diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..9b6d8eb --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @fission-codes/development \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..b1ec0d9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +version: 2 + +updates: + - package-ecosystem: "cargo" + directory: "/" + commit-message: + prefix: "chore" + include: "scope" + target-branch: "main" + schedule: + interval: "weekly" + + - package-ecosystem: "github-actions" + directory: "/" + commit-message: + prefix: "chore(ci)" + include: "scope" + target-branch: "main" + schedule: + interval: "weekly" \ No newline at end of file diff --git a/.github/workflow/audit.yml b/.github/workflow/audit.yml new file mode 100644 index 0000000..aaaf74f --- /dev/null +++ b/.github/workflow/audit.yml @@ -0,0 +1,18 @@ +name: ๐Ÿ›ก Audit-Check + +on: + schedule: + - cron: '0 0 * * *' + +jobs: + security-audit: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Run Audit-Check + uses: rustsec/audit-check@v0.1.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflow/coverage.yml b/.github/workflow/coverage.yml new file mode 100644 index 0000000..653f860 --- /dev/null +++ b/.github/workflow/coverage.yml @@ -0,0 +1,61 @@ +name: โ˜‚ Code Coverage + +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + coverage: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: nightly + components: llvm-tools-preview + profile: minimal + + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Generate Code coverage + env: + CARGO_INCREMENTAL: '0' + LLVM_PROFILE_FILE: "{{project-name}}-%p-%m.profraw" + RUSTFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests' + RUSTDOCFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests' + run: cargo test --all-features + + - name: Install grcov + run: "curl -L https://github.com/mozilla/grcov/releases/download/v0.8.12/grcov-x86_64-unknown-linux-gnu.tar.bz2 | tar jxf -" + + - name: Run grcov + run: "./grcov . --llvm --binary-path target/debug/ -s . -t lcov --branch --ignore-not-existing --ignore '/*' -o lcov.info" + + - name: Install covfix + uses: actions-rs/install@v0.1 + with: + crate: rust-covfix + use-tool-cache: true + + - name: Run covfix + run: rust-covfix lcov.info -o lcov.info --verbose + + - name: Upload to codecov.io + uses: codecov/codecov-action@v3 + with: + token: {{ "${{ secrets.CODECOV_TOKEN " }}}} + fail_ci_if_error: true + files: lcov.info \ No newline at end of file diff --git a/.github/workflow/docker.yml b/.github/workflow/docker.yml new file mode 100644 index 0000000..2128c72 --- /dev/null +++ b/.github/workflow/docker.yml @@ -0,0 +1,115 @@ +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + build-docker: + runs-on: ubuntu-latest + if: {{ "${{ github.event_name == 'pull_request' " }}}} + + env: + DOCKER_BUILDKIT: 1 + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + # https://github.com/docker/setup-qemu-action + - name: Setup QEMU + uses: docker/setup-qemu-action@v2 + + # https://github.com/docker/setup-buildx-action + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + with: + buildkitd-flags: "--debug" + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: {{ "${{ github.repository_owner " }}}} + password: {{ "${{ secrets.GITHUB_TOKEN " }}}} + + - name: Docker Build + uses: docker/build-push-action@v3 + with:{% if dockerbuild == "glibc" %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye + DEBIAN_TAG=bullseye-slim + {% else %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye{% endif %} + cache-from: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + cache-to: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest,mode=max + context: .{% if dockerbuild == "glibc" %} + # We don't add `linux/arm64` here, as it can cause GitHub runners to + # stall for too long. + platforms: linux/amd64 + {% else %} + platforms: linux/amd64, linux/arm64{% endif %} + push: false + tags: | + {{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + push-docker-build: + runs-on: ubuntu-latest + if: {{ "${{ github.event_name == 'push' " }}}} + + env: + DOCKER_BUILDKIT: 1 + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + # https://github.com/docker/setup-qemu-action + - name: Setup QEMU + uses: docker/setup-qemu-action@v2 + + # https://github.com/docker/setup-buildx-action + - name: Setup Buildx + uses: docker/setup-buildx-action@v2 + with: + buildkitd-flags: "--debug" + + - name: Login to Dockerhub + uses: docker/login-action@v2 + with: + username: {{ "${{ secrets.DOCKERHUB_USERNAME " }}}} + password: {{ "${{ secrets.DOCKERHUB_TOKEN " }}}} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: {{ "${{ github.repository_owner " }}}} + password: {{ "${{ secrets.GITHUB_TOKEN " }}}} + + - name: Docker Build and Push + uses: docker/build-push-action@v3 + with:{% if dockerbuild == "glibc" %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye + DEBIAN_TAG=bullseye-slim + {% else %} + build-args: | + RUST_BUILD_IMG=rust:1.65-slim-bullseye{% endif %} + cache-from: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + cache-to: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest,mode=max + context: .{% if dockerbuild == "glibc" %} + # We don't add `linux/arm64` here, as it can cause GitHub runners to + # stall for too long. + platforms: linux/amd64 + {% else %} + platforms: linux/amd64, linux/arm64{% endif %} + push: true + tags: | + {{ "${{ github.repository_owner " }}}}/{{project-name}}:latest + ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest \ No newline at end of file diff --git a/.github/workflow/release.yml b/.github/workflow/release.yml new file mode 100644 index 0000000..da1897d --- /dev/null +++ b/.github/workflow/release.yml @@ -0,0 +1,72 @@ +name: ๐Œš Release + +on: + workflow_dispatch: + inputs: + force-publish: + required: true + type: boolean + description: Publish Releases at Anytime + + workflow_run: + workflows: [ ๐Ÿงช Tests and Checks ] + branches: [main] + types: [ completed ] + +concurrency: + group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}} + cancel-in-progress: true + +jobs: + release-please: + runs-on: ubuntu-latest + if: > + github.ref == 'refs/heads/main' && + github.repository_owner == '{{github-name}}' && + github.event.workflow_run.conclusion == 'success' + outputs: + release_created: {{ "${{ steps.release.outputs.release_created " }}}}{% if auditable %} + tag: {{ "${{ steps.release.outputs.tag_name " }}}}{% endif %} + + steps: + - name: Run release-please + id: release + uses: google-github-actions/release-please-action@v3 + with: + token: {{ "${{ secrets.GITHUB_TOKEN " }}}} + default-branch: main + command: manifest + extra-files: | + README.md + publish-release: + runs-on: ubuntu-latest + needs: [ release-please ] + + permissions: + contents: write + + if: {{ "${{ needs.release-please.outputs.release_created " }}|| github.event.inputs.force-publish }} + + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + profile: minimal + toolchain: stable + + - name: Verify Publishing of crate + uses: katyo/publish-crates@v1 + with: + dry-run: true + + - name: Cargo Publish to crates.io + uses: katyo/publish-crates@v1 + with: + registry-token: {{ "${{ secrets.CARGO_REGISTRY_TOKEN " }}}} \ No newline at end of file diff --git a/.github/workflow/tests_and_checks.yml b/.github/workflow/tests_and_checks.yml new file mode 100644 index 0000000..15af803 --- /dev/null +++ b/.github/workflow/tests_and_checks.yml @@ -0,0 +1,103 @@ +name: ๐Ÿงช Tests and Checks + +on: + push: + branches: [ main ] + + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + run-checks: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + rust-toolchain: + - stable + - nightly + # minimum version + - 1.64 + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + # Smarter caching action, speeds up build times compared to regular cache: + # https://github.com/Swatinem/rust-cache + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + # Widely adopted suite of Rust-specific boilerplate actions, especially + # toolchain/cargo use: https://actions-rs.github.io/ + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + components: rustfmt, clippy + toolchain: ${{ matrix.rust-toolchain }} + + - name: Check Format + uses: actions-rs/cargo@v1 + with: + args: --all -- --check + command: fmt + toolchain: ${{ matrix.rust-toolchain }} + + - name: Run Linter + uses: actions-rs/cargo@v1 + with: + args: --all -- -D warnings + command: clippy + toolchain: ${{ matrix.rust-toolchain }} + + # Check for security advisories + - name: Check Advisories + if: ${{ matrix.rust-toolchain == 'stable' }} + uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check advisories + continue-on-error: true + + # Audit licenses, unreleased crates, and unexpected duplicate versions. + - name: Check Bans, Licenses, and Sources + if: ${{ matrix.rust-toolchain == 'stable' }} + uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check bans licenses sources + + # Only "test" release build on push event. + - name: Test Release + if: ${{ matrix.rust-toolchain == 'stable' && github.event_name == 'push' }} + run: cargo build --release + + run-tests: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + rust-toolchain: + - stable + - nightly + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Install Environment Packages + run: | + sudo apt-get update -qqy + sudo apt-get install jq + - name: Cache Project + uses: Swatinem/rust-cache@v2 + + - name: Install Rust Toolchain + uses: actions-rs/toolchain@v1 + with: + override: true + toolchain: ${{ matrix.rust-toolchain }} + + - name: Run Tests + run: cargo test --all-features