From fb31f40a0bc0bdc60f083b00c9799ede1c66c1b6 Mon Sep 17 00:00:00 2001 From: Simone Cottini Date: Tue, 28 Nov 2023 14:05:28 +0100 Subject: [PATCH 1/2] [PLATFORM-1363]: Migrate to GHA (#24) * Add CI step with GHA * Fix clippy warning on phantomdata default call * Remove unused steps from ci * Add cd * Remove drone.yml * Change alls-green impl * Remove comment * Change from ubuntu to self-hosted runner * Switch to k8s-small * Revert to ubuntu-latest --- .drone.yml | 269 --------------------------------------- .github/workflows/cd.yml | 24 ++++ .github/workflows/ci.yml | 43 +++++++ src/builder.rs | 4 +- 4 files changed, 69 insertions(+), 271 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/cd.yml create mode 100644 .github/workflows/ci.yml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 35f0471..0000000 --- a/.drone.yml +++ /dev/null @@ -1,269 +0,0 @@ ---- -kind: pipeline -name: default - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: git-clone - image: public.ecr.aws/prima/drone-git:1.3-3 - environment: - PLUGIN_DEPTH: 5 - -- name: cache-restore - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - cache-restore - environment: - BUCKET_NAME: prima-ci-cache - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - - name: docker - path: /var/run/docker.sock - depends_on: - - git-clone - -- name: check-secrets - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - check-secrets-grants - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - depends_on: - - git-clone - -- name: check-public-docker-images - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - check-public-docker-images - depends_on: - - git-clone - -- name: build-image - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - sed -i 's/USER app/USER root/g' ./Dockerfile - - docker build -t prima/jwks_client-ci:${DRONE_COMMIT} ./ - volumes: - - name: docker - path: /var/run/docker.sock - depends_on: - - cache-restore - -- name: cargo-deps - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - cargo fetch - environment: - CARGO_HOME: /drone/src/.cargo - depends_on: - - build-image - -- name: cargo-format - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - cargo make --profile drone format-ci - environment: - CARGO_HOME: /drone/src/.cargo - depends_on: - - cargo-deps - -- name: cargo-clippy-ci - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - cargo make --profile drone clippy-ci - environment: - BUILD_ENV: dev - CARGO_HOME: /drone/src/.cargo - depends_on: - - cargo-format - -- name: cargo-test - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - cargo make --profile drone test - environment: - BUILD_ENV: dev - CARGO_HOME: /drone/src/.cargo - CARGO_HTTP_CAINFO: "" - depends_on: - - cargo-clippy-ci - -- name: cargo-build - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - cargo make --profile drone build-ci - environment: - BUILD_ENV: dev - CARGO_HOME: /drone/src/.cargo - when: - branch: - exclude: - - master - depends_on: - - cargo-test - -- name: cache-cleanup - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - cargo make --profile drone cache-cleanup - when: - branch: - - master - depends_on: - - cargo-build - - cargo-format - - cargo-clippy-ci - - cargo-test - -- name: cache-save - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - cache-save target - environment: - BUCKET_NAME: prima-ci-cache - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - - name: docker - path: /var/run/docker.sock - when: - branch: - - master - depends_on: - - cache-cleanup - -volumes: -- name: docker - host: - path: /var/run/docker.sock -- name: ecs - host: - path: /etc/profile.d/ecs-credentials-endpoint - -trigger: - event: - - push - ---- -kind: pipeline -name: build-production - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: git-clone - image: public.ecr.aws/prima/drone-git:1.3-3 - environment: - PLUGIN_DEPTH: 5 - -- name: cache-restore - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - cache-restore - environment: - BUCKET_NAME: prima-ci-cache - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - - name: docker - path: /var/run/docker.sock - depends_on: - - git-clone - -- name: build-image - image: public.ecr.aws/prima/drone-tools:1.21.3 - commands: - - sed -i 's/USER app/USER root/g' ./Dockerfile - - docker build -t prima/jwks_client-ci:${DRONE_COMMIT} ./ - volumes: - - name: docker - path: /var/run/docker.sock - depends_on: - - cache-restore - -- name: build-production - image: prima/jwks_client-ci:${DRONE_COMMIT} - commands: - - . /etc/profile.d/ecs-credentials-endpoint - - ./deploy/build production - environment: - CARGO_AUTH_KEY: - from_secret: cargo_auth_key - volumes: - - name: ecs - path: /etc/profile.d/ecs-credentials-endpoint - depends_on: - - build-image - -volumes: -- name: docker - host: - path: /var/run/docker.sock -- name: ecs - host: - path: /etc/profile.d/ecs-credentials-endpoint - -trigger: - event: - - tag - ref: - - refs/tags/*.*.* - ---- -kind: pipeline -name: email-failure - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: email-failure - image: public.ecr.aws/prima/drone-email - settings: - from: drone@prima.it - host: email-smtp.eu-west-1.amazonaws.com - environment: - PLUGIN_PASSWORD: - from_secret: email_password - PLUGIN_USERNAME: - from_secret: email_username - -trigger: - status: - - failure - target: - exclude: - - qa-stack - - qa-it - - qa - -depends_on: -- default -- build-production - ---- -kind: signature -hmac: e8c12b4bfe0e5f9393318800e33074cea21dfd73e4b3eaee21f1abb76f0e29a6 - -... diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 0000000..9ec0d9b --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,24 @@ +name: CD + +on: + release: + types: [published] + +env: + CARGO_TERM_COLOR: always + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: install cargo-release + uses: taiki-e/install-action@v2 + with: + tool: cargo-release@0.24 + - name: login + run: cargo login "$CARGO_AUTH_KEY" + env: + CARGO_AUTH_KEY: ${{ secrets.CARGO_AUTH_KEY }} + - name: publish + run: cargo release publish --no-confirm --allow-branch "*" --all-features --execute diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..167f4a5 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,43 @@ +name: CI + +on: [push, pull_request] + +env: + CARGO_TERM_COLOR: always + +jobs: + lint: + # Avoid duplicate jobs on PR from a branch on the same repo + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: Swatinem/rust-cache@v2 + - name: Build + run: cargo build --all-features + - name: cargo fmt + run: cargo fmt --all -- --check + - name: Clippy + run: cargo clippy --all-features -- -D warnings + - name: Build docs + run: cargo doc --document-private-items --all-features --no-deps + env: + RUSTDOCFLAGS: -Dwarnings + test: + # Avoid duplicate jobs on PR from a branch on the same repo + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: Swatinem/rust-cache@v2 + - name: Run tests + run: cargo test + + alls-green: + if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) + runs-on: ubuntu-latest + needs: + - lint + - test + steps: + - run: ${{ !contains(needs.*.result, 'failure') }} diff --git a/src/builder.rs b/src/builder.rs index d33ff98..1f752e5 100644 --- a/src/builder.rs +++ b/src/builder.rs @@ -15,14 +15,14 @@ impl JwksClientBuilder { pub(crate) fn new() -> Self { Self { ttl_opt: None, - t: PhantomData::default(), + t: PhantomData, } } pub fn time_to_live(&self, ttl: Duration) -> Self { Self { ttl_opt: Some(ttl), - t: PhantomData::default(), + t: PhantomData, } } From be9f56df71aeddc4b1204b59f0d42102d3786fc2 Mon Sep 17 00:00:00 2001 From: Simone Cottini Date: Wed, 29 Nov 2023 15:03:28 +0100 Subject: [PATCH 2/2] [PLATFORM-1405]: Check that jwks_client package version is the same as the tag (#25) * Refactor ci, cd and Makefile * Remove build file * Check package version in cd * Fix wrong error msg in cd * Add fmt-check task * Fix clippy warning * Format... --- .github/workflows/cd.yml | 21 +++++++----- .github/workflows/ci.yml | 19 ++++------- Makefile.toml | 72 ++++++++-------------------------------- deploy/build | 36 -------------------- examples/get_jwks.rs | 5 +-- 5 files changed, 35 insertions(+), 118 deletions(-) delete mode 100755 deploy/build diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 9ec0d9b..67897a9 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -12,13 +12,18 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: install cargo-release - uses: taiki-e/install-action@v2 - with: - tool: cargo-release@0.24 - - name: login - run: cargo login "$CARGO_AUTH_KEY" + - uses: taiki-e/install-action@cargo-release + - uses: taiki-e/install-action@cargo-make + - name: Get version + run: | + VERSION=$(grep -m1 '^version' Cargo.toml | cut -d'"' -f2) + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Check version + if: ${{ github.event.release.tag_name != env.VERSION }} + run: | + echo "Github ref tag [${{ github.event.release.tag_name }}] is different from Cargo.toml version [${{ env.VERSION }}]" + exit 1 + - run: cargo login "$CARGO_AUTH_KEY" env: CARGO_AUTH_KEY: ${{ secrets.CARGO_AUTH_KEY }} - - name: publish - run: cargo release publish --no-confirm --allow-branch "*" --all-features --execute + - run: cargo make release diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 167f4a5..41483d7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,16 +13,11 @@ jobs: steps: - uses: actions/checkout@v3 - uses: Swatinem/rust-cache@v2 - - name: Build - run: cargo build --all-features - - name: cargo fmt - run: cargo fmt --all -- --check - - name: Clippy - run: cargo clippy --all-features -- -D warnings - - name: Build docs - run: cargo doc --document-private-items --all-features --no-deps - env: - RUSTDOCFLAGS: -Dwarnings + - uses: taiki-e/install-action@cargo-make + - run: cargo make fmt-check + - run: cargo make clippy + - run: cargo make docs + test: # Avoid duplicate jobs on PR from a branch on the same repo if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name @@ -30,8 +25,8 @@ jobs: steps: - uses: actions/checkout@v3 - uses: Swatinem/rust-cache@v2 - - name: Run tests - run: cargo test + - uses: taiki-e/install-action@cargo-make + - run: cargo make test alls-green: if: always() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) diff --git a/Makefile.toml b/Makefile.toml index 5191b7a..189f14b 100644 --- a/Makefile.toml +++ b/Makefile.toml @@ -12,70 +12,26 @@ args = [ "@@split(CARGO_MAKE_CARGO_BUILD_TEST_FLAGS, )", ] -[tasks.test] +[tasks.fmt-check] +description = "Runs the cargo rustfmt plugin." command = "cargo" -args = ["test", "${@}"] +args = ["fmt", "--", "--check"] -[tasks.clippy] -command = "cargo" -args = ["clippy", "--", "-D", "warnings"] - -[tasks.clean] -command = "cargo" -args = ["clean"] - -[tasks.format-ci] -description = "Runs the cargo rustfmt plugin during CI." -command = "cargo" -args = ["fmt", "--all", "--", "--check"] - -[tasks.clippy-ci] -command = "cargo" -args = ["clippy", "--", "-D", "warnings"] - -[tasks.build-ci] -description = "Build inside CI." +[tasks.test] command = "cargo" -args = ["build", "-j", "2", "--all-features"] - -[tasks.cache-cleanup] -description = "Clean CI cache" -dependencies = ["cargo-prune", "sweep", "delete-artifacts"] - -[tasks.sweep] -description = "Clean cargo cache with sweep" -command = "cargo sweep -t 10" -ignore_errors = true +args = ["test", "${@}", "--all-features"] -[tasks.cargo-prune] -description = "Run cargo prune" +[tasks.clippy] command = "cargo" -args = ["prune"] - -[tasks.delete-artifacts] -description = "Remove non cachable artifacts" -script = [ - ''' - #!/bin/bash - set -e - set -x - find ./target/debug -type f -maxdepth 1 -delete || true - rm -rfv ./target/{debug,release}/deps/{*jwks_client*} - rm -rfv ./target/{debug,release}/.fingerprint/*jwks_client* - ''' -] +args = ["clippy", "--all-features", "--all-targets", "--", "-D", "warnings"] -[tasks.sweep-start] -description = "Start cargo sweep" +[tasks.docs] +description = "Build docs as they are rendered on docs.rs" command = "cargo" -args = ["sweep", "-s"] +args = ["doc", "--document-private-items", "--all-features", "--no-deps"] +env = { "RUSTDOCFLAGS" = "-Dwarnings" } -[tasks.sweep-end] -description = "Run cargo sweep cleanup" +[tasks.release] +description = "Task to release the package to crates.io" command = "cargo" -args = ["sweep", "-f"] - -[tasks.print-stats] -description = "Print cache size" -command = "du" -args = ["-sh", "target", ".cargo"] +args = ["release", "publish", "--no-confirm", "--allow-branch \"*\"", "--all-features", "--execute"] diff --git a/deploy/build b/deploy/build deleted file mode 100755 index c629629..0000000 --- a/deploy/build +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash - -############################################################################# -# # -# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # -# # -############################################################################# - -# script exit when a command fails -set -o errexit -# catch a command error in pipe execution -set -o pipefail -# exit when try to use undeclared variables -# set -o nounset -# print and expand each command to stdout before executing it -set -o xtrace - -if [ $# -eq 0 ]; then - echo "Missing required argument: environment" - exit 1 -fi - -export ENV=$1 -export AWS_DEFAULT_REGION="eu-west-1" -export VERSION="${DRONE_TAG:-$DRONE_COMMIT_SHA}" - -version=$(grep -m1 '^version' Cargo.toml | cut -d'"' -f2) - -if [[ "$DRONE_TAG" != "$version" ]]; then - echo "Package version $version does not match release version $DRONE_TAG" - exit 1 -fi - -git checkout . -cargo login "$CARGO_AUTH_KEY" -cargo publish diff --git a/examples/get_jwks.rs b/examples/get_jwks.rs index f830fb3..32fd333 100644 --- a/examples/get_jwks.rs +++ b/examples/get_jwks.rs @@ -33,10 +33,7 @@ async fn main() { // The kid "unknown" cannot be a JWKS valid KID. This must not be found here let result: Result = client.get("unknown").await; - println!( - "Get with kid \"unknown\": {}", - result.unwrap_err().to_string() - ); + println!("Get with kid \"unknown\": {}", result.unwrap_err()); // The provided kid (assuming is the same you got from your tenant) is valid and could be found. let result: Result = client.get(&kid).await;