Skip to content

chore(deps): Bump step-security/harden-runner from 2.7.0 to 2.7.1 #799

chore(deps): Bump step-security/harden-runner from 2.7.0 to 2.7.1

chore(deps): Bump step-security/harden-runner from 2.7.0 to 2.7.1 #799

Workflow file for this run

name: "build"
permissions: {}
on:
# run "test" job on push events as well to get main branch coverage
push:
branches: [ main ]
pull_request:
env:
CARGO_TERM_COLOR: always
jobs:
build:
name: "cargo build"
if: github.event_name == 'pull_request'
permissions:
contents: read
runs-on: ubuntu-22.04
steps:
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- id: toolchain
uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a # doesn't have usual versioned releases/tags
with:
toolchain: "1.56.0" # hardcoded crate MSRV, see rust-toolchain.toml etc.
# minimal profile includes rustc component which includes cargo and rustdoc
- uses: rui314/setup-mold@6bebc01caac32fb5251ee64f60cea0322d0e6574 # does not have recent tags
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
- run: cargo +${{ steps.toolchain.outputs.name }} build --all-targets --all-features --verbose
test:
name: "cargo test (with coverage)"
permissions:
contents: read
runs-on: ubuntu-22.04
steps:
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- id: toolchain
uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a # doesn't have usual versioned releases/tags
with:
toolchain: "stable"
# minimal profile includes rustc component which includes cargo and rustdoc
- uses: rui314/setup-mold@6bebc01caac32fb5251ee64f60cea0322d0e6574 # does not have recent tags
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
- uses: taiki-e/install-action@0eaa33a7adfb219fec683c2480a4eb8c79bfeff1 # v2.33.20
with:
tool: [email protected]
- uses: taiki-e/install-action@0eaa33a7adfb219fec683c2480a4eb8c79bfeff1 # v2.33.20
with:
tool: [email protected]
- run: cargo +${{ steps.toolchain.outputs.name }} llvm-cov test --codecov --output-path codecov.json --all-targets --all-features --verbose
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: codecov.json
path: codecov.json
# this will likely fail for forks, maybe adapt bencher.dev workaround with separate workflow for uploaded artifact
- uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
with:
files: codecov.json
fail_ci_if_error: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
test-careful:
if: github.event_name == 'pull_request'
name: "cargo test (carefully)"
permissions:
contents: read
runs-on: ubuntu-22.04
steps:
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- id: toolchain
uses: dtolnay/rust-toolchain@d8352f6b1d2e870bc5716e7a6d9b65c4cc244a1a # doesn't have usual versioned releases/tags
with:
toolchain: "nightly"
# minimal profile includes rustc component which includes cargo and rustdoc
components: rust-src
- uses: rui314/setup-mold@6bebc01caac32fb5251ee64f60cea0322d0e6574 # does not have recent tags
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
- uses: taiki-e/install-action@0eaa33a7adfb219fec683c2480a4eb8c79bfeff1 # v2.33.20
with:
tool: [email protected]
- run: cargo +${{ steps.toolchain.outputs.name }} careful test --all-targets --all-features --verbose