diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index c65cbba..9c3779f 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -2,9 +2,26 @@ name: Build and test code on: push: - branches: [ "main" ] + branches: [main] + paths-ignore: + - "**.md" + - "LICENSE*" + - ".github/workflows/docs.yml" + - "katex-header.html" pull_request: - branches: [ "main" ] + branches: [main] + paths-ignore: + - "**.md" + - "LICENSE*" + - ".github/workflows/docs.yml" + - "katex-header.html" + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true env: CARGO_TERM_COLOR: always @@ -12,10 +29,14 @@ env: jobs: build: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest + timeout-minutes: 30 steps: - - uses: actions/checkout@v4 - - name: Build - run: cargo test --workspace --verbose --no-run - - name: Run tests - run: cargo test --workspace --verbose + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + - name: Build + run: cargo test --workspace --verbose --no-run + - name: Run tests + run: cargo test --workspace --verbose diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index 5e929c2..0000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Coverage (Push) - -on: - push: - branches: ['**'] # all branches, including main - -permissions: - contents: read - actions: write - -jobs: - coverage-push: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Cache llvm-cov build - id: cache-llvm-cov - uses: actions/cache@v4 - continue-on-error: false - with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: ${{ runner.os }}-cargo-llvm-cov-${{ hashFiles('**/Cargo.lock') }} - restore-keys: ${{ runner.os }}-cargo-llvm-cov - - - run: which cargo-llvm-cov || cargo install cargo-llvm-cov - - run: rustup component add llvm-tools-preview - - run: cargo llvm-cov --workspace --lcov --output-path lcov.info --ignore-filename-regex '^examples/' - - - name: Upload branch coverage artifact - uses: actions/upload-artifact@v4 - with: - name: coverage-lcov - path: lcov.info - retention-days: 21 diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml index 9ca153b..97ad11d 100644 --- a/.github/workflows/dependency-audit.yml +++ b/.github/workflows/dependency-audit.yml @@ -3,8 +3,16 @@ name: Dependency security audit on: push: paths: - - '**/Cargo.toml' - - '**/Cargo.lock' + - "**/Cargo.toml" + - "**/Cargo.lock" + - "deny.toml" + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true env: CARGO_TERM_COLOR: always @@ -14,28 +22,14 @@ jobs: security_audit: timeout-minutes: 10 runs-on: ubuntu-latest - permissions: - contents: read - checks: write steps: - name: Check out uses: actions/checkout@v4 - - name: Cache audit-check build - id: cache-audit-check - uses: actions/cache@v4 - continue-on-error: false - with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: ${{ runner.os }}-cargo-deny-${{ hashFiles('**/Cargo.lock') }} - restore-keys: ${{ runner.os }}-cargo-deny - - - name: Run audit-check action - run: | - which cargo-deny || cargo install cargo-deny - cargo deny check + - uses: dtolnay/rust-toolchain@stable + + - name: Install cargo-deny + uses: taiki-e/install-action@cargo-deny + + - name: Run cargo deny + run: cargo deny check diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 05fb081..ef9af3c 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -5,13 +5,19 @@ name: Docs on: workflow_dispatch: +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: # TODO(template) remove docs publishing, when the crate is published to crates.io docs: - permissions: - contents: write name: Documentation runs-on: ubuntu-latest + timeout-minutes: 15 steps: - name: Checkout source code uses: actions/checkout@v4 @@ -19,13 +25,14 @@ jobs: fetch-depth: 1 persist-credentials: false + - uses: dtolnay/rust-toolchain@stable + + - uses: Swatinem/rust-cache@v2 + - name: Setup pages id: pages uses: actions/configure-pages@v5 - - name: Clean docs folder - run: cargo clean --doc - # Documentation with Latex support # TODO(template) if Latex is not needed # just remove katex-header.html at the root and RUSTDOCFLAGS here @@ -49,8 +56,9 @@ jobs: name: github-pages url: ${{ steps.deployment.outputs.page_url }} runs-on: ubuntu-latest + timeout-minutes: 5 needs: docs steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 \ No newline at end of file + uses: actions/deploy-pages@v4 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 2f437c3..0db8424 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -1,23 +1,63 @@ name: Linter check -on: push +on: + push: + branches: [main] + paths-ignore: + - "**.md" + - "LICENSE*" + - ".github/workflows/docs.yml" + - "katex-header.html" + pull_request: + branches: [main] + paths-ignore: + - "**.md" + - "LICENSE*" + - ".github/workflows/docs.yml" + - "katex-header.html" + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true env: CARGO_TERM_COLOR: always CARGO_INCREMENTAL: 0 - # Make sure CI fails on all warnings, including Clippy lints - RUSTFLAGS: "-Dwarnings" jobs: - linter_check: + fmt: runs-on: ubuntu-latest + timeout-minutes: 5 steps: - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + with: + components: rustfmt - name: Run Fmt run: cargo fmt --all -- --check + clippy: + runs-on: ubuntu-latest + timeout-minutes: 15 + env: + # Make sure CI fails on all warnings, including Clippy lints + RUSTFLAGS: "-Dwarnings" + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + with: + components: clippy + - uses: Swatinem/rust-cache@v2 - name: Run Clippy run: cargo clippy --all-targets --all-features + typos: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v4 - name: Check typos uses: crate-ci/typos@master diff --git a/.github/workflows/ub-detection.yml b/.github/workflows/ub-detection.yml index cda1168..abe15d8 100644 --- a/.github/workflows/ub-detection.yml +++ b/.github/workflows/ub-detection.yml @@ -1,6 +1,27 @@ name: UB (undefined behavior) detection -on: push +on: + push: + branches: [main] + paths-ignore: + - "**.md" + - "LICENSE*" + - ".github/workflows/docs.yml" + - "katex-header.html" + pull_request: + branches: [main] + paths-ignore: + - "**.md" + - "LICENSE*" + - ".github/workflows/docs.yml" + - "katex-header.html" + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true env: CARGO_TERM_COLOR: always @@ -16,9 +37,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - run: | - rustup +nightly component add miri - cargo +nightly miri setup - PROPTEST_DISABLE_FAILURE_PERSISTENCE=true \ - MIRIFLAGS="-Zmiri-env-forward=PROPTEST_DISABLE_FAILURE_PERSISTENCE -Zmiri-strict-provenance" \ - cargo +nightly miri test --lib + - uses: dtolnay/rust-toolchain@nightly + with: + components: miri + - uses: Swatinem/rust-cache@v2 + with: + cache-on-failure: true + - name: Run Miri + run: MIRIFLAGS="-Zmiri-strict-provenance" cargo +nightly miri test --lib diff --git a/template_crate/src/lib.rs b/template_crate/src/lib.rs index f3b62de..217e902 100644 --- a/template_crate/src/lib.rs +++ b/template_crate/src/lib.rs @@ -71,6 +71,7 @@ mod tests { proptest! { #[test] + #[cfg_attr(miri, ignore)] fn addition_proptest(a in 0_u8..20, b in 0_u8..20) { assert_eq!( a.checked_add(b),