CoinFabrik · faculerena · Nov 29, 2023 · Nov 29, 2023 · Nov 29, 2023 · Nov 29, 2023
diff --git a/.github/ISSUE_TEMPLATE/project-tasks.md b/.github/ISSUE_TEMPLATE/project-tasks.md
@@ -0,0 +1,29 @@
+---
+name: Project task
+about: Project task details
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+## Description
+Detailed explanation of the task. This should include any specific requirements, goals, and desired outcomes. It should also include any necessary context or background information.
+
+## Acceptance Criteria
+- Clear, actionable items that must be met for the task to be considered complete.
+- For example, "The user can successfully log in with their email and password."
+- Acceptance criteria should be testable and should align with the task's goals and requirements.
+
+## Subtasks
+- [ ] Subtask 1: Brief description of the first subtask.
+- [ ] Subtask 2: Brief description of the second subtask.
+- [ ] Subtask 3: Brief description of the third subtask.
+
+*Note: use checklists ;)
+
+## Estimate
+How long you expect this task to take, in days. This is just an estimate and can be adjusted as necessary.
+
+## Sprint number
+The sprint in which this task is scheduled to be worked on.
diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
@@ -0,0 +1,56 @@
+name: Deploy Docs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "docs/**"
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    name: Deploy to GitHub Pages
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./docs
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - uses: pnpm/[email protected]
+        name: Install pnpm
+        id: pnpm-install
+        with:
+          version: 8
+          run_install: false
+
+      - name: Get pnpm store directory
+        id: pnpm-cache
+        run: |
+          echo "pnpm_cache_dir=$(pnpm store path)" >> $GITHUB_OUTPUT
+
+      - uses: actions/cache@v3
+        name: Setup pnpm cache
+        with:
+          path: ${{ steps.pnpm-cache.outputs.pnpm_cache_dir }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('./docs/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build website
+        run: pnpm build
+
+      - name: Deploy to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # Build output to publish to the `gh-pages` branch:
+          publish_dir: ./docs/build
diff --git a/.github/workflows/general-rust.yml b/.github/workflows/general-rust.yml
@@ -0,0 +1,69 @@
+name: General Rust
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "apps/cargo-scout-audit/**"
+      - "detectors/**"
+      - "test-cases/**"
+      - "Makefile"
+  pull_request:
+    paths:
+      - "apps/cargo-scout-audit/**"
+      - "detectors/**"
+      - "test-cases/**"
+      - "Makefile"
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  format:
+    name: Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Update Rust
+        run: rustup update
+
+      - name: Install Rust nightly
+        run: rustup install nightly --profile minimal
+
+      - name: Install Rustfmt
+        run: rustup component add rustfmt --toolchain nightly
+
+      - name: Run cargo fmt
+        run: make fmt-rust-check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Cache cargo-scout-audit dependencies
+        id: cache-cargo-scout-audit-dependencies
+        uses: actions/cache@v3
+        with:
+          path: ./apps/cargo-scout-audit/target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('apps/cargo-scout-audit/Cargo.lock') }}
+
+      - name: Update Rust
+        run: rustup update
+
+      - name: Install Rust nightly-2023-09-29
+        run: rustup install nightly-2023-09-29-x86_64-unknown-linux-gnu --profile minimal
+
+      - name: Install Clippy
+        run: rustup component add clippy --toolchain nightly-2023-09-29-x86_64-unknown-linux-gnu
+
+      - name: Install dylint-link
+        run: cargo install dylint-link
+
+      - name: Run clippy
+        run: make lint
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,60 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Login to crates.io
+        run: echo ${{ secrets.CRATES_TOKEN }} | cargo login
+
+      - name: Publish to crates.io
+        run: python scripts/publish-to-crates-io.py
+
+      - name: Create release notes
+        run: sed -n '/^## ${{ github.ref_name }}/,/^## v/{/^## ${{ github.ref_name }}/p; /^## v/!p;}' CHANGELOG.md | awk 'NF {print $0}' | tee body.md
+
+      - name: Create release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ github.ref }}
+          name: ${{ github.ref_name }}
+          body_path: body.md
+          draft: false
+          prerelease: ${{ contains(github.ref, 'pre') || contains(github.ref, 'rc') }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  upload-binaries:
+    strategy:
+      matrix:
+        include:
+          - { o: macos-latest,   t: x86_64-apple-darwin                              }
+          - { o: ubuntu-latest,  t: x86_64-unknown-linux-gnu                         }
+          - { o: windows-latest, t: x86_64-pc-windows-msvc                           }
+
+    name: Upload binaries
+    runs-on: ${{ matrix.o }}
+    needs: release
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build and publish
+        uses: taiki-e/upload-rust-binary-action@v1
+        with:
+          manifest_path: apps/cargo-scout-audit/Cargo.toml
+          bin: cargo-scout-audit
+          archive: cargo-scout-audit-${{ github.ref_name }}-${{ matrix.t }}-${{ matrix.o }}
+          tar: unix
+          zip: windows
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test-deploy-docs.yml b/.github/workflows/test-deploy-docs.yml
@@ -0,0 +1,48 @@
+name: Test Deploy Docs
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "docs/**"
+
+jobs:
+  test-deploy:
+    name: Test deployment
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./docs
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - uses: pnpm/[email protected]
+        name: Install pnpm
+        id: pnpm-install
+        with:
+          version: 8
+          run_install: false
+
+      - name: Get pnpm store directory
+        id: pnpm-cache
+        run: |
+          echo "pnpm_cache_dir=$(pnpm store path)" >> $GITHUB_OUTPUT
+
+      - uses: actions/cache@v3
+        name: Setup pnpm cache
+        with:
+          path: ${{ steps.pnpm-cache.outputs.pnpm_cache_dir }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('./docs/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Test build website
+        run: pnpm build
diff --git a/.github/workflows/test-detectors.yml b/.github/workflows/test-detectors.yml
@@ -0,0 +1,126 @@
+name: Test Detectors
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "apps/cargo-scout-audit/**"
+      - "detectors/**"
+      - "test-cases/**"
+      - "Makefile"
+  pull_request:
+    paths:
+      - "apps/cargo-scout-audit/**"
+      - "detectors/**"
+      - "test-cases/**"
+      - "Makefile"
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: full
+
+jobs:
+  check-config:
+    name: Check config
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-latest
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Install python dependencies
+        run: pip3 install pyyaml
+
+      - name: Check test matrix is complete
+        run: python3 scripts/check-ci-detectors-to-test.py .github/workflows/test-detectors.yml detectors
+
+      - name: Check detectors for repeated names
+        run: python3 scripts/check-detectors-repeated-names.py detectors
+
+      - name: Check detector names with underscore
+        run: python3 scripts/check-detectors-underscore-names.py detectors
+
+      - name: Check detector names different than their folders
+        run: python3 scripts/check-detectors-names-match-folder.py detectors
+
+  build:
+    name: Build
+    needs: check-config
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-latest
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Cache cargo-scout dependencies
+        id: cache-cargo-scout-dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo
+            apps/cargo-scout-audit/target
+            detectors/target
+            detectors/Cargo.lock
+          key: ${{ runner.os }}-cargo-scout-dependencies-${{ github.run_id }}
+
+      - name: Install Rust nightly-2023-04-23
+        run: rustup install nightly-2023-04-23 --profile minimal
+
+      - name: Install dylint-link
+        run: cargo install dylint-link
+
+      - name: Compile cargo-scout-audit tests
+        working-directory: apps/cargo-scout-audit
+        run: cargo test --no-run
+
+      - name: Compile detectors
+        working-directory: detectors
+        run: cargo build --release
+
+  test:
+    name: Test
+    needs: build
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-latest
+        test:
+          [
+            "divide-before-multiply",
+            "overflow-check",
+            "unsafe-expect",
+            "unsafe-unwrap",
+          ]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Cache cargo-scout dependencies
+        id: cache-cargo-scout-dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo
+            apps/cargo-scout-audit/target
+            detectors/target
+            detectors/Cargo.lock
+          key: ${{ runner.os }}-cargo-scout-dependencies-${{ github.run_id  }}
+          fail-on-cache-miss: true
+
+      - name: Run tests
+        working-directory: apps/cargo-scout-audit
+        env:
+          INTEGRATION_TESTS_TO_RUN: ${{ matrix.test }}
+        run: cargo test -- --nocapture