Update CI.

This commit is contained in:
Luca Palmieri 2023-02-18 16:24:47 +00:00
parent 8c32639c21
commit 97a4833f71
5 changed files with 63 additions and 156 deletions

View file

@ -1,14 +0,0 @@
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}

16
.github/workflows/audit.yml vendored Normal file
View file

@ -0,0 +1,16 @@
name: Security audit
on:
schedule:
- cron: '0 0 * * *'
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: taiki-e/install-action@cargo-deny
- name: Scan for vulnerabilities
run: cargo deny check advisories

View file

@ -14,6 +14,8 @@ on:
env: env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
SQLX_VERSION: 0.6.2
SQLX_FEATURES: "rustls,postgres"
jobs: jobs:
test: test:
@ -21,7 +23,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
services: services:
postgres: postgres:
image: postgres:12 image: postgres:15
env: env:
POSTGRES_USER: postgres POSTGRES_USER: postgres
POSTGRES_PASSWORD: password POSTGRES_PASSWORD: password
@ -29,147 +31,83 @@ jobs:
ports: ports:
- 5432:5432 - 5432:5432
redis: redis:
image: redis:6 image: redis:7
ports: ports:
- 6379:6379 - 6379:6379
env:
SQLX_VERSION: 0.6.2
SQLX_FEATURES: "rustls,postgres"
steps: steps:
- name: Checkout repository - uses: actions/checkout@v3
uses: actions/checkout@v2 - uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Cache dependencies
id: cache-dependencies
uses: actions/cache@v2
with: with:
path: | key: sqlx-${{ env.SQLX_VERSION }}
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Cache sqlx-cli
uses: actions/cache@v2
id: cache-sqlx
with:
path: |
~/.cargo/bin/sqlx
~/.cargo/bin/cargo-sqlx
key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }}
- name: Install sqlx-cli - name: Install sqlx-cli
uses: actions-rs/cargo@v1 run:
if: steps.cache-sqlx.outputs.cache-hit == false cargo install sqlx-cli
with:
command: install
args: >
sqlx-cli
--force
--version=${{ env.SQLX_VERSION }} --version=${{ env.SQLX_VERSION }}
--features ${{ env.SQLX_FEATURES }} --features ${{ env.SQLX_FEATURES }}
--no-default-features --no-default-features
--locked --locked
- name: Migrate database - name: Migrate database
run: | run: |
sudo apt-get install libpq-dev -y sudo apt-get install libpq-dev -y
SKIP_DOCKER=true ./scripts/init_db.sh SKIP_DOCKER=true ./scripts/init_db.sh
- name: Check sqlx-data.json is up-to-date - name: Check sqlx-data.json is up-to-date
run: | run: |
cargo sqlx prepare --check -- --bin zero2prod cargo sqlx prepare --check -- --bin zero2prod
- name: Run tests
- name: Run cargo test run: cargo test
uses: actions-rs/cargo@v1
with:
command: test
fmt: fmt:
name: Rustfmt name: Rustfmt
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
- uses: actions-rs/toolchain@v1 - uses: dtolnay/rust-toolchain@stable
with: with:
toolchain: stable
override: true
components: rustfmt components: rustfmt
- uses: actions-rs/cargo@v1 - name: Enforce formatting
with: run: cargo fmt --check
command: fmt
args: --all -- --check
clippy: clippy:
name: Clippy name: Clippy
runs-on: ubuntu-latest runs-on: ubuntu-latest
services: services:
postgres: postgres:
image: postgres:12 image: postgres:15
env: env:
POSTGRES_USER: postgres POSTGRES_USER: postgres
POSTGRES_PASSWORD: password POSTGRES_PASSWORD: password
POSTGRES_DB: postgres POSTGRES_DB: postgres
ports: ports:
- 5432:5432 - 5432:5432
env:
SQLX_VERSION: 0.6.2
SQLX_FEATURES: "rustls,postgres"
steps: steps:
- name: Checkout repository - uses: actions/checkout@v3
uses: actions/checkout@v2 - uses: dtolnay/rust-toolchain@stable
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with: with:
toolchain: stable
components: clippy components: clippy
override: true - uses: Swatinem/rust-cache@v2
- name: Cache sqlx-cli
uses: actions/cache@v2
id: cache-sqlx
with: with:
path: | key: sqlx-${{ env.SQLX_VERSION }}
~/.cargo/bin/sqlx - name: Install sqlx-cli
key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }} run:
cargo install sqlx-cli
- name: Install sqlx-cli
uses: actions-rs/cargo@v1
if: steps.cache-sqlx.outputs.cache-hit == false
with:
command: install
args: >
sqlx-cli
--force
--version=${{ env.SQLX_VERSION }} --version=${{ env.SQLX_VERSION }}
--features ${{ env.SQLX_FEATURES }} --features ${{ env.SQLX_FEATURES }}
--no-default-features --no-default-features
--locked --locked
- name: Migrate database - name: Migrate database
run: | run: |
sudo apt-get install libpq-dev -y sudo apt-get install libpq-dev -y
SKIP_DOCKER=true ./scripts/init_db.sh SKIP_DOCKER=true ./scripts/init_db.sh
- name: Linting
- name: Run clippy run: cargo clippy -- -D warnings
uses: actions-rs/clippy-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
args: -- -D warnings
coverage: coverage:
name: Code coverage name: Code coverage
runs-on: ubuntu-latest runs-on: ubuntu-latest
services: services:
postgres: postgres:
image: postgres:12 image: postgres:15
env: env:
POSTGRES_USER: postgres POSTGRES_USER: postgres
POSTGRES_PASSWORD: password POSTGRES_PASSWORD: password
@ -177,49 +115,28 @@ jobs:
ports: ports:
- 5432:5432 - 5432:5432
redis: redis:
image: redis:6 image: redis:7
ports: ports:
- 6379:6379 - 6379:6379
env:
SQLX_VERSION: 0.6.2
SQLX_FEATURES: "rustls,postgres"
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@stable
- name: Install stable toolchain - name: Install libpq
uses: actions-rs/toolchain@v1 run: sudo apt-get update && sudo apt-get install postgresql-client -y
- uses: Swatinem/rust-cache@v2
with: with:
toolchain: stable key: sqlx-${{ env.SQLX_VERSION }}
override: true - name: Install tarpaulin
run: cargo install cargo-tarpaulin
- name: Cache sqlx-cli - name: Install sqlx-cli
uses: actions/cache@v2 run:
id: cache-sqlx cargo install sqlx-cli
with: --version=${{ env.SQLX_VERSION }}
path: | --features ${{ env.SQLX_FEATURES }}
~/.cargo/bin/sqlx --no-default-features
key: ${{ runner.os }}-sqlx-${{ env.SQLX_VERSION }} --locked
- name: Install sqlx-cli
uses: actions-rs/cargo@v1
if: steps.cache-sqlx.outputs.cache-hit == false
with:
command: install
args: >
sqlx-cli
--force
--version=${{ env.SQLX_VERSION }}
--features ${{ env.SQLX_FEATURES }}
--no-default-features
--locked
- name: Migrate database - name: Migrate database
run: | run: SKIP_DOCKER=true ./scripts/init_db.sh
sudo apt-get install libpq-dev -y - name: Generate code coverage
SKIP_DOCKER=true ./scripts/init_db.sh run: cargo tarpaulin --verbose --workspace
- name: Run cargo-tarpaulin
uses: actions-rs/tarpaulin@v0.1
with:
args: '--ignore-tests --avoid-cfg-tarpaulin'

View file

@ -1,12 +0,0 @@
name: Security audit
on:
schedule:
- cron: '0 0 * * *'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}

View file

@ -56,7 +56,7 @@ done
>&2 echo "Postgres is up and running on port ${DB_PORT} - running migrations now!" >&2 echo "Postgres is up and running on port ${DB_PORT} - running migrations now!"
export DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@localhost:${DB_PORT}/${DB_NAME} export DATABASE_URL=postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
sqlx database create sqlx database create
sqlx migrate run sqlx migrate run