diff --git a/.github/workflows/audit-on-push.yml b/.github/workflows/audit-on-push.yml deleted file mode 100644 index e46bb3c..0000000 --- a/.github/workflows/audit-on-push.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Security audit -on: - push: - paths: - - '**/Cargo.toml' - - '**/Cargo.lock' -jobs: - security_audit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..7c7cb7d --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,16 @@ +name: Security audit +on: + schedule: + - cron: '0 0 * * *' + push: + paths: + - '**/Cargo.toml' + - '**/Cargo.lock' +jobs: + security_audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: taiki-e/install-action@cargo-deny + - name: Scan for vulnerabilities + run: cargo deny check advisories \ No newline at end of file diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml index e221a82..9cadafe 100644 --- a/.github/workflows/general.yml +++ b/.github/workflows/general.yml @@ -14,6 +14,8 @@ on: env: CARGO_TERM_COLOR: always + SQLX_VERSION: 0.6.2 + SQLX_FEATURES: "rustls,postgres" jobs: test: @@ -21,7 +23,7 @@ jobs: runs-on: ubuntu-latest services: postgres: - image: postgres:12 + image: postgres:15 env: POSTGRES_USER: postgres POSTGRES_PASSWORD: password @@ -29,147 +31,83 @@ jobs: ports: - 5432:5432 redis: - image: redis:6 + image: redis:7 ports: - 6379:6379 - env: - SQLX_VERSION: 0.6.2 - SQLX_FEATURES: "rustls,postgres" steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Cache dependencies - id: cache-dependencies - uses: actions/cache@v2 + - uses: actions/checkout@v3 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - - name: Cache sqlx-cli - uses: actions/cache@v2 - id: cache-sqlx - with: - path: | - ~/.cargo/bin/sqlx - ~/.cargo/bin/cargo-sqlx - key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }} + key: sqlx-${{ env.SQLX_VERSION }} - name: Install sqlx-cli - uses: actions-rs/cargo@v1 - if: steps.cache-sqlx.outputs.cache-hit == false - with: - command: install - args: > - sqlx-cli - --force + run: + cargo install sqlx-cli --version=${{ env.SQLX_VERSION }} --features ${{ env.SQLX_FEATURES }} --no-default-features --locked - - name: Migrate database run: | sudo apt-get install libpq-dev -y SKIP_DOCKER=true ./scripts/init_db.sh - - name: Check sqlx-data.json is up-to-date run: | cargo sqlx prepare --check -- --bin zero2prod - - - name: Run cargo test - uses: actions-rs/cargo@v1 - with: - command: test + - name: Run tests + run: cargo test fmt: name: Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@v3 + - uses: dtolnay/rust-toolchain@stable with: - toolchain: stable - override: true components: rustfmt - - uses: actions-rs/cargo@v1 - with: - command: fmt - args: --all -- --check + - name: Enforce formatting + run: cargo fmt --check clippy: name: Clippy runs-on: ubuntu-latest services: postgres: - image: postgres:12 + image: postgres:15 env: POSTGRES_USER: postgres POSTGRES_PASSWORD: password POSTGRES_DB: postgres ports: - 5432:5432 - env: - SQLX_VERSION: 0.6.2 - SQLX_FEATURES: "rustls,postgres" steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 + - uses: actions/checkout@v3 + - uses: dtolnay/rust-toolchain@stable with: - toolchain: stable components: clippy - override: true - - - name: Cache sqlx-cli - uses: actions/cache@v2 - id: cache-sqlx + - uses: Swatinem/rust-cache@v2 with: - path: | - ~/.cargo/bin/sqlx - key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }} - - - name: Install sqlx-cli - uses: actions-rs/cargo@v1 - if: steps.cache-sqlx.outputs.cache-hit == false - with: - command: install - args: > - sqlx-cli - --force + key: sqlx-${{ env.SQLX_VERSION }} + - name: Install sqlx-cli + run: + cargo install sqlx-cli --version=${{ env.SQLX_VERSION }} --features ${{ env.SQLX_FEATURES }} --no-default-features --locked - - name: Migrate database run: | sudo apt-get install libpq-dev -y SKIP_DOCKER=true ./scripts/init_db.sh - - - name: Run clippy - uses: actions-rs/clippy-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - args: -- -D warnings + - name: Linting + run: cargo clippy -- -D warnings coverage: name: Code coverage runs-on: ubuntu-latest services: postgres: - image: postgres:12 + image: postgres:15 env: POSTGRES_USER: postgres POSTGRES_PASSWORD: password @@ -177,49 +115,28 @@ jobs: ports: - 5432:5432 redis: - image: redis:6 + image: redis:7 ports: - 6379:6379 - env: - SQLX_VERSION: 0.6.2 - SQLX_FEATURES: "rustls,postgres" steps: - name: Checkout repository - uses: actions/checkout@v2 - - - name: Install stable toolchain - uses: actions-rs/toolchain@v1 + uses: actions/checkout@v3 + - uses: dtolnay/rust-toolchain@stable + - name: Install libpq + run: sudo apt-get update && sudo apt-get install postgresql-client -y + - uses: Swatinem/rust-cache@v2 with: - toolchain: stable - override: true - - - name: Cache sqlx-cli - uses: actions/cache@v2 - id: cache-sqlx - with: - path: | - ~/.cargo/bin/sqlx - key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }} - - - name: Install sqlx-cli - uses: actions-rs/cargo@v1 - if: steps.cache-sqlx.outputs.cache-hit == false - with: - command: install - args: > - sqlx-cli - --force - --version=${{ env.SQLX_VERSION }} - --features ${{ env.SQLX_FEATURES }} - --no-default-features - --locked - + key: sqlx-${{ env.SQLX_VERSION }} + - name: Install tarpaulin + run: cargo install cargo-tarpaulin + - name: Install sqlx-cli + run: + cargo install sqlx-cli + --version=${{ env.SQLX_VERSION }} + --features ${{ env.SQLX_FEATURES }} + --no-default-features + --locked - name: Migrate database - run: | - sudo apt-get install libpq-dev -y - SKIP_DOCKER=true ./scripts/init_db.sh - - - name: Run cargo-tarpaulin - uses: actions-rs/tarpaulin@v0.1 - with: - args: '--ignore-tests --avoid-cfg-tarpaulin' + run: SKIP_DOCKER=true ./scripts/init_db.sh + - name: Generate code coverage + run: cargo tarpaulin --verbose --workspace diff --git a/.github/workflows/scheduled-audit.yml b/.github/workflows/scheduled-audit.yml deleted file mode 100644 index ee08c8f..0000000 --- a/.github/workflows/scheduled-audit.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Security audit -on: - schedule: - - cron: '0 0 * * *' -jobs: - audit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/scripts/init_db.sh b/scripts/init_db.sh index e138eb0..62e4cc4 100755 --- a/scripts/init_db.sh +++ b/scripts/init_db.sh @@ -56,7 +56,7 @@ done >&2 echo "Postgres is up and running on port ${DB_PORT} - running migrations now!" -export DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@localhost:${DB_PORT}/${DB_NAME} +export DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME} sqlx database create sqlx migrate run