CI #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2021-2022 Eduardo Robles <[email protected]> | |
| # SPDX-FileCopyrightText: 2022 Félix Robles <[email protected]> | |
| # | |
| # SPDX-License-Identifier: AGPL-3.0-only | |
| name: CI | |
| on: | |
| push: | |
| jobs: | |
| test: | |
| name: Run unit tests | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: cachix/install-nix-action@v17 | |
| with: | |
| install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install | |
| nix_path: nixpkgs=channel:nixos-22.05 | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - uses: cachix/cachix-action@v10 | |
| with: | |
| name: sequentech | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Run unit tests | |
| run: | | |
| nix \ | |
| --extra-experimental-features "nix-command flakes" \ | |
| develop \ | |
| --command bash -c "cargo test" | |
| check: | |
| name: 'Static Analysis: cargo check' | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: cachix/install-nix-action@v17 | |
| with: | |
| install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install | |
| nix_path: nixpkgs=channel:nixos-22.05 | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - uses: cachix/cachix-action@v10 | |
| with: | |
| name: sequentech | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Run cargo check | |
| run: | | |
| nix \ | |
| --extra-experimental-features "nix-command flakes" \ | |
| develop \ | |
| --command bash -c "cargo check" | |
| lints: | |
| name: 'Static Analysis: cargo fmt & clippy' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install stable toolchain | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| components: rustfmt, clippy | |
| - uses: Swatinem/rust-cache@v1 | |
| - name: Install extra dependencies | |
| run: cargo install clippy-sarif sarif-fmt | |
| - name: Check code styling with cargo fmt | |
| uses: actions-rs/cargo@v1 | |
| with: | |
| command: fmt | |
| args: --all -- --check | |
| - name: Run cargo clippy | |
| run: | |
| cargo clippy | |
| --message-format=json | |
| -- -D warnings | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt | |
| continue-on-error: true | |
| - name: Upload analysis results to GitHub | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: rust-clippy-results.sarif | |
| wait-for-processing: true | |
| category: cargo-clippy | |
| # based on https://github.com/actions-rs/example | |
| coverage: | |
| name: Test Coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install stable toolchain | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| override: true | |
| - uses: Swatinem/rust-cache@v1 | |
| - name: Run cargo-tarpaulin | |
| uses: actions-rs/[email protected] | |
| continue-on-error: true | |
| with: | |
| version: '0.15.0' | |
| args: '-- --test-threads 4' | |
| - uses: codecov/codecov-action@v3 | |
| with: | |
| fail_ci_if_error: True | |
| verbose: true | |
| - name: Archive code coverage results | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: code-coverage-report | |
| path: cobertura.xml | |
| dependencies: | |
| name: Check Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - uses: Swatinem/rust-cache@v1 | |
| - name: Run cargo deny | |
| uses: EmbarkStudios/cargo-deny-action@v1 | |
| with: | |
| log-level: warn | |
| command: check | |
| arguments: --all-features | |
| license_reuse: | |
| name: Code License | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: cachix/install-nix-action@v17 | |
| with: | |
| install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install | |
| nix_path: nixpkgs=channel:nixos-22.05 | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - uses: cachix/cachix-action@v10 | |
| with: | |
| name: sequentech | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Check files license compliance with REUSE | |
| run: | | |
| nix \ | |
| --extra-experimental-features "nix-command flakes" \ | |
| develop \ | |
| --command bash -c "reuse lint" | |
| benchmark: | |
| name: Benchmark | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install stable toolchain | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: nightly | |
| override: true | |
| - uses: Swatinem/rust-cache@v1 | |
| - name: Run cargo bench | |
| # note that we explictly have to mention which benches to run, because | |
| # otherwise | |
| run: | |
| cargo +nightly bench | |
| --bench shuffle | |
| --bench encrypt | |
| -- --output-format bencher | tee output.txt | |
| - name: Download previous benchmark data | |
| uses: actions/cache@v3 | |
| with: | |
| path: ./cache | |
| key: cargo-bench | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@v1 | |
| with: | |
| name: cargo-bench | |
| tool: 'cargo' | |
| output-file-path: ./output.txt | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| external-data-json-path: ./cache/benchmark-data.json | |
| alert-threshold: '150%' | |
| comment-on-alert: true | |
| fail-on-alert: false | |
| nix_flake_info: | |
| name: Register Nix Flake Information | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: cachix/install-nix-action@v17 | |
| with: | |
| install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install | |
| nix_path: nixpkgs=channel:nixos-22.05 | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - uses: cachix/cachix-action@v10 | |
| with: | |
| name: sequentech | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # not running this command in https://github.com/nektos/act | |
| # why? because it doesn't work for some reason | |
| - name: Print nixpkgs version | |
| if: ${{ !env.ACT }} | |
| run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version' | |
| - name: Show flake | |
| run: nix --extra-experimental-features "nix-command flakes" flake show | |
| # in all these nix command we add again the --extra-experimental-features | |
| # because apparently otherwise it doesn't work with | |
| # https://github.com/nektos/act | |
| - name: Show flake metadata | |
| run: nix --extra-experimental-features "nix-command flakes" flake metadata | |
| - name: Run flake check | |
| run: nix --extra-experimental-features "nix-command flakes" flake check | |
| nix_flake_build: | |
| name: Build Nix Flake | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: cachix/install-nix-action@v17 | |
| with: | |
| install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install | |
| nix_path: nixpkgs=channel:nixos-22.05 | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - uses: cachix/cachix-action@v10 | |
| with: | |
| name: sequentech | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Build the flake | |
| run: nix --extra-experimental-features "nix-command flakes" build -L | |
| browserstack_test: | |
| name: Browserstack tests | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: cachix/install-nix-action@v17 | |
| with: | |
| install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.10.0pre20220629_b7eb4ac/install | |
| nix_path: nixpkgs=channel:nixos-22.05 | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| - uses: cachix/cachix-action@v10 | |
| with: | |
| name: sequentech | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Build the flake | |
| run: nix --extra-experimental-features "nix-command flakes" build -L | |
| - name: Extract wasm files | |
| run: | | |
| tar -xf result/strand-*.tgz | |
| mv package pkg | |
| - name: Set up Python 3.8 | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.8 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: 'Building web application to be tested' | |
| run: cd browserstack && npm ci | |
| # https://www.browserstack.com/docs/automate/selenium/github-actions#sample-github-workflow-showing-a-browserstack-test | |
| - name: 'BrowserStack Env Setup' # Invokes the setup-env action | |
| uses: browserstack/github-actions/setup-env@master | |
| with: | |
| username: ${{ secrets.BROWSERSTACK_USERNAME }} | |
| access-key: ${{ secrets.BROWSERSTACK_ACCESS_KEY }} | |
| - name: 'BrowserStack Local Tunnel Setup' # Invokes the setup-local action | |
| uses: browserstack/github-actions/setup-local@master | |
| with: | |
| local-testing: start | |
| local-identifier: random | |
| - name: 'Run local server to serve browserstack tests' | |
| run: python3 src/wasm/test/serve.py & | |
| - name: 'Running test on BrowserStack' # Invokes the actual test script that would run on BrowserStack browsers | |
| env: | |
| GIT_COMMIT_SHA: ${{ github.sha }} | |
| run: | | |
| cd browserstack && \ | |
| GIT_COMMIT_SHA=$GIT_COMMIT_SHA \ | |
| BROWSERSTACK_USERNAME=$BROWSERSTACK_USERNAME \ | |
| BROWSERSTACK_ACCESS_KEY=$BROWSERSTACK_ACCESS_KEY \ | |
| npm run local | |
| - name: 'BrowserStackLocal Stop' # Terminating the BrowserStackLocal tunnel connection | |
| uses: browserstack/github-actions/setup-local@master | |
| with: | |
| local-testing: stop |