Improving our panic audit #649
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Cargo Build & Test | |
on: | |
pull_request: | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
build_and_test: | |
name: Rust project - latest | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
toolchain: | |
- stable | |
steps: | |
- uses: actions/checkout@v3 | |
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | |
- run: cargo fmt --all --check | |
- run: RUSTFLAGS="-D warnings -F unsafe-code" cargo build --verbose --features "experimental" | |
- run: RUSTFLAGS="-D warnings -F unsafe-code" cargo build --verbose | |
- run: cargo test --verbose --features "experimental" | |
- run: cargo test --verbose | |
- run: cargo doc --all-features | |
- run: cargo clippy | |
- run: ./panic_safety.sh | |
- run: cargo test --verbose -- --ignored | |
- run: cargo bench --no-run | |
- run: cd cedar-policy ; cargo test --no-default-features --verbose | |
- run: cd cedar-policy-cli ; cargo test --no-default-features --verbose | |
- run: cd cedar-policy-core ; cargo test --no-default-features --verbose | |
- run: cd cedar-policy-formatter ; cargo test --no-default-features --verbose | |
- run: cd cedar-policy-validator ; cargo test --no-default-features --verbose | |
cargo_audit: | |
name: Cargo Audit | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
toolchain: | |
- stable | |
steps: | |
- uses: actions/checkout@v3 | |
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | |
- run: cargo install cargo-audit | |
- run: cargo audit --deny warnings | |
cargo_semver_checks: | |
name: Cargo SemVer Checks | |
runs-on: ubuntu-latest | |
# Make this check mandatory for release branches. | |
continue-on-error: ${{ !startsWith(github.base_ref, 'release/') }} | |
strategy: | |
matrix: | |
toolchain: | |
- stable | |
steps: | |
- name: Check out head (${{ github.head_ref }}) | |
uses: actions/checkout@v3 | |
with: | |
path: head | |
# Pull requests to non-release branches are checked for SemVer breakage | |
# relative to their target branch. | |
- if: ${{ !startsWith(github.base_ref, 'release/') }} | |
name: Check out base (${{ github.base_ref }}) | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.base_ref }} | |
path: base | |
# If this is a release PR, check SemVer relative to the highest version | |
# published to crates.io <= the version from head. | |
- if: ${{ startsWith(github.base_ref, 'release/') }} | |
name: Check out base (from crates.io) | |
run: head/.github/scripts/check-out-base-from-crates-io.sh | |
shell: bash | |
# `cargo semver-checks` doesn't understand `rlib` crates. | |
- run: >- | |
sed -i 's/^crate_type = \["rlib"\]$/crate_type = ["lib"]/' {head,base}/cedar-policy/Cargo.toml | |
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | |
- run: cargo install cargo-semver-checks | |
- run: cargo semver-checks check-release --package cedar-policy --baseline-root ../base | |
working-directory: head |