diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e41faca..960e849 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,6 +13,8 @@ on: pull_request: merge_group: +permissions: {} + env: CARGO_TERM_COLOR: always CARGO_INCREMENTAL: "0" @@ -27,22 +29,37 @@ jobs: run_udeps: name: Run Cargo Udeps runs-on: ubuntu-latest + permissions: + contents: read env: - RUSTC_BOOTSTRAP: 1 + RUSTC_BOOTSTRAP: "1" + steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: dtolnay/rust-toolchain@master with: - toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} + persist-credentials: false + + - name: Install rust toolchain + run: | + rustup toolchain install "${RUST_TOOLCHAIN_VERSION}" --profile minimal + rustup default "${RUST_TOOLCHAIN_VERSION}" + - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: key: udeps - - uses: stackabletech/cargo-install-action@cargo-udeps - - run: cargo udeps --all-targets --all-features + + - name: Install cargo-udeps + run: cargo install cargo-udeps --locked + + - name: Check for unused dependencies + run: cargo udeps --all-targets --all-features run_cargodeny: name: Run Cargo Deny runs-on: ubuntu-latest + permissions: + contents: read + strategy: matrix: checks: @@ -54,6 +71,9 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2.0.15 with: command: check ${{ matrix.checks }} @@ -61,66 +81,87 @@ jobs: run_rustfmt: name: Run Rustfmt runs-on: ubuntu-latest + permissions: + contents: read + steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: dtolnay/rust-toolchain@master with: - toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - components: rustfmt + persist-credentials: false + + - name: Install Rust toolchain with rustfmt + run: | + rustup toolchain install "${RUST_TOOLCHAIN_VERSION}" \ + --profile minimal \ + --component rustfmt + rustup default "${RUST_TOOLCHAIN_VERSION}" + - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: key: fmt - - run: cargo fmt --all -- --check + + - name: Run Rustfmt + run: cargo fmt --all -- --check run_clippy: name: Run Clippy runs-on: ubuntu-latest + permissions: + contents: read + steps: - name: Install host dependencies run: | sudo apt-get update - sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config + sudo apt-get install --yes \ + protobuf-compiler \ + krb5-user \ + libkrb5-dev \ + libclang-dev \ + liblzma-dev \ + libssl-dev \ + pkg-config + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive - - uses: dtolnay/rust-toolchain@master - with: - toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - components: clippy + persist-credentials: false + + - name: Install Rust toolchain with Clippy + run: | + rustup toolchain install "${RUST_TOOLCHAIN_VERSION}" \ + --profile minimal \ + --component clippy + rustup default "${RUST_TOOLCHAIN_VERSION}" + - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: key: clippy - - name: Run clippy action to produce annotations - # NOTE (@Techassi): This action might get a new release soon, because it - # currently uses Node 16, which is deprecated in the next few months by - # GitHub. See https://github.com/giraffate/clippy-action/pull/87 - uses: giraffate/clippy-action@13b9d32482f25d29ead141b79e7e04e7900281e0 # v1.0.1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: env.GITHUB_TOKEN != null && github.event.pull_request.draft == false - with: - clippy_flags: --all-targets -- -D warnings - reporter: "github-pr-review" - github_token: ${{ secrets.GITHUB_TOKEN }} - - name: Run clippy manually without annotations - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: env.GITHUB_TOKEN == null - run: cargo clippy --color never -q --all-targets -- -D warnings + - name: Run Clippy + run: cargo clippy --color never -q --all-targets -- -D warnings run_rustdoc: name: Run RustDoc runs-on: ubuntu-latest + permissions: + contents: read + steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: dtolnay/rust-toolchain@master with: - toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - components: rustfmt + persist-credentials: false + + - name: Install Rust toolchain + run: | + rustup toolchain install "${RUST_TOOLCHAIN_VERSION}" --profile minimal + rustup default "${RUST_TOOLCHAIN_VERSION}" + - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: key: doc - - run: cargo doc --document-private-items + + - name: Build documentation + run: cargo doc --document-private-items run_tests: name: Run Cargo Tests @@ -129,26 +170,41 @@ jobs: - run_rustfmt - run_rustdoc runs-on: ubuntu-latest + permissions: + contents: read # Required by actions/checkout. + steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: dtolnay/rust-toolchain@master with: - toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} + persist-credentials: false + + - name: Install Rust toolchain with rust-src + run: | + rustup toolchain install "${RUST_TOOLCHAIN_VERSION}" \ + --profile minimal \ + --component rust-src + rustup default "${RUST_TOOLCHAIN_VERSION}" + # rust-src is required for trybuild stderr output comparison to work # for our cases. # See: https://github.com/dtolnay/trybuild/issues/236#issuecomment-1620950759 - components: rust-src - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 with: key: test - - run: cargo test --all-features + + - name: Run tests + run: cargo test --all-features tests_passed: name: All tests passed needs: - run_udeps + - run_cargodeny - run_tests runs-on: ubuntu-latest + permissions: {} + steps: - name: log run: echo All tests have passed! + \ No newline at end of file