mirror of
https://github.com/LukeMathWalker/zero-to-production.git
synced 2025-01-20 22:08:06 +00:00
Update CI.
This commit is contained in:
parent
8c32639c21
commit
97a4833f71
5 changed files with 63 additions and 156 deletions
14
.github/workflows/audit-on-push.yml
vendored
14
.github/workflows/audit-on-push.yml
vendored
|
@ -1,14 +0,0 @@
|
||||||
name: Security audit
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
paths:
|
|
||||||
- '**/Cargo.toml'
|
|
||||||
- '**/Cargo.lock'
|
|
||||||
jobs:
|
|
||||||
security_audit:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v1
|
|
||||||
- uses: actions-rs/audit-check@v1
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
16
.github/workflows/audit.yml
vendored
Normal file
16
.github/workflows/audit.yml
vendored
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
name: Security audit
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * *'
|
||||||
|
push:
|
||||||
|
paths:
|
||||||
|
- '**/Cargo.toml'
|
||||||
|
- '**/Cargo.lock'
|
||||||
|
jobs:
|
||||||
|
security_audit:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- uses: taiki-e/install-action@cargo-deny
|
||||||
|
- name: Scan for vulnerabilities
|
||||||
|
run: cargo deny check advisories
|
175
.github/workflows/general.yml
vendored
175
.github/workflows/general.yml
vendored
|
@ -14,6 +14,8 @@ on:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
CARGO_TERM_COLOR: always
|
CARGO_TERM_COLOR: always
|
||||||
|
SQLX_VERSION: 0.6.2
|
||||||
|
SQLX_FEATURES: "rustls,postgres"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
test:
|
test:
|
||||||
|
@ -21,7 +23,7 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
services:
|
services:
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:12
|
image: postgres:15
|
||||||
env:
|
env:
|
||||||
POSTGRES_USER: postgres
|
POSTGRES_USER: postgres
|
||||||
POSTGRES_PASSWORD: password
|
POSTGRES_PASSWORD: password
|
||||||
|
@ -29,147 +31,83 @@ jobs:
|
||||||
ports:
|
ports:
|
||||||
- 5432:5432
|
- 5432:5432
|
||||||
redis:
|
redis:
|
||||||
image: redis:6
|
image: redis:7
|
||||||
ports:
|
ports:
|
||||||
- 6379:6379
|
- 6379:6379
|
||||||
env:
|
|
||||||
SQLX_VERSION: 0.6.2
|
|
||||||
SQLX_FEATURES: "rustls,postgres"
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- uses: actions/checkout@v3
|
||||||
uses: actions/checkout@v2
|
- uses: dtolnay/rust-toolchain@stable
|
||||||
|
- uses: Swatinem/rust-cache@v2
|
||||||
- name: Cache dependencies
|
|
||||||
id: cache-dependencies
|
|
||||||
uses: actions/cache@v2
|
|
||||||
with:
|
with:
|
||||||
path: |
|
key: sqlx-${{ env.SQLX_VERSION }}
|
||||||
~/.cargo/registry
|
|
||||||
~/.cargo/git
|
|
||||||
target
|
|
||||||
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
||||||
|
|
||||||
- name: Install stable toolchain
|
|
||||||
uses: actions-rs/toolchain@v1
|
|
||||||
with:
|
|
||||||
profile: minimal
|
|
||||||
toolchain: stable
|
|
||||||
override: true
|
|
||||||
|
|
||||||
- name: Cache sqlx-cli
|
|
||||||
uses: actions/cache@v2
|
|
||||||
id: cache-sqlx
|
|
||||||
with:
|
|
||||||
path: |
|
|
||||||
~/.cargo/bin/sqlx
|
|
||||||
~/.cargo/bin/cargo-sqlx
|
|
||||||
key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }}
|
|
||||||
- name: Install sqlx-cli
|
- name: Install sqlx-cli
|
||||||
uses: actions-rs/cargo@v1
|
run:
|
||||||
if: steps.cache-sqlx.outputs.cache-hit == false
|
cargo install sqlx-cli
|
||||||
with:
|
|
||||||
command: install
|
|
||||||
args: >
|
|
||||||
sqlx-cli
|
|
||||||
--force
|
|
||||||
--version=${{ env.SQLX_VERSION }}
|
--version=${{ env.SQLX_VERSION }}
|
||||||
--features ${{ env.SQLX_FEATURES }}
|
--features ${{ env.SQLX_FEATURES }}
|
||||||
--no-default-features
|
--no-default-features
|
||||||
--locked
|
--locked
|
||||||
|
|
||||||
- name: Migrate database
|
- name: Migrate database
|
||||||
run: |
|
run: |
|
||||||
sudo apt-get install libpq-dev -y
|
sudo apt-get install libpq-dev -y
|
||||||
SKIP_DOCKER=true ./scripts/init_db.sh
|
SKIP_DOCKER=true ./scripts/init_db.sh
|
||||||
|
|
||||||
- name: Check sqlx-data.json is up-to-date
|
- name: Check sqlx-data.json is up-to-date
|
||||||
run: |
|
run: |
|
||||||
cargo sqlx prepare --check -- --bin zero2prod
|
cargo sqlx prepare --check -- --bin zero2prod
|
||||||
|
- name: Run tests
|
||||||
- name: Run cargo test
|
run: cargo test
|
||||||
uses: actions-rs/cargo@v1
|
|
||||||
with:
|
|
||||||
command: test
|
|
||||||
|
|
||||||
fmt:
|
fmt:
|
||||||
name: Rustfmt
|
name: Rustfmt
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v3
|
||||||
- uses: actions-rs/toolchain@v1
|
- uses: dtolnay/rust-toolchain@stable
|
||||||
with:
|
with:
|
||||||
toolchain: stable
|
|
||||||
override: true
|
|
||||||
components: rustfmt
|
components: rustfmt
|
||||||
- uses: actions-rs/cargo@v1
|
- name: Enforce formatting
|
||||||
with:
|
run: cargo fmt --check
|
||||||
command: fmt
|
|
||||||
args: --all -- --check
|
|
||||||
|
|
||||||
clippy:
|
clippy:
|
||||||
name: Clippy
|
name: Clippy
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
services:
|
services:
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:12
|
image: postgres:15
|
||||||
env:
|
env:
|
||||||
POSTGRES_USER: postgres
|
POSTGRES_USER: postgres
|
||||||
POSTGRES_PASSWORD: password
|
POSTGRES_PASSWORD: password
|
||||||
POSTGRES_DB: postgres
|
POSTGRES_DB: postgres
|
||||||
ports:
|
ports:
|
||||||
- 5432:5432
|
- 5432:5432
|
||||||
env:
|
|
||||||
SQLX_VERSION: 0.6.2
|
|
||||||
SQLX_FEATURES: "rustls,postgres"
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- uses: actions/checkout@v3
|
||||||
uses: actions/checkout@v2
|
- uses: dtolnay/rust-toolchain@stable
|
||||||
|
|
||||||
- name: Install stable toolchain
|
|
||||||
uses: actions-rs/toolchain@v1
|
|
||||||
with:
|
with:
|
||||||
toolchain: stable
|
|
||||||
components: clippy
|
components: clippy
|
||||||
override: true
|
- uses: Swatinem/rust-cache@v2
|
||||||
|
|
||||||
- name: Cache sqlx-cli
|
|
||||||
uses: actions/cache@v2
|
|
||||||
id: cache-sqlx
|
|
||||||
with:
|
with:
|
||||||
path: |
|
key: sqlx-${{ env.SQLX_VERSION }}
|
||||||
~/.cargo/bin/sqlx
|
- name: Install sqlx-cli
|
||||||
key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }}
|
run:
|
||||||
|
cargo install sqlx-cli
|
||||||
- name: Install sqlx-cli
|
|
||||||
uses: actions-rs/cargo@v1
|
|
||||||
if: steps.cache-sqlx.outputs.cache-hit == false
|
|
||||||
with:
|
|
||||||
command: install
|
|
||||||
args: >
|
|
||||||
sqlx-cli
|
|
||||||
--force
|
|
||||||
--version=${{ env.SQLX_VERSION }}
|
--version=${{ env.SQLX_VERSION }}
|
||||||
--features ${{ env.SQLX_FEATURES }}
|
--features ${{ env.SQLX_FEATURES }}
|
||||||
--no-default-features
|
--no-default-features
|
||||||
--locked
|
--locked
|
||||||
|
|
||||||
- name: Migrate database
|
- name: Migrate database
|
||||||
run: |
|
run: |
|
||||||
sudo apt-get install libpq-dev -y
|
sudo apt-get install libpq-dev -y
|
||||||
SKIP_DOCKER=true ./scripts/init_db.sh
|
SKIP_DOCKER=true ./scripts/init_db.sh
|
||||||
|
- name: Linting
|
||||||
- name: Run clippy
|
run: cargo clippy -- -D warnings
|
||||||
uses: actions-rs/clippy-check@v1
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
args: -- -D warnings
|
|
||||||
|
|
||||||
coverage:
|
coverage:
|
||||||
name: Code coverage
|
name: Code coverage
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
services:
|
services:
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres:12
|
image: postgres:15
|
||||||
env:
|
env:
|
||||||
POSTGRES_USER: postgres
|
POSTGRES_USER: postgres
|
||||||
POSTGRES_PASSWORD: password
|
POSTGRES_PASSWORD: password
|
||||||
|
@ -177,49 +115,28 @@ jobs:
|
||||||
ports:
|
ports:
|
||||||
- 5432:5432
|
- 5432:5432
|
||||||
redis:
|
redis:
|
||||||
image: redis:6
|
image: redis:7
|
||||||
ports:
|
ports:
|
||||||
- 6379:6379
|
- 6379:6379
|
||||||
env:
|
|
||||||
SQLX_VERSION: 0.6.2
|
|
||||||
SQLX_FEATURES: "rustls,postgres"
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
|
- uses: dtolnay/rust-toolchain@stable
|
||||||
- name: Install stable toolchain
|
- name: Install libpq
|
||||||
uses: actions-rs/toolchain@v1
|
run: sudo apt-get update && sudo apt-get install postgresql-client -y
|
||||||
|
- uses: Swatinem/rust-cache@v2
|
||||||
with:
|
with:
|
||||||
toolchain: stable
|
key: sqlx-${{ env.SQLX_VERSION }}
|
||||||
override: true
|
- name: Install tarpaulin
|
||||||
|
run: cargo install cargo-tarpaulin
|
||||||
- name: Cache sqlx-cli
|
- name: Install sqlx-cli
|
||||||
uses: actions/cache@v2
|
run:
|
||||||
id: cache-sqlx
|
cargo install sqlx-cli
|
||||||
with:
|
--version=${{ env.SQLX_VERSION }}
|
||||||
path: |
|
--features ${{ env.SQLX_FEATURES }}
|
||||||
~/.cargo/bin/sqlx
|
--no-default-features
|
||||||
key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }}
|
--locked
|
||||||
|
|
||||||
- name: Install sqlx-cli
|
|
||||||
uses: actions-rs/cargo@v1
|
|
||||||
if: steps.cache-sqlx.outputs.cache-hit == false
|
|
||||||
with:
|
|
||||||
command: install
|
|
||||||
args: >
|
|
||||||
sqlx-cli
|
|
||||||
--force
|
|
||||||
--version=${{ env.SQLX_VERSION }}
|
|
||||||
--features ${{ env.SQLX_FEATURES }}
|
|
||||||
--no-default-features
|
|
||||||
--locked
|
|
||||||
|
|
||||||
- name: Migrate database
|
- name: Migrate database
|
||||||
run: |
|
run: SKIP_DOCKER=true ./scripts/init_db.sh
|
||||||
sudo apt-get install libpq-dev -y
|
- name: Generate code coverage
|
||||||
SKIP_DOCKER=true ./scripts/init_db.sh
|
run: cargo tarpaulin --verbose --workspace
|
||||||
|
|
||||||
- name: Run cargo-tarpaulin
|
|
||||||
uses: actions-rs/tarpaulin@v0.1
|
|
||||||
with:
|
|
||||||
args: '--ignore-tests --avoid-cfg-tarpaulin'
|
|
||||||
|
|
12
.github/workflows/scheduled-audit.yml
vendored
12
.github/workflows/scheduled-audit.yml
vendored
|
@ -1,12 +0,0 @@
|
||||||
name: Security audit
|
|
||||||
on:
|
|
||||||
schedule:
|
|
||||||
- cron: '0 0 * * *'
|
|
||||||
jobs:
|
|
||||||
audit:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v1
|
|
||||||
- uses: actions-rs/audit-check@v1
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
@ -56,7 +56,7 @@ done
|
||||||
|
|
||||||
>&2 echo "Postgres is up and running on port ${DB_PORT} - running migrations now!"
|
>&2 echo "Postgres is up and running on port ${DB_PORT} - running migrations now!"
|
||||||
|
|
||||||
export DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@localhost:${DB_PORT}/${DB_NAME}
|
export DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
|
||||||
sqlx database create
|
sqlx database create
|
||||||
sqlx migrate run
|
sqlx migrate run
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue