Revert "refactor: simplify rust workflow and update README"

nabil-Tounarti · nabil-Tounarti · commit 1050416ebb70 · 2025-07-28T17:30:59.000+02:00
This reverts commit 85ee789.
diff --git a/.github/workflows/rust-build.yml b/.github/workflows/rust-build.yml
@@ -7,6 +7,10 @@ on:
         description: 'The directory to run jobs from'
         default: '.'
         type: string
+      run-audit:
+        description: 'Run cargo-audit for security vulnerabilities'
+        default: true
+        type: boolean
       enable-cache:
         description: 'Enable caching of dependencies'
         default: true
@@ -15,6 +19,18 @@ on:
         description: 'Publish package to crates.io'
         default: false
         type: boolean
+      upload-artifact:
+        description: 'Upload build artifact'
+        default: false
+        type: boolean
+      artifact-name:
+        description: 'Name of the artifact to upload'
+        type: string
+        required: false
+      artifact-path:
+        description: 'Path to the artifact to upload'
+        type: string
+        required: false
     secrets:
       CARGO_REGISTRY_TOKEN:
         required: false
@@ -53,6 +69,15 @@ jobs:
       - name: Run linter (Clippy)
         working-directory: ${{ inputs.working-directory }}
         run: cargo clippy --all-targets -- -D warnings
+      
+      - name: Install cargo-audit
+        if: ${{ inputs.run-audit }}
+        run: cargo install cargo-audit
+
+      - name: Run security audit
+        if: ${{ inputs.run-audit }}
+        working-directory: ${{ inputs.working-directory }}
+        run: cargo audit
 
       - name: Build
         working-directory: ${{ inputs.working-directory }}
@@ -62,6 +87,13 @@ jobs:
         working-directory: ${{ inputs.working-directory }}
         run: cargo test --release
 
+      - name: Upload artifact
+        if: ${{ inputs.upload-artifact }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact-name }}
+          path: ${{ inputs.artifact-path }}
+
       - name: Validate package
         if: ${{ inputs.publish-crates-io }}
         working-directory: ${{ inputs.working-directory }}
diff --git a/rust-build/README.md b/rust-build/README.md
@@ -1,15 +1,18 @@
 # Rust Build Workflow
 
-A reusable GitHub Actions workflow for building, linting, testing, and publishing Rust packages, with optional dependency caching and working directory support.
+A reusable GitHub Actions workflow for building, linting, testing, and auditing Rust packages, with optional artifact upload and crates.io publishing.
 
 ## Features
 
 - Build and test Rust packages
 - Lint code using `clippy`
 - Check formatting with `cargo fmt`
+- Run security audits with `cargo audit`
 - Cache dependencies for faster builds
-- Set a working directory (for monorepos or nested crates)
+- Set a working directory for monorepos
+- Upload build artifacts
 - Publish to crates.io
+- All operations are performed in a single job (no redundant toolchain installs)
 
 ## Usage
 
@@ -23,8 +26,11 @@ jobs:
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
     with:
       working-directory: './my-crate'
+      run-audit: true
       enable-cache: true
-      publish-crates-io: false
+      upload-artifact: true
+      artifact-name: my-crate
+      artifact-path: target/release/my-crate
     secrets:
       CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
 ```
@@ -34,7 +40,11 @@ jobs:
 | Name                | Description                                               | Default  | Required |
 | ------------------- | --------------------------------------------------------- | -------- | -------- |
 | `working-directory` | The directory to run jobs from                            | `.`      | No       |
+| `run-audit`         | Run `cargo audit` for security vulnerabilities            | `true`   | No       |
 | `enable-cache`      | Enable caching of dependencies                            | `true`   | No       |
+| `upload-artifact`   | Upload a build artifact after building                    | `false`  | No       |
+| `artifact-name`     | Name of the artifact to upload                            | –        | No       |
+| `artifact-path`     | Path to the artifact to upload                            | –        | No       |
 | `publish-crates-io` | Publish the package to crates.io (only if build succeeds) | `false`  | No       |
 
 Note: All builds use the release profile by default. There is no build-target input anymore
@@ -65,6 +75,28 @@ jobs:
       working-directory: './my-crate'
 ```
 
+### Disable Security Audit
+
+```yaml
+jobs:
+  build-and-test:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
+    with:
+      run-audit: false
+```
+
+### Upload Artifact After Build
+
+```yaml
+jobs:
+  build-and-upload:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
+    with:
+      upload-artifact: true
+      artifact-name: my-crate
+      artifact-path: target/release/my-crate
+```
+
 ### Publish to crates.io (requires CARGO_REGISTRY_TOKEN)
 
 ```yaml
