-
-
Notifications
You must be signed in to change notification settings - Fork 561
283 lines (252 loc) · 8.26 KB
/
all.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
name: All
permissions:
contents: read
on:
merge_group:
pull_request:
push:
branches:
- develop
workflow_dispatch:
inputs:
commit_sha:
description: Git commit sha, on which, to run this workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
lint_commits:
name: All - lint_commits
runs-on: ubuntu-22.04
# We assume that commit 2fd0d36fe6ae0c2d527368683ec3a6352617b381 will be in the history
# of all commits based on ockam develop branch
# https://github.com/build-trust/ockam/commit/2fd0d36fe6ae0c2d527368683ec3a6352617b381
env:
FIRST_COMMIT: 2fd0d36fe6ae0c2d527368683ec3a6352617b381
CONTRIBUTORS_CSV_PATH: .github/CONTRIBUTORS.csv
COMMITLINT_CONFIG_PATH: tools/commitlint/commitlint.config.js
steps:
- name: Check Commit Lint
uses: build-trust/.github/actions/commit_lint@0455ed96606ee7021639e74a1ae0289a30e33d86
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
lint_editorconfig:
name: All - lint_editorconfig
runs-on: ubuntu-22.04
container: # gitlab.com/greut/eclint
image: greut/eclint:v0.3.3@sha256:95e9a3dcbd236bae6569625cd403175cbde3705303774e7baca418b6442b8d77
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: ${{ github.event.inputs.commit_sha }}
- shell: sh
run: eclint -color=always
# Semgrep is a static analysis tool to lint code for patterns we want to forbid
# https://github.com/returntocorp/semgrep
lint_semgrep:
name: All - lint_semgrep
runs-on: ubuntu-22.04
container:
image: returntocorp/semgrep@sha256:2fd35fa409f209e0fea0c2d72cf1e5b801a607959a93b13d04822bb3b6a9dfe4
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: ${{ github.event.inputs.commit_sha }}
- name: Run Semgrep
# Bash is not available in the specified docker image of semgrep
shell: sh
# .semgrepignore is not processed outside of working directory. See https://github.com/returntocorp/semgrep/issues/5669
run: |
mv tools/semgrep/.semgrepignore . & \
semgrep --verbose --config="r2c" --config="tools/semgrep/rules/example.yaml"
# Check notice file for update
notice_update:
name: All - notice_update
runs-on: ubuntu-22.04
steps:
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Update Notice File
shell: nix shell nixpkgs#jq nixpkgs#cargo-deny --command bash {0}
run: make notice_file_update
- name: Fail if notice update needed
shell: bash
run: |
set -ex
git diff --exit-code NOTICE.md &> /dev/null || \
{ \
echo "NOTICE file outdated"; \
git diff;
exit 1; \
}
check_crates:
runs-on: ubuntu-latest
name: All - check_crates
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Install Rust
uses: actions-rs/toolchain@88dc2356392166efad76775c878094f4e83ff746
with:
toolchain: stable
profile: minimal
override: true
- name: Install tomlq
run: cargo install --locked tomlq --version 0.1.0
- name: Check for CHANGELOG.md
run: |
for crate in $(find implementations/rust/ockam -name Cargo.toml); do
dir=$(dirname $crate)
if [ ! -f "$dir/CHANGELOG.md" ]; then
echo "Error: $dir/CHANGELOG.md is missing"
exit 1
fi
done
- name: Check for README.md
run: |
for crate in $(find implementations/rust/ockam -name Cargo.toml); do
dir=$(dirname $crate)
if [ ! -f "$dir/README.md" ]; then
echo "Error: $dir/README.md is missing"
exit 1
fi
done
- name: Validate Cargo.toml categories
run: |
allowed_categories="
accessibility
aerospace
drones
protocols
simulation
space-protocols
unmanned-aerial-vehicles
algorithms
api-bindings
asynchronous
authentication
caching
command-line-interface
command-line-utilities
compilers
compression
computer-vision
concurrency
config
cryptography
cryptocurrencies
data-structures
database
database-implementations
date-and-time
development-tools
build-utils
cargo-plugins
debugging
ffi
procedural-macro-helpers
profiling
testing
email
embedded
emulators
encoding
external-ffi-bindings
filesystem
finance
game-development
game-engines
games
graphics
gui
hardware-support
internationalization
localization
mathematics
memory-management
multimedia
audio
encoding
images
video
network-programming
no-std
no-std::no-alloc
os
android-apis
freebsd-apis
linux-apis
macos-apis
unix-apis
windows-apis
parser-implementations
parsing
rendering
rendering::data-formats
rendering::engine
rendering::graphics-api
rust-patterns
science
bioinformatics
genomics
proteomics
sequence-analysis
geo
neuroscience
robotics
simulation
template-engine
text-editors
text-processing
value-formatting
virtualization
visualization
wasm
web-programming
http-client
http-server
websocket
"
for crate in $(find implementations/rust/ockam -name Cargo.toml); do
categories=$(tomlq package.categories -f "$crate" | jq -r '.[]')
for category in $categories; do
if ! echo "$allowed_categories" | grep -q "$category"; then
echo "Error: $crate contains invalid category $category"
exit 1
fi
done
done
- name: Check Cargo.toml To Ensure That All 3rd Party Crates Have Specified Versions
run: |
set -ex
cargo install [email protected]
regex="^[\^|=]*[0-9]+(\.[0-9]+)*(\.[0-9]+)*"
for crate in $(find implementations/rust/ockam -name Cargo.toml); do
deps=$(toml2json <<< cat "$crate" | jq -r '.dependencies')
dev_deps=$(toml2json <<< cat "$crate" | jq -r ".\"dev-dependencies\"")
dependencies=$(echo "$deps $dev_deps" | jq -s add)
dependencies=$(toml2json <<< cat "$crate" | jq -r '.dependencies')
dependencies_keys=$(echo $dependencies | jq -r 'keys')
dependencies_keys_len=$(echo $dependencies | jq -r 'keys | length')
for ((i=0; i<$dependencies_keys_len; i++)); do
crate_name=$(jq -r ".[$i]" <<< $dependencies_keys)
version=$(jq -r ".\"$crate_name\".version" <<< $dependencies || jq -r ".\"$crate_name\"" <<< $dependencies)
# It is mandatory that to publish to the crates.io repository, all our dependencies must have a version specified (must have been published to crates.io)
if [[ $version =~ $regex ]]; then
echo "crate_name: $crate_name"
echo "version: $version"
else
echo "No version found for $crate_name $version in crate $crate"
exit 1
fi
done
done