name: CI/CD
on:
push:
pull_request:
types:
- opened
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
check-repo:
name: Check git repository
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
check-code-style:
name: Check code style
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
components: rustfmt
- uses: Swatinem/rust-cache@v2 with:
cache-on-failure: true
- name: Check the code style
run: cargo fmt --all -- --check
check-code:
name: Check rust code
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
components: clippy
- uses: Swatinem/rust-cache@v2 with:
cache-on-failure: true
- name: Verify code
run: cargo clippy
check-unused-dependencies:
name: Check for unused deps
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly
- uses: Swatinem/rust-cache@v2 with:
cache-on-failure: true
- uses: cargo-bins/cargo-binstall@main
- name: Install cargo-udeps
run: cargo binstall --no-confirm --force cargo-udeps
- name: Analyze dependencies
run: cargo update && cargo +nightly udeps
test:
name: Run application tests
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
- uses: Swatinem/rust-cache@v2 with:
cache-on-failure: true
- name: Test code
run: cargo test
compile:
name: Compile application
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install rust toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
- uses: Swatinem/rust-cache@v2 with:
cache-on-failure: true
- name: Build artifacts
run: cargo build
create-release:
name: Create new release
needs: [ check-repo, check-code-style, check-code, test, compile ]
runs-on: ubuntu-22.04
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Install Dependencies
run: |
npm install -g \
semantic-release \
@semantic-release/git \
@semantic-release/gitlab \
@semantic-release/changelog \
@semantic-release/exec \
@semantic-release/commit-analyzer \
@semantic-release-cargo/semantic-release-cargo \
conventional-changelog-conventionalcommits
- name: Generate Semantic Release Notes and Create Release
id: semantic-release
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
run: npx semantic-release
- name: Delete old releases
uses: dev-drprasad/delete-older-releases@v0.3.4
with:
keep_latest: 5
delete_tags: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}