Reduce code owners to CODEOWNERS and settings.yml (#24)
#88
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ci | |
| "on": | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| RUSTFLAGS: "-Dwarnings" | |
| jobs: | |
| # TODO: Fix automatically | |
| lint: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - uses: r7kamura/rust-problem-matchers@v1 | |
| - run: cargo fmt --all -- --check | |
| - uses: xt0rted/markdownlint-problem-matcher@v2 | |
| - uses: DavidAnson/markdownlint-cli2-action@v10 | |
| with: | |
| globs: "**/*.md" | |
| # FIXME: Add yamllint problem matcher | |
| - run: yamllint -s . | |
| crev: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| # TODO: once we have enough reviews, make this a required check | |
| continue-on-error: true | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/cache@v3 | |
| continue-on-error: false | |
| with: | |
| path: | | |
| Cargo.lock | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }} | |
| restore-keys: ${{ runner.os }}-cargo- | |
| - uses: taiki-e/install-action@v2 | |
| with: | |
| # Pinning to 0.23 due to | |
| # https://github.com/crev-dev/cargo-crev/issues/598 | |
| tool: cargo-crev@0.23 | |
| - name: Configure Crev | |
| run: | | |
| cargo crev trust \ | |
| --level high \ | |
| --no-commit https://github.com/mobilecoinfoundation/crev-proofs | |
| - name: Run Cargo Crev | |
| id: cargo-crev | |
| run: | | |
| set +e | |
| export MARKER=$RANDOM | |
| echo "UNREVIEWED_DEPENDENCIES<<EOF${MARKER}" >> $GITHUB_OUTPUT | |
| # GH does not like colors in crev output | |
| export TERM=xterm-mono | |
| # - Get a TSV-formatted table of dependencies without reviews | |
| # - Skip any "local" dependencies | |
| # - Convert the table to GHF markdown | |
| # - Sort descending by the "LoC" value (first column preceeds first | |
| # pipe) | |
| cargo generate-lockfile --offline | |
| cargo crev crate verify \ | |
| --for-id vMr-9g5KzKQLsCpkp1tc8o7AR6a0OptjOICjf7NMyHE \ | |
| --show-all \ | |
| --skip-indirect \ | |
| --skip-verified \ | |
| --skip-known-owners \ | |
| --trust medium \ | |
| --thoroughness medium \ | |
| --understanding medium \ | |
| --redundancy 2 | \ | |
| grep -v '^local ' | \ | |
| awk '{ | |
| printf("| %s | %s | %s | %s | %s | %s | %s |\n", | |
| $14, $15, $2, $10, $11, $12, $13) | |
| }' | \ | |
| sort -t\| -n -k5 | \ | |
| tee /dev/stderr >> $GITHUB_OUTPUT | |
| STATUS=$? | |
| echo "EOF${MARKER}" >> $GITHUB_OUTPUT | |
| set -e | |
| # TODO: When we're ready to make this required | |
| # exit $STATUS | |
| exit 0 | |
| shell: bash | |
| - uses: mshick/add-pr-comment@v2 | |
| with: | |
| # yamllint disable rule:line-length | |
| message: | | |
| #### :x: Unreviewed dependencies found | |
| | Crate | Version | Reviews (N/2) | LoC | Left-Pad Index | Geiger | Flags | | |
| | ----- | ------- | ------------- | --- | -------------- | ------ | ----- | | |
| ${{ steps.cargo-crev.outputs.UNREVIEWED_DEPENDENCIES }} | |
| # yamllint enable rule:line-length | |
| deny: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| strategy: | |
| matrix: | |
| checks: | |
| - advisories | |
| - bans licenses sources | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: EmbarkStudios/cargo-deny-action@v1 | |
| with: | |
| command: check ${{ matrix.checks }} | |
| sort: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-sort | |
| - run: cargo sort --workspace --grouped --check >/dev/null | |
| # TODO: Fix automatically | |
| clippy: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| strategy: | |
| matrix: | |
| rust: | |
| - stable | |
| - beta | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| components: clippy | |
| - uses: r7kamura/rust-problem-matchers@v1 | |
| - run: | | |
| cargo +${{ matrix.rust }} clippy --all --all-features -- -D warnings | |
| # TODO: Fix automatically, or post GH-suggestions comments | |
| build: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| strategy: | |
| matrix: | |
| rust: | |
| - stable | |
| - beta | |
| - nightly-2023-01-22 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - uses: r7kamura/rust-problem-matchers@v1 | |
| - run: cargo +${{ matrix.rust }} build --release | |
| test: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| strategy: | |
| matrix: | |
| rust: | |
| - stable | |
| - beta | |
| - nightly-2023-01-22 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - uses: r7kamura/rust-problem-matchers@v1 | |
| - run: cargo +${{ matrix.rust }} test --release | |
| doc: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| strategy: | |
| matrix: | |
| rust: | |
| - stable | |
| - beta | |
| # Prevent beta docs warnings from causing CI failure | |
| continue-on-error: ${{ matrix.rust == 'beta' }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - uses: r7kamura/rust-problem-matchers@v1 | |
| - run: cargo +${{ matrix.rust }} doc --release --no-deps | |
| coverage: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - lint | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview | |
| - uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-llvm-cov | |
| - run: cargo llvm-cov --workspace --lcov --output-path lcov.info | |
| - uses: codecov/codecov-action@v3 | |
| with: | |
| files: lcov.info | |
| notify: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && failure() | |
| needs: | |
| - lint | |
| - deny | |
| - sort | |
| - clippy | |
| - build | |
| - test | |
| - doc | |
| - coverage | |
| steps: | |
| - name: Notify Discord on failure | |
| uses: sarisia/actions-status-discord@v1 | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| username: "Github Actions" | |
| status: Failure | |
| color: 0xff0000 | |
| nodetail: true | |
| # yamllint disable rule:line-length | |
| title: "${{ github.repository }} ${{ github.workflow }} has failed on ${{ github.event_name }} to ${{ github.ref_name }}" | |
| url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| description: > | |
| [`@${{ github.actor }}`](${{ github.server_url }}/${{ github.actor }}) | |
| was the last one to touch | |
| [that repository](${{ github.server_url }}/${{ github.repository }}), | |
| is all I'm saying. | |
| avatar_url: "https://media0.giphy.com/media/oe33xf3B50fsc/200.gif" | |
| # yamllint enable rule:line-length |