From 08b6d2e3f2c672e752e2f0472fa94940e34b11af Mon Sep 17 00:00:00 2001 From: Facundo Lerena Date: Wed, 29 Nov 2023 12:53:22 -0300 Subject: [PATCH] CI --- .github/workflows/deploy-docs.yml | 56 ++++++++++ .github/workflows/general-rust.yml | 69 ++++++++++++ .github/workflows/release.yml | 60 ++++++++++ .github/workflows/test-deploy-docs.yml | 48 ++++++++ .github/workflows/test-detectors.yml | 146 +++++++++++++++++++++++++ 5 files changed, 379 insertions(+) create mode 100644 .github/workflows/deploy-docs.yml create mode 100644 .github/workflows/general-rust.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/test-deploy-docs.yml create mode 100644 .github/workflows/test-detectors.yml diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml new file mode 100644 index 00000000..82843330 --- /dev/null +++ b/.github/workflows/deploy-docs.yml @@ -0,0 +1,56 @@ +name: Deploy Docs + +on: + push: + branches: + - main + paths: + - "docs/**" + workflow_dispatch: + +jobs: + deploy: + name: Deploy to GitHub Pages + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./docs + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-node@v3 + with: + node-version: 18 + + - uses: pnpm/action-setup@v2.2.4 + name: Install pnpm + id: pnpm-install + with: + version: 8 + run_install: false + + - name: Get pnpm store directory + id: pnpm-cache + run: | + echo "pnpm_cache_dir=$(pnpm store path)" >> $GITHUB_OUTPUT + + - uses: actions/cache@v3 + name: Setup pnpm cache + with: + path: ${{ steps.pnpm-cache.outputs.pnpm_cache_dir }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('./docs/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Build website + run: pnpm build + + - name: Deploy to GitHub Pages + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + # Build output to publish to the `gh-pages` branch: + publish_dir: ./docs/build diff --git a/.github/workflows/general-rust.yml b/.github/workflows/general-rust.yml new file mode 100644 index 00000000..7a738c47 --- /dev/null +++ b/.github/workflows/general-rust.yml @@ -0,0 +1,69 @@ +name: General Rust + +on: + push: + branches: + - "main" + paths: + - "apps/cargo-scout-audit/**" + - "detectors/**" + - "test-cases/**" + - "Makefile" + pull_request: + paths: + - "apps/cargo-scout-audit/**" + - "detectors/**" + - "test-cases/**" + - "Makefile" + workflow_dispatch: + +env: + CARGO_TERM_COLOR: always + +jobs: + format: + name: Format + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Update Rust + run: rustup update + + - name: Install Rust nightly + run: rustup install nightly --profile minimal + + - name: Install Rustfmt + run: rustup component add rustfmt --toolchain nightly + + - name: Run cargo fmt + run: make fmt-rust-check + + clippy: + name: Clippy + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Cache cargo-scout-audit dependencies + id: cache-cargo-scout-audit-dependencies + uses: actions/cache@v3 + with: + path: ./apps/cargo-scout-audit/target + key: ${{ runner.os }}-cargo-${{ hashFiles('apps/cargo-scout-audit/Cargo.lock') }} + + - name: Update Rust + run: rustup update + + - name: Install Rust nightly-2023-04-23 + run: rustup install nightly-2023-04-23 --profile minimal + + - name: Install Clippy nightly-2023-04-23 + run: rustup component add clippy --toolchain nightly-2023-04-23 + + - name: Install dylint-link + run: cargo install dylint-link + + - name: Run clippy + run: make lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..e21aa8f4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,60 @@ +name: Release + +on: + push: + tags: + - "v*.*.*" + +env: + CARGO_TERM_COLOR: always + +jobs: + release: + name: Release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Login to crates.io + run: echo ${{ secrets.CRATES_TOKEN }} | cargo login + + - name: Publish to crates.io + run: python scripts/publish-to-crates-io.py + + - name: Create release notes + run: sed -n '/^## ${{ github.ref_name }}/,/^## v/{/^## ${{ github.ref_name }}/p; /^## v/!p;}' CHANGELOG.md | awk 'NF {print $0}' | tee body.md + + - name: Create release + uses: softprops/action-gh-release@v1 + with: + tag_name: ${{ github.ref }} + name: ${{ github.ref_name }} + body_path: body.md + draft: false + prerelease: ${{ contains(github.ref, 'pre') || contains(github.ref, 'rc') }} + token: ${{ secrets.GITHUB_TOKEN }} + + upload-binaries: + strategy: + matrix: + include: + - { o: macos-latest, t: x86_64-apple-darwin } + - { o: ubuntu-latest, t: x86_64-unknown-linux-gnu } + - { o: windows-latest, t: x86_64-pc-windows-msvc } + + name: Upload binaries + runs-on: ${{ matrix.o }} + needs: release + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Build and publish + uses: taiki-e/upload-rust-binary-action@v1 + with: + manifest_path: apps/cargo-scout-audit/Cargo.toml + bin: cargo-scout-audit + archive: cargo-scout-audit-${{ github.ref_name }}-${{ matrix.t }}-${{ matrix.o }} + tar: unix + zip: windows + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test-deploy-docs.yml b/.github/workflows/test-deploy-docs.yml new file mode 100644 index 00000000..cc45e1ff --- /dev/null +++ b/.github/workflows/test-deploy-docs.yml @@ -0,0 +1,48 @@ +name: Test Deploy Docs + +on: + pull_request: + branches: + - main + paths: + - "docs/**" + +jobs: + test-deploy: + name: Test deployment + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./docs + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-node@v3 + with: + node-version: 18 + + - uses: pnpm/action-setup@v2.2.4 + name: Install pnpm + id: pnpm-install + with: + version: 8 + run_install: false + + - name: Get pnpm store directory + id: pnpm-cache + run: | + echo "pnpm_cache_dir=$(pnpm store path)" >> $GITHUB_OUTPUT + + - uses: actions/cache@v3 + name: Setup pnpm cache + with: + path: ${{ steps.pnpm-cache.outputs.pnpm_cache_dir }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('./docs/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Test build website + run: pnpm build diff --git a/.github/workflows/test-detectors.yml b/.github/workflows/test-detectors.yml new file mode 100644 index 00000000..309fb691 --- /dev/null +++ b/.github/workflows/test-detectors.yml @@ -0,0 +1,146 @@ +name: Test Detectors + +on: + push: + branches: + - "main" + paths: + - "apps/cargo-scout-audit/**" + - "detectors/**" + - "test-cases/**" + - "Makefile" + pull_request: + paths: + - "apps/cargo-scout-audit/**" + - "detectors/**" + - "test-cases/**" + - "Makefile" + workflow_dispatch: + +env: + CARGO_TERM_COLOR: always + RUST_BACKTRACE: full + +jobs: + check-config: + name: Check config + strategy: + matrix: + os: + - ubuntu-latest + - macos-latest + runs-on: ${{ matrix.os }} + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Install python dependencies + run: pip3 install pyyaml + + - name: Check test matrix is complete + run: python3 scripts/check-ci-detectors-to-test.py .github/workflows/test-detectors.yml detectors + + - name: Check detectors for repeated names + run: python3 scripts/check-detectors-repeated-names.py detectors + + - name: Check detector names with underscore + run: python3 scripts/check-detectors-underscore-names.py detectors + + - name: Check detector names different than their folders + run: python3 scripts/check-detectors-names-match-folder.py detectors + + build: + name: Build + needs: check-config + strategy: + matrix: + os: + - ubuntu-latest + - macos-latest + runs-on: ${{ matrix.os }} + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Cache cargo-scout dependencies + id: cache-cargo-scout-dependencies + uses: actions/cache@v3 + with: + path: | + ~/.cargo + apps/cargo-scout-audit/target + detectors/target + detectors/Cargo.lock + key: ${{ runner.os }}-cargo-scout-dependencies-${{ github.run_id }} + + - name: Install Rust nightly-2023-04-23 + run: rustup install nightly-2023-04-23 --profile minimal + + - name: Install dylint-link + run: cargo install dylint-link + + - name: Compile cargo-scout-audit tests + working-directory: apps/cargo-scout-audit + run: cargo test --no-run + + - name: Compile detectors + working-directory: detectors + run: cargo build --release + + test: + name: Test + needs: build + strategy: + matrix: + os: + - ubuntu-latest + - macos-latest + test: + [ + "assert-violation", + "avoid-core-mem-forget", + "avoid-format-string", + "delegate-call", + "divide-before-multiply", + "dos-unbounded-operation", + "dos-unexpected-revert-with-vector", + "ink-version", + "insufficiently-random-values", + "integer-overflow-or-underflow", + "iterators-over-indexing", + "lazy-delegate", + "panic-error", + "reentrancy-1", + "reentrancy-2", + "set-code-hash", + "set-contract-storage", + "unprotected-mapping-operation", + "unprotected-self-destruct", + "unrestricted-transfer-from", + "unsafe-expect", + "unsafe-unwrap", + "unused-return-enum", + "zero-or-test-address", + ] + runs-on: ${{ matrix.os }} + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Cache cargo-scout dependencies + id: cache-cargo-scout-dependencies + uses: actions/cache@v3 + with: + path: | + ~/.cargo + apps/cargo-scout-audit/target + detectors/target + detectors/Cargo.lock + key: ${{ runner.os }}-cargo-scout-dependencies-${{ github.run_id }} + fail-on-cache-miss: true + + - name: Run tests + working-directory: apps/cargo-scout-audit + env: + INTEGRATION_TESTS_TO_RUN: ${{ matrix.test }} + run: cargo test -- --nocapture