@v1
with: with:
profile: minimal profile: minimal
@ -81,7 +86,6 @@ jobs:
# On both Rust stable and Rust nightly # On both Rust stable and Rust nightly
test: test:
name: Test Suite name: Test Suite
needs: [cargo_check]
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
fail-fast: false fail-fast: false
@ -98,11 +102,15 @@ jobs:
with: with:
path: ~/.cargo/registry path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache cargo index - name: Cache cargo index
uses: actions/cache@v1 uses: actions/cache@v1
with: with:
path: ~/.cargo/git path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Cache cargo build - name: Cache cargo build
uses: actions/cache@v1 uses: actions/cache@v1
with: with:
@ -174,9 +182,9 @@ jobs:
git config --global user.name "Matan Kushner" git config --global user.name "Matan Kushner"
git config --global user.email "hello@matchai.dev" git config --global user.email "hello@matchai.dev"
cd $(brew --repo homebrew/core) cd $(brew --repo homebrew/core)
git fetch origin git fetch origin
sudo git reset --hard origin/master sudo git reset --hard origin/master
cd - cd -
brew bump-formula-pr --url=https://github.com/starship/starship/archive/$(git describe --tags).tar.gz --message="Automated release pull request using continuous integration." --no-browse -v starship --force brew bump-formula-pr --url=https://github.com/starship/starship/archive/$(git describe --tags).tar.gz --message="Automated release pull request using continuous integration." --no-browse -v starship --force
@ -212,6 +220,21 @@ jobs:
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Cache cargo registry
uses: actions/cache@v1
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache cargo index
uses: actions/cache@v1
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Install Rust toolchain - name: Install Rust toolchain
uses: actions-rs/toolchain@v1 uses: actions-rs/toolchain@v1
with: with:
@ -230,7 +253,7 @@ jobs:
with: with:
command: build command: build
args: --release --target ${{ matrix.target }} args: --release --target ${{ matrix.target }}
- name: Build target (musl) - name: Build target (musl)
if: matrix.target == 'x86_64-unknown-linux-musl' if: matrix.target == 'x86_64-unknown-linux-musl'
uses: actions-rs/cargo@v1 uses: actions-rs/cargo@v1