refactor(rust-build): remove publish, add lint and audit steps

Author: nabil-Tounarti

.github/workflows/rust-build.yml

@@ -1,4 +1,4 @@
-name: Build, Test and Publish Rust Package
+name: Build and Test Rust Package
 
 on:
   workflow_call:
@@ -7,97 +7,66 @@ on:
         description: 'Rust version to use'
         default: 'stable'
         type: string
-      build-target:
+      build-profile:
         description: 'Cargo profile to use for building (debug, release)'
         default: 'release'
         type: string
+      run-audit:
+        description: 'Run cargo-audit for security vulnerabilities'
+        default: true
+        type: boolean
       enable-cache:
         description: 'Enable caching of dependencies'
         default: true
         type: boolean
-      publish-crates-io:
-        description: 'Publish package to crates.io'
-        default: false
-        type: boolean
-      upload-artifact:
-        description: 'Upload build artifact'
-        default: false
-        type: boolean
-      artifact-name:
-        description: 'Name of the artifact to upload'
-        type: string
-        required: false
-      artifact-path:
-        description: 'Path to the artifact to upload'
-        type: string
-        required: false
-    secrets:
-      CRATES_IO_TOKEN:
-        required: false
 
+env:
+  CARGO_TERM_COLOR: always
+  
 jobs:
-  build:
+  build-and-test:
+    name: Build & Test
     runs-on: ubuntu-latest
-    outputs:
-      build_success: ${{ steps.set-output.outputs.build_success }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: actions-rs/toolchain@v1
+        uses: dtolnay/rust-toolchain@stable
         with:
-          profile: minimal
           toolchain: ${{ inputs.rust-version }}
-          override: true
+          components: clippy
 
       - name: Cache dependencies
         if: ${{ inputs.enable-cache }}
         uses: actions/cache@v4
         with:
           path: |
-            ~/.cargo/registry
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
             ~/.cargo/git
             target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-
-      - name: Build
-        run: cargo build --profile ${{ inputs.build-target }}
-
-      - name: Run tests
-        run: cargo test --profile ${{ inputs.build-target }}
-
-      - name: Set build success output
-        id: set-output
-        run: echo "build_success=true" >> $GITHUB_OUTPUT
+          key: ${{ runner.os }}-cargo-${{ inputs.build-profile }}-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ inputs.build-profile }}-
 
-      - name: Upload artifact
-        if: ${{ inputs.upload-artifact }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ inputs.artifact-name }}
-          path: ${{ inputs.artifact-path }}
+      - name: Check formatting
+        run: cargo fmt --all -- --check
 
-  publish:
-    needs: build
-    if: ${{ inputs.publish-crates-io && needs.build.outputs.build_success == 'true' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+      - name: Run linter (Clippy)
+        run: cargo clippy --all-targets -- -D warnings
+      
+      - name: Install cargo-audit
+        if: ${{ inputs.run-audit }}
+        run: cargo install cargo-audit
 
-      - name: Install Rust toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: ${{ inputs.rust-version }}
-          override: true
-
-      - name: Login to crates.io
-        run: cargo login ${{ secrets.CRATES_IO_TOKEN }}
+      - name: Run security audit
+        if: ${{ inputs.run-audit }}
+        run: cargo audit
 
-      - name: Package for crates.io
-        run: cargo package
+      - name: Build
+        run: cargo build --profile ${{ inputs.build-profile }}
 
-      - name: Publish to crates.io
-        run: cargo publish
+      - name: Run tests
+        run: cargo test --profile ${{ inputs.build-profile }}

rust-build/README.md

@@ -1,13 +1,14 @@
-# Rust Build Workflow
+# Rust Build and Test Workflow
 
-A reusable GitHub Actions workflow for building, testing, and publishing Rust packages.
+A reusable GitHub Actions workflow for building, linting, testing, and auditing Rust packages.
 
 ## Features
 
 - Build and test Rust packages
+- Lint code using clippy
+- Check formatting with cargo fmt
+- Run security audits with cargo audit
 - Cache dependencies for faster builds
-- Publish packages to crates.io
-- Upload build artifacts
 
 ## Usage
 
@@ -21,30 +22,19 @@ jobs:
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
     with:
       rust-version: 'stable'
-      build-target: 'release'
+      build-profile: 'release'
+      run-audit: true
       enable-cache: true
-      upload-artifact: true
-      artifact-name: 'my-rust-app'
-      artifact-path: 'target/release/my-app'
 ```
 
 ## Inputs
 
-| Name                | Description                                        | Default   | Required                            |
-|---------------------|----------------------------------------------------|-----------|-------------------------------------|
-| `rust-version`      | Rust version to use                                | `stable`  | No                                  |
-| `build-target`      | Cargo profile to use for building (debug, release) | `release` | No                                  |
-| `enable-cache`      | Enable caching of dependencies                     | `true`    | No                                  |
-| `publish-crates-io` | Publish package to crates.io                       | `false`   | No                                  |
-| `upload-artifact`   | Upload build artifact                              | `false`   | No                                  |
-| `artifact-name`     | Name of the artifact to upload                     | -         | Only if `upload-artifact` is `true` |
-| `artifact-path`     | Path to the artifact to upload                     | -         | Only if `upload-artifact` is `true` |
-
-## Secrets
-
-| Name              | Description                       | Required                              |
-|-------------------|-----------------------------------|---------------------------------------|
-| `CRATES_IO_TOKEN` | Token for publishing to crates.io | Only if `publish-crates-io` is `true` |
+| Name            | Description                                    | Default   | Required |
+| --------------- | ---------------------------------------------- | --------- | -------- |
+| `rust-version`  | Rust version to use                            | `stable`  | No       |
+| `build-profile` | Cargo profile to use (debug, release)          | `release` | No       |
+| `run-audit`     | Run `cargo audit` for security vulnerabilities | `true`    | No       |
+| `enable-cache`  | Enable caching of dependencies                 | `true`    | No       |
 
 ## Examples
 
@@ -56,26 +46,23 @@ jobs:
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
 ```
 
-### Build, Test, and Upload Artifact
+### Disable Security Audit
 
 ```yaml
 jobs:
   build-and-test:
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
     with:
-      upload-artifact: true
-      artifact-name: 'my-rust-app'
-      artifact-path: 'target/release/my-app'
+      run-audit: false
 ```
 
-### Build, Test, and Publish to crates.io
+### Use Debug Profile
 
 ```yaml
 jobs:
-  build-and-publish:
+  jobs:
+  build-and-test:
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
     with:
-      publish-crates-io: true
-    secrets:
-      CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
+      build-profile: 'debug'
 ```