chore(deps): update github/codeql-action action to v3.25.5 #3722
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ci | |
| permissions: write-all | |
| on: | |
| merge_group: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - dev | |
| - staging | |
| schedule: | |
| - cron: "0 1 * * *" | |
| workflow_dispatch: | |
| concurrency: | |
| group: | |
| ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_NET_RETRY: 10 | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| RUST_TEST_THREADS: 1 | |
| RUSTDOCFLAGS: -D warnings | |
| RUSTFLAGS: -D warnings | |
| RUSTUP_MAX_RETRIES: 10 | |
| RUST_LOG: info | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| test-versions: | |
| name: Test Suite on ${{ matrix.rust }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest] | |
| # if you have an MSRV, you can of course include it here too. | |
| rust: [stable, beta, nightly] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| components: rust-src | |
| - uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: cargo-hack | |
| - uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: nextest | |
| - uses: Swatinem/rust-cache@378c8285a4eaf12899d11bea686a763e906956af | |
| with: | |
| key: ${{ matrix.rust }} | |
| # - run: cargo hack nextest run --no-capture --each-feature --profile ci | |
| - run: cargo nextest run --no-capture --all-features --profile ci | |
| timeout-minutes: 15 | |
| msrv: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| with: | |
| persist-credentials: false | |
| - uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: cargo-hack | |
| - run: | |
| # cargo hack build -vvv --workspace --feature-powerset --optional-deps | |
| # --ignore-private --no-dev-deps --version-range .. | |
| cargo hack build -vvv --workspace --all-features --ignore-private | |
| --no-dev-deps --version-range .. | |
| tidy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
| with: | |
| toolchain: nightly | |
| components: clippy,rustfmt | |
| - uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: cargo-hack | |
| - uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: cargo-minimal-versions | |
| - run: cargo fmt --all --check | |
| if: always() | |
| - run: cargo clippy --workspace --all-targets | |
| if: always() | |
| - run: cargo minimal-versions build --workspace --ignore-private | |
| if: always() | |
| docs: | |
| name: Docs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Checkout repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
| with: | |
| toolchain: stable | |
| - uses: Swatinem/rust-cache@378c8285a4eaf12899d11bea686a763e906956af | |
| - name: Check documentation | |
| env: | |
| RUSTDOCFLAGS: -D warnings | |
| uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72 | |
| with: | |
| command: doc | |
| args: --no-deps --document-private-items --workspace --examples | |
| publish-dry-run: | |
| name: Publish dry run | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Checkout repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
| with: | |
| toolchain: stable | |
| - uses: Swatinem/rust-cache@378c8285a4eaf12899d11bea686a763e906956af | |
| - uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72 | |
| with: | |
| command: publish | |
| args: --dry-run -p stratum-server | |
| coverage: | |
| name: Code coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Checkout repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
| with: | |
| toolchain: nightly | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: cargo-llvm-cov | |
| - uses: taiki-e/install-action@e6605310f95ed31bdbc1780ed3d659a4d1e11352 | |
| with: | |
| tool: nextest | |
| - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2 | |
| - name: Generate code coverage | |
| run: | | |
| cargo llvm-cov clean --workspace | |
| cargo llvm-cov nextest --profile ci --no-report --all-features | |
| cargo llvm-cov report --lcov --output-path lcov.info | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@98ab2c591b94478f4c3606d68ff73601df85ec43 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: lcov.info | |
| fail_ci_if_error: true | |
| bloat: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
| with: | |
| toolchain: | |
| stable | |
| # @todo potentially switch these with Swatinem rust-cache see above. | |
| - name: Cache cargo registry | |
| uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 | |
| with: | |
| path: ~/.cargo/registry | |
| key: | |
| bloat-${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') | |
| }} | |
| - name: Cache cargo index | |
| uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4 | |
| with: | |
| path: ~/.cargo/git | |
| key: | |
| bloat-${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Run cargo bloat | |
| if: ${{ github.event_name != 'schedule' }} | |
| # @todo For security, let's fork this into the OpenPoolProject/actions | |
| # folder - the original (this is a fork) no longer works because it uses | |
| # a 3rd parter server to cache builds that is no longer existant. | |
| uses: Kobzol/cargo-bloat-action@85b93f37dec06662054e045b5cf1d79cfdb0d748 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| bloat_args: -p stratum-server --release --example basic | |
| cargo-deny: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| - uses: EmbarkStudios/cargo-deny-action@748857f070c53667b2b8de8bdf468ac75a6b757c # v1 | |
| ci-success: | |
| name: ci | |
| if: success() | |
| needs: | |
| - test-versions | |
| - msrv | |
| - tidy | |
| - docs | |
| - publish-dry-run | |
| - coverage | |
| - bloat | |
| - cargo-deny | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@dece11172ed6b762b5421b294513d628edad7f7d | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Mark the job as a success | |
| run: exit 0 |