Skip to content

ci: Re-introduce attestation permissions #175

ci: Re-introduce attestation permissions

ci: Re-introduce attestation permissions #175

Workflow file for this run

on:
- push
- pull_request
- workflow_call
name: Continuous integration
# Declare default permissions as read only.
permissions: read-all
env:
CARGO_TERM_COLOR: always
jobs:
check:
name: Cargo check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: check
version-check:
name: Check Cargo.toml version
if: github.ref_type == 'tag'
runs-on: ubuntu-latest
steps:
- name: Download source code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Check cargo file version
run: |
CARGO_VERSION=$(sed -n 's,^version = \"\(.*\)\",\1,p' Cargo.toml)
TAG_VERSION=$(echo ${{ github.ref_name }} | sed 's/v//')
if [ "$CARGO_VERSION" != "$TAG_VERSION" ];then
echo "::error title=Invalid Cargo.toml version::Cargo.toml version does not match the tag version"
exit 1
fi
test:
name: Unit tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: test
args: --workspace --bins
e2e-tests:
name: E2E tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: run e2e tests
run: make e2e-tests
coverage:
name: coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- uses: kubewarden/github-actions/tarpaulin-install@d94509d260ee11a92b4f65bc0acd297feec24d7f # v3.3.5
- name: Generate unit-tests coverage
run: make coverage-unit-tests
- name: Upload unit-tests coverage to Codecov
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN }}
with:
name: unit-tests
directory: coverage/unit-tests
flags: unit-tests
verbose: true
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Generate e2e-tests coverage
run: make coverage-e2e-tests
- name: Upload e2e-tests coverage to Codecov
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN }}
with:
name: e2e-tests
directory: coverage/e2e-tests
flags: e2e-tests
verbose: true
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- run: rustup component add rustfmt
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: fmt
args: --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
profile: minimal
toolchain: stable
override: true
- run: rustup component add clippy
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: clippy
args: -- -D warnings
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- run: shellcheck $(find scripts/ -name '*.sh')