diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 82f1343a..9e11760b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,8 @@ on: branches: - main pull_request: + schedule: + - cron: "0 14 * * 1" # Mondays at 2pm UTC jobs: cargo-test: @@ -31,6 +33,9 @@ jobs: features: tls-rustls --no-default-features - os: ubuntu-18.04 features: tls-vendored-openssl --no-default-features + - os: ubuntu-18.04 + toolchain: beta + features: default # MSRV - os: ubuntu-18.04 toolchain: 1.41.1 @@ -66,6 +71,11 @@ jobs: path: Cargo.lock - name: Cargo test run: cargo test --features ${{ matrix.features }} + - name: Post to Slack on failure of scheduled run + if: failure() && github.event_name == 'schedule' + run: | + curl -L -X POST '${{ secrets.SLACK_WEBHOOK }}' \ + -F "payload={\"text\": \"Failed a run of <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|$GITHUB_REPOSITORY>.\"}" cargo-build: runs-on: ${{ matrix.os }} @@ -108,6 +118,11 @@ jobs: use-cross: true command: build args: --target ${{ matrix.target }} --features "beta blocking tls-rustls" --no-default-features + - name: Post to Slack on failure of scheduled run + if: failure() && github.event_name == 'schedule' + run: | + curl -L -X POST '${{ secrets.SLACK_WEBHOOK }}' \ + -F "payload={\"text\": \"Failed a run of <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|$GITHUB_REPOSITORY>.\"}" format: runs-on: ubuntu-18.04 diff --git a/.github/workflows/daily.yaml b/.github/workflows/daily.yaml new file mode 100644 index 00000000..dd123701 --- /dev/null +++ b/.github/workflows/daily.yaml @@ -0,0 +1,39 @@ +name: Daily runs + +# Run daily and also when Cargo.toml changes +on: + schedule: + - cron: "0 14 * * *" # Daily at 2pm UTC + push: + paths: + - "**/Cargo.toml" + +jobs: + security-audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run audit checker + uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + # Generate the Cargo.lock that will be used for the tests so we can upload it as an artifact + - run: cargo generate-lockfile + - uses: actions/upload-artifact@v2 + with: + path: Cargo.lock + - name: Decrypt test keys + run: openssl aes-256-cbc -d -K ${{ secrets.OPENSSL_KEY }} -iv ${{ secrets.OPENSSL_IV }} -in tests/testkeys/iak-dev.pem.enc -out tests/testkeys/iak-dev.pem + - run: cargo test --features beta + env: + IRONCORE_ENV: dev + - name: Post to Slack on failure + if: failure() + run: | + curl -L -X POST '${{ secrets.SLACK_WEBHOOK }}' \ + -F "payload={\"text\": \"Failed a run of <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|$GITHUB_REPOSITORY>.\"}" diff --git a/.github/workflows/security-audit.yaml b/.github/workflows/security-audit.yaml deleted file mode 100644 index d88b0a9f..00000000 --- a/.github/workflows/security-audit.yaml +++ /dev/null @@ -1,37 +0,0 @@ -name: Security Audit - -# Run daily and also when Cargo.toml changes -on: - schedule: - - cron: "0 8 * * *" # 8AM UTC, 3PM MST - push: - paths: - - "**/Cargo.toml" - -jobs: - security-audit: - runs-on: ubuntu-18.04 - steps: - - uses: actions/checkout@v2 - - name: Install Rust - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - name: Search for cargo-audit to get latest version - id: audit-search - run: echo ::set-output name=audit-version::$(cargo search cargo-audit --limit 1 | grep cargo-audit) - - name: Restore cargo-audit based on search result - id: cache - uses: actions/cache@v2 - with: - path: ~/.cargo/bin - key: ${{ github.workflow }} ${{ steps.audit-search.outputs.audit-version }} - - name: Install cargo-audit if the cache missed - run: cargo install cargo-audit - if: steps.cache.outputs.cache-hit != 'true' - - name: Run audit checker - uses: actions-rs/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }}