fission-codes · BoisterousCoder · Jan 4, 2023 · Jan 21, 2023
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @fission-codes/development
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    target-branch: "main"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    commit-message:
+      prefix: "chore(ci)"
+      include: "scope"
+    target-branch: "main"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflow/audit.yml b/.github/workflow/audit.yml
@@ -0,0 +1,18 @@
+name: 🛡 Audit-Check
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  security-audit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Run Audit-Check
+        uses: rustsec/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflow/coverage.yml b/.github/workflow/coverage.yml
@@ -0,0 +1,61 @@
+name: ☂ Code Coverage
+
+on:
+  push:
+    branches: [ main ]
+
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}}
+  cancel-in-progress: true
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Install Rust Toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          override: true
+          toolchain: nightly
+          components: llvm-tools-preview
+          profile: minimal
+
+      - name: Cache Project
+        uses: Swatinem/rust-cache@v2
+
+      - name: Generate Code coverage
+        env:
+          CARGO_INCREMENTAL: '0'
+          LLVM_PROFILE_FILE: "{{project-name}}-%p-%m.profraw"
+          RUSTFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests'
+          RUSTDOCFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests'
+        run: cargo test --all-features
+
+      - name: Install grcov
+        run: "curl -L https://github.com/mozilla/grcov/releases/download/v0.8.12/grcov-x86_64-unknown-linux-gnu.tar.bz2 | tar jxf -"
+
+      - name: Run grcov
+        run: "./grcov . --llvm --binary-path target/debug/ -s . -t lcov --branch --ignore-not-existing --ignore '/*' -o lcov.info"
+
+      - name: Install covfix
+        uses: actions-rs/[email protected]
+        with:
+          crate: rust-covfix
+          use-tool-cache: true
+
+      - name: Run covfix
+        run: rust-covfix lcov.info -o lcov.info --verbose
+
+      - name: Upload to codecov.io
+        uses: codecov/codecov-action@v3
+        with:
+          token: {{ "${{ secrets.CODECOV_TOKEN " }}}}
+          fail_ci_if_error: true
+          files: lcov.info
diff --git a/.github/workflow/docker.yml b/.github/workflow/docker.yml
@@ -0,0 +1,115 @@
+on:
+  push:
+    branches: [ main ]
+
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}}
+  cancel-in-progress: true
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    if: {{ "${{ github.event_name == 'pull_request' " }}}}
+
+    env:
+      DOCKER_BUILDKIT: 1
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      # https://github.com/docker/setup-qemu-action
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v2
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          buildkitd-flags: "--debug"
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: {{ "${{ github.repository_owner " }}}}
+          password: {{ "${{ secrets.GITHUB_TOKEN " }}}}
+
+      - name: Docker Build
+        uses: docker/build-push-action@v3
+        with:{% if dockerbuild == "glibc" %}
+          build-args: |
+            RUST_BUILD_IMG=rust:1.65-slim-bullseye
+            DEBIAN_TAG=bullseye-slim
+          {% else %}
+          build-args: |
+            RUST_BUILD_IMG=rust:1.65-slim-bullseye{% endif %}
+          cache-from: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest
+          cache-to: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest,mode=max
+          context: .{% if dockerbuild == "glibc" %}
+          # We don't add `linux/arm64` here, as it can cause GitHub runners to
+          # stall for too long.
+          platforms: linux/amd64
+          {% else %}
+          platforms: linux/amd64, linux/arm64{% endif %}
+          push: false
+          tags: |
+            {{ "${{ github.repository_owner " }}}}/{{project-name}}:latest
+  push-docker-build:
+    runs-on: ubuntu-latest
+    if: {{ "${{ github.event_name == 'push' " }}}}
+
+    env:
+      DOCKER_BUILDKIT: 1
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      # https://github.com/docker/setup-qemu-action
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v2
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          buildkitd-flags: "--debug"
+
+      - name: Login to Dockerhub
+        uses: docker/login-action@v2
+        with:
+          username: {{ "${{ secrets.DOCKERHUB_USERNAME " }}}}
+          password: {{ "${{ secrets.DOCKERHUB_TOKEN " }}}}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: {{ "${{ github.repository_owner " }}}}
+          password: {{ "${{ secrets.GITHUB_TOKEN " }}}}
+
+      - name: Docker Build and Push
+        uses: docker/build-push-action@v3
+        with:{% if dockerbuild == "glibc" %}
+          build-args: |
+            RUST_BUILD_IMG=rust:1.65-slim-bullseye
+            DEBIAN_TAG=bullseye-slim
+          {% else %}
+          build-args: |
+            RUST_BUILD_IMG=rust:1.65-slim-bullseye{% endif %}
+          cache-from: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest
+          cache-to: type=registry,ref=ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest,mode=max
+          context: .{% if dockerbuild == "glibc" %}
+          # We don't add `linux/arm64` here, as it can cause GitHub runners to
+          # stall for too long.
+          platforms: linux/amd64
+          {% else %}
+          platforms: linux/amd64, linux/arm64{% endif %}
+          push: true
+          tags: |
+            {{ "${{ github.repository_owner " }}}}/{{project-name}}:latest
+            ghcr.io/{{ "${{ github.repository_owner " }}}}/{{project-name}}:latest
diff --git a/.github/workflow/release.yml b/.github/workflow/release.yml
@@ -0,0 +1,72 @@
+name: 𝌚 Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      force-publish:
+        required: true
+        type: boolean
+        description: Publish Releases at Anytime
+
+  workflow_run:
+    workflows: [ 🧪 Tests and Checks ]
+    branches: [main]
+    types: [ completed ]
+
+concurrency:
+  group: {{ "${{ github.workflow " }}}}-{{ "${{ github.ref " }}}}
+  cancel-in-progress: true
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    if: >
+      github.ref == 'refs/heads/main' &&
+      github.repository_owner == '{{github-name}}' &&
+      github.event.workflow_run.conclusion == 'success'
+    outputs:
+      release_created: {{ "${{ steps.release.outputs.release_created " }}}}{% if auditable %}
+      tag: {{ "${{ steps.release.outputs.tag_name " }}}}{% endif %}
+
+    steps:
+      - name: Run release-please
+        id: release
+        uses: google-github-actions/release-please-action@v3
+        with:
+          token: {{ "${{ secrets.GITHUB_TOKEN " }}}}
+          default-branch: main
+          command: manifest
+          extra-files: |
+            README.md
+  publish-release:
+    runs-on: ubuntu-latest
+    needs: [ release-please ]
+
+    permissions:
+      contents: write
+
+    if: {{ "${{ needs.release-please.outputs.release_created " }}|| github.event.inputs.force-publish }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Cache Project
+        uses: Swatinem/rust-cache@v2
+
+      - name: Install Rust Toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          override: true
+          profile: minimal
+          toolchain: stable
+
+      - name: Verify Publishing of crate
+        uses: katyo/publish-crates@v1
+        with:
+          dry-run: true
+
+      - name: Cargo Publish to crates.io
+        uses: katyo/publish-crates@v1
+        with:
+          registry-token: {{ "${{ secrets.CARGO_REGISTRY_TOKEN " }}}}