mirror of
https://github.com/starship/starship
synced 2024-11-02 12:57:23 +00:00
ci: refactor GitHub Actions workflow file (#1249)
* Clean up the workflow file This removes the trailing whitespace from the workflow, removes an unused step and fixes up some yaml formatting. * Make the caching more aggressive This makes the caching more aggressive by allowing for partial restoration of the cached data and use the cache for more jobs. * Run all the tests in parallel Have stopped the testsuites from requiring the compile checks, Github Actions doesn't mind that we are running multiple tests in parallel and this does over a bit of a speed up. * Separate Security Audit into a separate workflow Have moved the Cargo Audit check into it's own workflow and switched it to use the `actions-rs/audit-check` to simplify the setup. Have also added in a daily security scan.
This commit is contained in:
parent
fbfde79b08
commit
4f481e0a7d
2 changed files with 73 additions and 21 deletions
29
.github/workflows/security_audit.yml
vendored
Normal file
29
.github/workflows/security_audit.yml
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
name: Security audit
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
paths:
|
||||||
|
- '**/Cargo.toml'
|
||||||
|
- '**/Cargo.lock'
|
||||||
|
jobs:
|
||||||
|
security_audit:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
- uses: actions-rs/audit-check@v1
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
---
|
||||||
|
name: Security audit [Daily]
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * *'
|
||||||
|
jobs:
|
||||||
|
security_audit:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
- uses: actions-rs/audit-check@v1
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
65
.github/workflows/workflow.yml
vendored
65
.github/workflows/workflow.yml
vendored
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
name: Main workflow
|
name: Main workflow
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
|
@ -22,7 +23,6 @@ jobs:
|
||||||
toolchain: stable
|
toolchain: stable
|
||||||
components: rustfmt
|
components: rustfmt
|
||||||
override: true
|
override: true
|
||||||
- run: rustup component add rustfmt
|
|
||||||
- uses: actions-rs/cargo@v1
|
- uses: actions-rs/cargo@v1
|
||||||
with:
|
with:
|
||||||
command: fmt
|
command: fmt
|
||||||
|
@ -45,28 +45,33 @@ jobs:
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
args: --all-targets --all-features -- -D clippy::all
|
args: --all-targets --all-features -- -D clippy::all
|
||||||
|
|
||||||
# Run a security audit on dependencies
|
|
||||||
cargo_audit:
|
|
||||||
name: Cargo Audit [Security]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- uses: actions-rs/toolchain@v1
|
|
||||||
with:
|
|
||||||
toolchain: stable
|
|
||||||
override: true
|
|
||||||
- run: cargo install --force cargo-audit
|
|
||||||
- run: cargo generate-lockfile
|
|
||||||
- uses: actions-rs/cargo@v1
|
|
||||||
with:
|
|
||||||
command: audit
|
|
||||||
|
|
||||||
# Ensure that the project could be successfully compiled
|
# Ensure that the project could be successfully compiled
|
||||||
cargo_check:
|
cargo_check:
|
||||||
name: Compile
|
name: Compile
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Cache cargo registry
|
||||||
|
uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: ~/.cargo/registry
|
||||||
|
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-cargo-registry-
|
||||||
|
- name: Cache cargo index
|
||||||
|
uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: ~/.cargo/git
|
||||||
|
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-cargo-index-
|
||||||
|
- name: Cache cargo build
|
||||||
|
uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: target
|
||||||
|
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
|
||||||
- uses: actions-rs/toolchain@v1
|
- uses: actions-rs/toolchain@v1
|
||||||
with:
|
with:
|
||||||
profile: minimal
|
profile: minimal
|
||||||
|
@ -81,7 +86,6 @@ jobs:
|
||||||
# On both Rust stable and Rust nightly
|
# On both Rust stable and Rust nightly
|
||||||
test:
|
test:
|
||||||
name: Test Suite
|
name: Test Suite
|
||||||
needs: [cargo_check]
|
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
|
@ -98,11 +102,15 @@ jobs:
|
||||||
with:
|
with:
|
||||||
path: ~/.cargo/registry
|
path: ~/.cargo/registry
|
||||||
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
|
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-cargo-registry-
|
||||||
- name: Cache cargo index
|
- name: Cache cargo index
|
||||||
uses: actions/cache@v1
|
uses: actions/cache@v1
|
||||||
with:
|
with:
|
||||||
path: ~/.cargo/git
|
path: ~/.cargo/git
|
||||||
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
|
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-cargo-index-
|
||||||
- name: Cache cargo build
|
- name: Cache cargo build
|
||||||
uses: actions/cache@v1
|
uses: actions/cache@v1
|
||||||
with:
|
with:
|
||||||
|
@ -174,9 +182,9 @@ jobs:
|
||||||
git config --global user.name "Matan Kushner"
|
git config --global user.name "Matan Kushner"
|
||||||
git config --global user.email "hello@matchai.dev"
|
git config --global user.email "hello@matchai.dev"
|
||||||
|
|
||||||
cd $(brew --repo homebrew/core)
|
cd $(brew --repo homebrew/core)
|
||||||
git fetch origin
|
git fetch origin
|
||||||
sudo git reset --hard origin/master
|
sudo git reset --hard origin/master
|
||||||
cd -
|
cd -
|
||||||
|
|
||||||
brew bump-formula-pr --url=https://github.com/starship/starship/archive/$(git describe --tags).tar.gz --message="Automated release pull request using continuous integration." --no-browse -v starship --force
|
brew bump-formula-pr --url=https://github.com/starship/starship/archive/$(git describe --tags).tar.gz --message="Automated release pull request using continuous integration." --no-browse -v starship --force
|
||||||
|
@ -212,6 +220,21 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Cache cargo registry
|
||||||
|
uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: ~/.cargo/registry
|
||||||
|
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-cargo-registry-
|
||||||
|
- name: Cache cargo index
|
||||||
|
uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: ~/.cargo/git
|
||||||
|
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
${{ runner.os }}-cargo-index-
|
||||||
|
|
||||||
- name: Install Rust toolchain
|
- name: Install Rust toolchain
|
||||||
uses: actions-rs/toolchain@v1
|
uses: actions-rs/toolchain@v1
|
||||||
with:
|
with:
|
||||||
|
@ -230,7 +253,7 @@ jobs:
|
||||||
with:
|
with:
|
||||||
command: build
|
command: build
|
||||||
args: --release --target ${{ matrix.target }}
|
args: --release --target ${{ matrix.target }}
|
||||||
|
|
||||||
- name: Build target (musl)
|
- name: Build target (musl)
|
||||||
if: matrix.target == 'x86_64-unknown-linux-musl'
|
if: matrix.target == 'x86_64-unknown-linux-musl'
|
||||||
uses: actions-rs/cargo@v1
|
uses: actions-rs/cargo@v1
|
||||||
|
|
Loading…
Reference in a new issue