Fixes for TREB-761 #75
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request | |
on: | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- closed | |
push: | |
tags: | |
- '*' | |
jobs: | |
style: | |
name: Style | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
steps: | |
- name: Tool Versions | |
run: cargo fmt --version | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Check Style | |
run: | | |
git config --global credential.helper store | |
echo "https://${{vars.SERVICE_ACCOUNT_USER}}:${{secrets.SERVICE_ACCOUNT_PAT}}@github.com" > ~/.git-credentials | |
cargo fmt --check --verbose | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
steps: | |
- name: Tool Versions | |
run: cargo clippy --version | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Lint | |
run: | | |
git config --global credential.helper store | |
echo "https://${{vars.SERVICE_ACCOUNT_USER}}:${{secrets.SERVICE_ACCOUNT_PAT}}@github.com" > ~/.git-credentials | |
cargo clippy | |
sbom: | |
name: Generate CycloneDX | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Tools | |
run: | | |
npm ci --devDependencies | |
- name: Generate Rust BOM | |
run: | | |
git config --global credential.helper store | |
echo "https://${{vars.SERVICE_ACCOUNT_USER}}:${{secrets.SERVICE_ACCOUNT_PAT}}@github.com" > ~/.git-credentials | |
cargo cyclonedx --format json --all --describe crate -vvv | |
- name: Generate NPM BOM | |
run: npx @cyclonedx/cyclonedx-npm --output-format JSON --package-lock-only --output-reproducible --output-file npm.cdx.json | |
- name: Upload Results | |
uses: actions/upload-artifact@v3 | |
with: | |
name: software-bom | |
path: | | |
**/*.cdx.json | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
env: | |
CARGO_HOME: ".cargo" | |
RUSTFLAGS: "-Cinstrument-coverage" | |
TEST_DIR: "test-results" | |
LLVM_PROFILE_FILE: "../test-results/%p-%m.profraw" | |
steps: | |
- name: Tool Versions | |
run: | | |
cargo --version | |
grcov --version | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Prebuild | |
run: | | |
git config --global credential.helper store | |
echo "https://${{vars.SERVICE_ACCOUNT_USER}}:${{secrets.SERVICE_ACCOUNT_PAT}}@github.com" > ~/.git-credentials | |
mkdir -p ${{env.CARGO_HOME}}; cargo build --tests | |
- name: Run Tests | |
run: | | |
git config --global credential.helper store | |
echo "https://${{vars.SERVICE_ACCOUNT_USER}}:${{secrets.SERVICE_ACCOUNT_PAT}}@github.com" > ~/.git-credentials | |
mkdir -p "${{env.TEST_DIR}}" | |
cargo test --all -- -Z unstable-options --format json --report-time > ${{env.TEST_DIR}}/cargo_test.json | |
- name: Process Test Results | |
run: | | |
cat ${{env.TEST_DIR}}/cargo_test.json | cargo2junit > ${{env.TEST_DIR}}/report.xml | |
grcov ${{env.TEST_DIR}} --binary-path target/debug -s . -o "${{env.TEST_DIR}}" --ignore-not-existing --ignore '.cargo/*' --output-types cobertura | |
- name: Upload Results | |
uses: actions/upload-artifact@v3 | |
if: ${{always()}} | |
with: | |
name: unit-test-report | |
path: | | |
${{env.TEST_DIR}} | |
code_coverage: | |
name: Code Coverage | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- name: Download Test Results | |
uses: actions/download-artifact@v3 | |
with: | |
name: unit-test-report | |
path: test-results | |
- name: Display structure of downloaded files | |
run: ls -R | |
- name: Code Coverage Report | |
uses: irongut/[email protected] | |
continue-on-error: true | |
with: | |
filename: test-results/cobertura.xml | |
badge: true | |
format: markdown | |
hide_branch_rate: true | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: "30 50" | |
- name: Add Coverage PR Comment | |
uses: marocchino/sticky-pull-request-comment@v2 | |
continue-on-error: true | |
if: github.event_name == 'pull_request' | |
with: | |
header: Test Coverage | |
path: code-coverage-results.md | |
build: | |
name: Build | |
strategy: | |
matrix: | |
target_triple: | |
- x86_64-pc-windows-gnu | |
- x86_64-unknown-linux-gnu | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
steps: | |
- name: Tool Versions | |
run: rustc --version | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Build | |
run: | | |
git config --global credential.helper store | |
echo "https://${{vars.SERVICE_ACCOUNT_USER}}:${{secrets.SERVICE_ACCOUNT_PAT}}@github.com" > ~/.git-credentials | |
cargo build --target "${{matrix.target_triple}}" --release | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: executable | |
path: | | |
target/${{matrix.target_triple}}/release/kic* | |
!target/${{matrix.target_triple}}/**/*.d | |
!target/${{matrix.target_triple}}/**/*.rlib | |
package: | |
name: Package | |
runs-on: ubuntu-latest | |
needs: build | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
steps: | |
- name: Update ClamAV | |
run: freshclam | |
- name: Tool Versions | |
run: | | |
npm --version | |
clamscan -V | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
#set-safe-directory: "${{github.workspace}}" | |
fetch-depth: 0 | |
fetch-tags: true | |
- name: Get Artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: executable | |
path: target/ | |
- name: Get Tagged Version | |
id: lasttag | |
run: | | |
git config --global --add safe.directory "$PWD" | |
COMMIT="${{github.sha}}" | |
if ${{contains(github.head_ref, 'release')}}; then | |
V="${{github.head_ref}}" | |
V="${V#release/}" | |
else | |
V="$(cargo metadata --format-version=1 --no-deps | jq '.packages[0].version')" | |
echo "Extracted version: $V" | |
V="$(echo "v${V}" | sed 's/\"//g')" | |
echo "Cleaned up version: $V" | |
fi | |
# Check to see if the version tag already exists | |
# If it does, print a message and exit with an error code | |
if [ $(git tag --list "$V") ]; then | |
echo "Version tag already exists. Did you bump the version number?" | |
exit 1 | |
fi | |
# Create an RC release if | |
# 1) This PR is a release branch that hasn't been merged to main. | |
# 2) This is a feature branch being merged into the main branch. | |
if ${{(! github.event.pull_request.merged && contains(github.head_ref, 'release/')) || (github.event.pull_request.merged && !contains(github.head_ref, 'release/'))}}; then | |
V="${V}-$(git tag --list ${V}* | wc -l)" | |
echo "RC Version: $V" | |
fi | |
CL=${V#v} | |
CL=${CL%-*} | |
echo "version=${V}" >> $GITHUB_OUTPUT | |
echo "cl_version=${CL}" >> $GITHUB_OUTPUT | |
echo "commit=${COMMIT}" >> $GITHUB_OUTPUT | |
npm version --no-git-tag-version "${V}" || true | |
- name: Move Packages | |
run: | | |
mkdir -p bin | |
for f in target/*; do cp "$f" bin; done; | |
- name: Run ClamAV | |
run: clamscan -v bin/* | |
- name: npm Package | |
run: npm pack | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: package | |
path: ./*.tgz | |
publish: | |
name: Publish | |
if: ${{ endsWith(github.base_ref, 'main') && (contains(github.head_ref, 'release/') || github.event.pull_request.merged) }} | |
needs: | |
- build | |
- lint | |
- style | |
- test | |
- code_coverage | |
- package | |
- sbom | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tektronix/tsp-toolkit-build:latest | |
credentials: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
#https://github.com/actions/runner/issues/2033#issuecomment-1598547465 | |
options: --user 1001 | |
steps: | |
- name: Tool Versions | |
run: npm --version | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '20.x' | |
registry-url: 'https://npm.pkg.github.com' | |
scope: '@tektronix' | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Get Artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: package | |
- name: publish package | |
run: | | |
npm publish *.tgz | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
checks: write | |
pull-requests: read | |
needs: | |
- build | |
- lint | |
- style | |
- test | |
- code_coverage | |
- package | |
- sbom | |
if: ${{ endsWith(github.base_ref, 'main') && (contains(github.head_ref, 'release/') || github.event.pull_request.merged) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
- name: Get Tagged Version | |
id: lasttag | |
run: | | |
git config --global --add safe.directory "$PWD" | |
COMMIT="${{github.sha}}" | |
if ${{contains(github.head_ref, 'release')}}; then | |
V="${{github.head_ref}}" | |
V="${V#release/}" | |
else | |
V="$(cargo metadata --format-version=1 --no-deps | jq '.packages[0].version')" | |
echo "Extracted version: $V" | |
V="$(echo "v${V}" | sed 's/\"//g')" | |
echo "Cleaned up version: $V" | |
fi | |
# Check to see if the version tag already exists | |
# If it does, print a message and exit with an error code | |
if [ $(git tag --list "$V") ]; then | |
echo "Version tag already exists. Did you bump the version number?" | |
exit 1 | |
fi | |
# Create an RC release if | |
# 1) This PR is a release branch that hasn't been merged to main. | |
# 2) This is a feature branch being merged into the main branch. | |
if ${{(! github.event.pull_request.merged && contains(github.head_ref, 'release/')) || (github.event.pull_request.merged && !contains(github.head_ref, 'release/'))}}; then | |
V="${V}-$(git tag --list ${V}* | wc -l)" | |
echo "RC Version: $V" | |
fi | |
CL=${V#v} | |
CL=${CL%-*} | |
echo "version=${V}" >> $GITHUB_OUTPUT | |
echo "cl_version=${CL}" >> $GITHUB_OUTPUT | |
echo "commit=${COMMIT}" >> $GITHUB_OUTPUT | |
- run: 'git tag --list ${V}*' | |
- name: Get Artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: executable | |
path: target | |
- name: Get SBOM | |
uses: actions/download-artifact@v3 | |
with: | |
name: software-bom | |
path: sbom | |
- name: Get Changelog for this Tag | |
id: changelog | |
uses: coditory/changelog-parser@v1 | |
with: | |
version: ${{steps.lasttag.outputs.cl_version}} | |
- name: Create Release | |
uses: ncipollo/release-action@v1 | |
with: | |
name: ${{steps.lasttag.outputs.version}} | |
artifacts: target/*,sbom/**/* | |
body: | | |
## Features Requests / Bugs | |
If you find issues or have a feature request, please enter a [new issue on GitHub](${{github.server_url}}/${{github.repository}}/issues/new). | |
## Installation | |
View the installation instructions in the [README](${{github.server_url}}/${{github.repository}}/blob/main/README.md) | |
## Changelog | |
${{steps.changelog.outputs.description}} | |
prerelease: ${{(! github.event.pull_request.merged) || (github.event.pull_request.merged && ! contains(github.head_ref, 'release/'))}} | |
commit: ${{steps.lasttag.outputs.commit}} | |
makeLatest: true | |
tag: ${{steps.lasttag.outputs.version}} | |