Skip to content

Commit

Permalink
infra: add basic CI and security audit workflows
Browse files Browse the repository at this point in the history
This introduces two workflows: one for basic CI (format and check) and
one for security audits. The security audit workflow probably isn't
going to catch anything, but it only runs when the cargo manifest
changes, so hopefully it doesn't slow things down too much. The CI
workflow is designed to run `cargo fmt` against the code and to run
`cargo check` with every combination of options. Right now, the
`unproven` feature must be enabled, which ends up requiring a nightly
compiler. As a result, the build matrix only runs two variants (one for
each of the two supported devices). Once builds can be done without the
`unproven` feature, `~` can be added to the `proven` dimension of the
matrix, which will then allow builds to run against both nightly and
stable.

Regarding the actual implementation, there are a few quirks in this
config.

The verbose `on` object is the result of pushes to pull requests
triggering the workflow twice - the workflow is triggerd by both the
`push` and `pull_request` events. By restricting these to the master
branch, it ensures that only pushes to the master branch or pull
requests to the master branch (but not pushes to pull request branches)
trigger.

The bizarre construction of the `run` step in the `check` job is needed
because GitHub isn't parsing the declaration correctly [1]. The
preferred syntax would be to make use of the folded chomping block
operator and to drop the shell linewraps. Something closer to this:

```yaml
steps:
  - run: >-
      cargo check
        --verbose
        --no-default-features
```

[1]: actions/runner#418
  • Loading branch information
crawford committed Apr 9, 2020
1 parent e6029ac commit 4ba5bec
Show file tree
Hide file tree
Showing 3 changed files with 71 additions and 0 deletions.
52 changes: 52 additions & 0 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: CI
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]

jobs:
format:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
components: rustfmt
override: true
- uses: mbrobbel/rustfmt-check@master
with:
token: ${{secrets.GITHUB_TOKEN}}

check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
target: thumbv7m-none-eabi
override: true
- run: |
cargo check \
--verbose \
--no-default-features \
--features="${{matrix.chip}} ${{matrix.proven}}" \
--target="${{matrix.target}}"
strategy:
fail-fast: false
matrix:
chip:
- chip-efm32gg
- chip-efr32xg1
proven:
- unproven
toolchain:
- stable
- nightly
target:
- thumbv7m-none-eabi
exclude:
- toolchain: stable
proven: unproven
17 changes: 17 additions & 0 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Security Audit
on:
push:
branches: [ master ]
paths: [ Cargo.toml ]
pull_request:
branches: [ master ]
paths: [ Cargo.toml ]

jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/audit-check@v1
with:
token: ${{secrets.GITHUB_TOKEN}}
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
![CI Status](https://github.com/crawford/action-test/workflows/CI/badge.svg)

`efm32gg-hal`
-------------

Expand Down

0 comments on commit 4ba5bec

Please sign in to comment.