Skip to content

Improving our panic audit #649

Improving our panic audit

Improving our panic audit #649

Workflow file for this run

name: Cargo Build & Test
on:
pull_request:
env:
CARGO_TERM_COLOR: always
jobs:
build_and_test:
name: Rust project - latest
runs-on: ubuntu-latest
strategy:
matrix:
toolchain:
- stable
steps:
- uses: actions/checkout@v3
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
- run: cargo fmt --all --check
- run: RUSTFLAGS="-D warnings -F unsafe-code" cargo build --verbose --features "experimental"
- run: RUSTFLAGS="-D warnings -F unsafe-code" cargo build --verbose
- run: cargo test --verbose --features "experimental"
- run: cargo test --verbose
- run: cargo doc --all-features
- run: cargo clippy
- run: ./panic_safety.sh
- run: cargo test --verbose -- --ignored
- run: cargo bench --no-run
- run: cd cedar-policy ; cargo test --no-default-features --verbose
- run: cd cedar-policy-cli ; cargo test --no-default-features --verbose
- run: cd cedar-policy-core ; cargo test --no-default-features --verbose
- run: cd cedar-policy-formatter ; cargo test --no-default-features --verbose
- run: cd cedar-policy-validator ; cargo test --no-default-features --verbose
cargo_audit:
name: Cargo Audit
runs-on: ubuntu-latest
strategy:
matrix:
toolchain:
- stable
steps:
- uses: actions/checkout@v3
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
- run: cargo install cargo-audit
- run: cargo audit --deny warnings
cargo_semver_checks:
name: Cargo SemVer Checks
runs-on: ubuntu-latest
# Make this check mandatory for release branches.
continue-on-error: ${{ !startsWith(github.base_ref, 'release/') }}
strategy:
matrix:
toolchain:
- stable
steps:
- name: Check out head (${{ github.head_ref }})
uses: actions/checkout@v3
with:
path: head
# Pull requests to non-release branches are checked for SemVer breakage
# relative to their target branch.
- if: ${{ !startsWith(github.base_ref, 'release/') }}
name: Check out base (${{ github.base_ref }})
uses: actions/checkout@v3
with:
ref: ${{ github.base_ref }}
path: base
# If this is a release PR, check SemVer relative to the highest version
# published to crates.io <= the version from head.
- if: ${{ startsWith(github.base_ref, 'release/') }}
name: Check out base (from crates.io)
run: head/.github/scripts/check-out-base-from-crates-io.sh
shell: bash
# `cargo semver-checks` doesn't understand `rlib` crates.
- run: >-
sed -i 's/^crate_type = \["rlib"\]$/crate_type = ["lib"]/' {head,base}/cedar-policy/Cargo.toml
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
- run: cargo install cargo-semver-checks
- run: cargo semver-checks check-release --package cedar-policy --baseline-root ../base
working-directory: head