From 26cc7500c38c28355f325fc0e82136d07ba33b45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20F=C3=A4rnstrand?= <linus@mullvad.net>
Date: Wed, 29 May 2024 15:29:47 +0200
Subject: [PATCH] Add lots of Github Actions CI jobs to check sanity

---
 .github/workflows/build-and-test.yml          | 55 +++++++++++++++++++
 .github/workflows/cargo-audit.yml             | 35 ++++++++++++
 .github/workflows/formatting.yml              | 25 +++++++++
 .../workflows/git-commit-message-style.yml    | 32 +++++++++++
 .github/workflows/linting.yml                 | 25 +++++++++
 5 files changed, 172 insertions(+)
 create mode 100644 .github/workflows/build-and-test.yml
 create mode 100644 .github/workflows/cargo-audit.yml
 create mode 100644 .github/workflows/formatting.yml
 create mode 100644 .github/workflows/git-commit-message-style.yml
 create mode 100644 .github/workflows/linting.yml

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
new file mode 100644
index 0000000..f95b908
--- /dev/null
+++ b/.github/workflows/build-and-test.yml
@@ -0,0 +1,55 @@
+---
+name: Build and test
+on:
+  pull_request:
+    paths:
+      - .github/workflows/build-and-test.yml
+      - '**/*.rs'
+      - Cargo.toml
+      - Cargo.lock
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
+  RUSTFLAGS: --deny warnings
+
+jobs:
+  build-and-test:
+    strategy:
+      matrix:
+        rust: [stable, beta, nightly, 1.56.0]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #v1.0.7
+        with:
+          toolchain: ${{ matrix.rust }}
+          profile: minimal
+          default: true
+
+      - name: Build
+        run: cargo build --all-targets
+
+      - name: Test
+        run: cargo test
+
+  # Make sure the library builds with all dependencies downgraded to their
+  # oldest versions allowed by the semver spec. This ensures we have not
+  # under-specified any dependency
+  minimal-versions:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #v1.0.7
+        with:
+          toolchain: nightly
+          profile: minimal
+          default: true
+
+      - name: Downgrade dependencies to minimal versions
+        run: cargo +nightly update -Z minimal-versions
+
+      - name: Compile with minimal versions
+        run: cargo build --all-targets
diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml
new file mode 100644
index 0000000..bfe548f
--- /dev/null
+++ b/.github/workflows/cargo-audit.yml
@@ -0,0 +1,35 @@
+---
+name: Audit dependencies
+on:
+  pull_request:
+    paths:
+      - .github/workflows/cargo-audit.yml
+      - Cargo.toml
+      - Cargo.lock
+  schedule:
+    # At 06:20 UTC every day. Will create an issue if a CVE is found.
+    - cron: '20 6 * * *'
+  workflow_dispatch:
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # We don't need to check CVEs against the checked in lockfile,
+      # but only against the newest compatible dependencies.
+      # This avoids significant maintenance work that provide no benefits.
+      # We only need to make sure there is any compatible dependency without a known issue
+      - run: cargo update
+
+      - uses: actions-rust-lang/audit@160ac8b6edd32f74656cabba9d1de3fc8339f676 # v1.2
+        name: Audit Rust Dependencies
+        with:
+          denyWarnings: true
+          # Ignored audit issues. This list should be kept short, and effort should be
+          # put into removing items from the list.
+          ignore:
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
new file mode 100644
index 0000000..73a287e
--- /dev/null
+++ b/.github/workflows/formatting.yml
@@ -0,0 +1,25 @@
+---
+name: Rust formatting
+on:
+  pull_request:
+    paths:
+      - .github/workflows/formatting.yml
+      - '**/*.rs'
+  workflow_dispatch:
+jobs:
+  check-formatting:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #v1.0.7
+        with:
+          toolchain: stable
+          profile: minimal
+          components: rustfmt
+          default: true
+
+      - name: Check formatting
+        run: |
+          rustfmt --version
+          cargo fmt -- --check
diff --git a/.github/workflows/git-commit-message-style.yml b/.github/workflows/git-commit-message-style.yml
new file mode 100644
index 0000000..4125202
--- /dev/null
+++ b/.github/workflows/git-commit-message-style.yml
@@ -0,0 +1,32 @@
+---
+name: Git - Check commit message style
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  check-commit-message-style:
+    name: Check commit message style
+    runs-on: ubuntu-latest
+    steps:
+      # Make sure there are no whitespaces other than space, tab and newline in a commit message.
+      - name: Check for unicode whitespaces
+        uses: gsactions/commit-message-checker@16fa2d5de096ae0d35626443bcd24f1e756cafee #v2.0.0
+        with:
+          # Pattern matches strings not containing weird unicode whitespace/separator characters
+          # \P{Z} = All non-whitespace characters (the u-flag is needed to enable \P{Z})
+          # [ \t\n] = Allowed whitespace characters
+          pattern: '^(\P{Z}|[ \t\n])+$'
+          flags: 'u'
+          error: 'Detected unicode whitespace character in commit message.'
+          checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
+          accessToken: ${{ secrets.GITHUB_TOKEN }} # only required if checkAllCommitMessages is true
+
+      # Git commit messages should follow these guidelines: https://cbea.ms/git-commit/
+      - name: Check against guidelines
+        uses: mristin/opinionated-commit-message@f3b9cec249cabffbae7cd564542fd302cc576827 #v3.1.1
+        with:
+          # Commit messages are allowed to be subject only, no body
+          allow-one-liners: 'true'
+          # This action defaults to 50 char subjects, but 72 is fine.
+          max-subject-line-length: '72'
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
new file mode 100644
index 0000000..e989d30
--- /dev/null
+++ b/.github/workflows/linting.yml
@@ -0,0 +1,25 @@
+---
+name: Rust linting
+on:
+  pull_request:
+    paths:
+      - .github/workflows/linting.yml
+      - '**/*.rs'
+  workflow_dispatch:
+jobs:
+  clippy-linting:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions-rs/toolchain@v1.0.6
+        with:
+          toolchain: stable
+          profile: minimal
+          components: clippy
+          default: true
+
+      - name: Clippy check
+        env:
+          RUSTFLAGS: --deny warnings
+        run: cargo clippy --locked --all-targets