Merge branch 'rust-serverless:master' into master

Author: jerusdp

.github/workflows/check.yml

@@ -0,0 +1,23 @@
+name: Check
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 4 * * 3'
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        name: Check Rust Version
+      - run: make check
+  create_issue:
+    runs-on: ubuntu-latest
+    needs: check
+    if: always() && (needs.check.result == 'failure')
+    steps:
+      - run: gh issue create --title "Time to update to Rust" --body "Build update for next version of Rust" --label "enhancement" -R $GITHUB_REPOSITORY
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          

.github/workflows/main.yml

@@ -6,14 +6,38 @@ on:
       - master
 
 jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: Build
+      env:
+        REPO: ${{ github.repository }}
+      shell: bash
+      run: |
+        echo "docker_repo=${{ env.REPO }}" >> $GITHUB_ENV
+        make build
+    - name: Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.0.20
+      with:
+        image-ref: '${{ env.docker_repo }}:latest'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: Build
+        shell: bash
+        run: make build
       - name: Test
         run: make test
   publish:
-    needs: [test]
+    needs: [scan, test]
+    if: github.repository == 'rust-serverless/lambda-rust'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1

.github/workflows/nightly.yml

@@ -34,4 +34,5 @@ jobs:
     steps:
       - run: gh issue create --title "Nightly publication failed" --body "Nightly publication failed" --label "bug" -R $GITHUB_REPOSITORY
         env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          

.gitignore

@@ -1,3 +1,4 @@
 tests/test-*/test-out.log
 target
 .DS_Store
+.vscode

Dockerfile

@@ -2,10 +2,13 @@
 FROM docker.io/lambci/lambda:build-provided.al2
 
 ARG RUST_VERSION=1.54.0
+RUN yum -y update
+RUN yum -y remove kernel-devel-4.14.203-156.332.amzn2
 RUN yum install -y jq openssl-devel
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
     | CARGO_HOME=/cargo RUSTUP_HOME=/rustup sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION
 ADD build.sh /usr/local/bin/
+ADD latest.sh /usr/local/bin/
 VOLUME ["/code"]
 WORKDIR /code
 ENTRYPOINT ["/usr/local/bin/build.sh"]

Makefile

@@ -25,3 +25,8 @@ debug: build
 		-v ${HOME}/.cargo/git:/cargo/git  \
 		--entrypoint=/bin/bash \
 		$(REPO):$(TAG)
+
+check: 
+	$(DOCKER) run --rm \
+		--entrypoint=/usr/local/bin/latest.sh \
+		$(REPO)

latest.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -eux
+
+export CARGO_HOME="/cargo"
+export RUSTUP_HOME="/rustup"
+
+# shellcheck disable=SC1091
+source /cargo/env
+
+rustup toolchain install stable --profile=minimal
+STABLE=$(rustup check | grep stable | grep -E "[0-9]+\.[0-9]+\.[0-9]+" -o)
+DEFAULT=$(rustup show | grep -m 1 default | grep -E "[0-9]+\.[0-9]+\.[0-9]+" -o)
+
+if [ "${STABLE}" == "${DEFAULT}" ]; then exit 0
+    else exit 1
+fi