add CI

charmitro · charmitro · commit 1dd8221e3da4 · 2025-05-24T15:42:21.000+03:00
Signed-off-by: Charalampos Mitrodimas &lt;charmitro@posteo.net&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,127 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        rust: [stable]
+        include:
+          - os: ubuntu-latest
+            rust: beta
+          - os: ubuntu-latest
+            rust: nightly
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: ${{ matrix.rust }}
+        components: rustfmt, clippy
+
+    - name: Cache cargo registry
+      uses: actions/cache@v4
+      with:
+        path: ~/.cargo/registry
+        key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Cache cargo index
+      uses: actions/cache@v4
+      with:
+        path: ~/.cargo/git
+        key: ${{ runner.os }}-cargo-git-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Cache cargo build
+      uses: actions/cache@v4
+      with:
+        path: target
+        key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Check formatting
+      run: cargo fmt -- --check
+      if: matrix.rust == 'stable'
+
+    - name: Run clippy
+      run: cargo clippy --all-targets --all-features -- -D warnings
+      if: matrix.rust == 'stable'
+
+    - name: Run tests
+      run: cargo test --verbose
+
+    - name: Build release
+      run: cargo build --release --verbose
+
+    - name: Test binary
+      run: |
+        ./target/release/peak-mem -- echo "Hello, CI!"
+        ./target/release/peak-mem --json -- echo "JSON test"
+        ./target/release/peak-mem --csv -- echo "CSV test"
+        ./target/release/peak-mem --quiet -- echo "Quiet test"
+
+  # Separate job for checking MSRV (Minimum Supported Rust Version)
+  msrv:
+    name: Check MSRV
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust 1.70
+      uses: dtolnay/rust-toolchain@master
+      with:
+        toolchain: "1.70"
+
+    - name: Check compilation
+      run: cargo check --verbose
+
+  # Build artifacts for releases
+  build-release:
+    name: Build Release Artifacts
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            artifact_name: peak-mem-linux-x86_64
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            artifact_name: peak-mem-macos-x86_64
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            artifact_name: peak-mem-macos-aarch64
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        targets: ${{ matrix.target }}
+
+    - name: Build release binary
+      run: cargo build --release --target ${{ matrix.target }}
+
+    - name: Strip binary (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      run: strip target/${{ matrix.target }}/release/peak-mem
+
+    - name: Upload artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.artifact_name }}
+        path: target/${{ matrix.target }}/release/peak-mem
+        retention-days: 7
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,90 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  create-release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: Release ${{ github.ref }}
+        draft: false
+        prerelease: false
+
+  build-and-upload:
+    name: Build and Upload
+    needs: create-release
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            artifact_name: peak-mem
+            asset_name: peak-mem-linux-x86_64
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-musl
+            artifact_name: peak-mem
+            asset_name: peak-mem-linux-x86_64-musl
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            artifact_name: peak-mem
+            asset_name: peak-mem-macos-x86_64
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            artifact_name: peak-mem
+            asset_name: peak-mem-macos-aarch64
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+      with:
+        targets: ${{ matrix.target }}
+
+    - name: Install musl tools (Linux)
+      if: matrix.target == 'x86_64-unknown-linux-musl'
+      run: sudo apt-get update && sudo apt-get install -y musl-tools
+
+    - name: Build release binary
+      run: cargo build --release --target ${{ matrix.target }}
+
+    - name: Strip binary (Linux)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        strip target/${{ matrix.target }}/release/${{ matrix.artifact_name }} || true
+
+    - name: Create tarball
+      run: |
+        cd target/${{ matrix.target }}/release
+        tar czf ${{ matrix.asset_name }}.tar.gz ${{ matrix.artifact_name }}
+        cd -
+        mv target/${{ matrix.target }}/release/${{ matrix.asset_name }}.tar.gz .
+
+    - name: Upload Release Asset
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ needs.create-release.outputs.upload_url }}
+        asset_path: ./${{ matrix.asset_name }}.tar.gz
+        asset_name: ${{ matrix.asset_name }}.tar.gz
+        asset_content_type: application/gzip
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,41 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+  schedule:
+    # Run security audit weekly on Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Install cargo-audit
+      run: cargo install cargo-audit
+
+    - name: Run security audit
+      run: cargo audit
+
+  deny:
+    name: Dependency License Check
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install Rust
+      uses: dtolnay/rust-toolchain@stable
+
+    - name: Install cargo-deny
+      run: cargo install cargo-deny
+
+    - name: Check dependencies
+      run: cargo deny check
diff --git a/README.md b/README.md
@@ -1,5 +1,8 @@
 # peak-mem
 
+[![CI](https://github.com/peak-mem/peak-mem/actions/workflows/ci.yml/badge.svg)](https://github.com/peak-mem/peak-mem/actions/workflows/ci.yml)
+[![Security Audit](https://github.com/peak-mem/peak-mem/actions/workflows/security.yml/badge.svg)](https://github.com/peak-mem/peak-mem/actions/workflows/security.yml)
+
 A lightweight, cross-platform memory usage monitor for any process. Track peak memory consumption with minimal overhead.
 
 ## Features
diff --git a/deny.toml b/deny.toml
@@ -0,0 +1,40 @@
+# cargo-deny configuration
+
+[bans]
+# Lint level for when multiple versions of the same dependency are detected
+multiple-versions = "warn"
+# Lint level for when a dependency marked as 'unused' is still present
+unused = "warn"
+# List of explicitly disallowed crates
+deny = []
+
+[licenses]
+# List of explicitly allowed licenses
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "ISC",
+    "Unicode-DFS-2016",
+    "CC0-1.0",
+]
+# List of explicitly disallowed licenses
+deny = []
+# Lint level for licenses considered copyleft
+copyleft = "warn"
+# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
+allow-osi-fsf-free = "neither"
+# Lint level used when no other predicates are matched
+default = "deny"
+# The confidence threshold for detecting a license from license text.
+confidence-threshold = 0.8
+
+[sources]
+# Lint level for what to happen when a crate from a crate registry that is not in the allow list is encountered
+unknown-registry = "warn"
+# Lint level for what to happen when a crate from a git repository that is not in the allow list is encountered
+unknown-git = "warn"
+# List of allowed crate registries
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]
