cargo-audit: move to a style check #1337
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| pull_request: | |
| merge_group: | |
| env: | |
| CI_HACKS: 1 | |
| # BE CAREFUL IF EDITING THIS FILE: | |
| # If you add/remove python tests from here, you should also update `check_pytests.py`’s list of GHA_TESTS | |
| # so that it stays in-sync, to make sure no tests are lost. | |
| jobs: | |
| cargo_nextest: | |
| name: "Cargo Nextest (${{matrix.name}})" | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: Linux | |
| id: linux | |
| cache_id: linux | |
| os: ubuntu-22.04-16core | |
| type: stable | |
| runs_integ_tests: true | |
| - name: Linux Nightly | |
| id: linux-nightly | |
| cache_id: linux | |
| os: ubuntu-22.04-16core | |
| type: nightly | |
| runs_integ_tests: true | |
| - name: MacOS | |
| id: macos | |
| cache_id: macos | |
| os: macos-latest-xlarge | |
| type: stable | |
| runs_integ_tests: false | |
| timeout-minutes: 90 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Install all the required tools | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: just | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-nextest | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-deny | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-llvm-cov | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-audit | |
| # Setup the dependency rust cache and llvm-cov | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-${{ matrix.cache_id }}" | |
| # Run the tests | |
| - run: just codecov "nextest-unit ${{ matrix.type }}" | |
| - run: mv codecov.json unit-${{ matrix.id }}.json | |
| - run: just codecov "nextest-integration ${{ matrix.type }}" | |
| if: matrix.runs_integ_tests | |
| - run: mv codecov.json integration-${{ matrix.id }}.json | |
| if: matrix.runs_integ_tests | |
| # Upload the coverage | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: | | |
| unit-${{ matrix.id }}.json | |
| integration-${{ matrix.id }}.json | |
| protobuf_backward_compat: | |
| name: "Protobuf Backward Compatibility" | |
| runs-on: ubuntu-22.04-8core | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: bufbuild/buf-setup-action@1158f4fa81bc02e1ff62abcca6d516c9e24c77da | |
| - uses: bufbuild/buf-breaking-action@a074e988ee34efcd4927079e79c611f428354c01 | |
| with: | |
| against: "https://github.com/near/nearcore.git#${{github.event.pull_request.base.sha && format('ref={0}', github.event.pull_request.base.sha) || 'branch=master' }}" | |
| py_backward_compat: | |
| name: "Backward Compatibility" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-llvm-cov | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-linux" | |
| save-if: "false" # use the cache from nextest, but don’t double-save | |
| - run: pip3 install --user -r pytest/requirements.txt | |
| - run: cargo llvm-cov show-env | grep -v RUSTFLAGS | tr -d "'" >> "$GITHUB_ENV" | |
| - run: echo "RUSTC_WORKSPACE_WRAPPER=$PWD/scripts/rustc-coverage-wrapper.sh" >> "$GITHUB_ENV" | |
| - run: cargo build --locked --profile dev-release -p neard --bin neard | |
| - run: echo "CURRENT_NEARD=$PWD/target/dev-release/neard" >> "$GITHUB_ENV" | |
| - run: cd pytest && python3 tests/sanity/backward_compatible.py | |
| - run: cargo llvm-cov report --profile dev-release --codecov --output-path py-backward-compat.json | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: py-backward-compat.json | |
| py_db_migration: | |
| name: "Database Migration" | |
| runs-on: ubuntu-22.04-8core | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-llvm-cov | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-linux" | |
| save-if: "false" # use the cache from nextest, but don’t double-save | |
| - run: pip3 install --user -r pytest/requirements.txt | |
| - run: cargo llvm-cov show-env | grep -v RUSTFLAGS | tr -d "'" >> "$GITHUB_ENV" | |
| - run: echo "RUSTC_WORKSPACE_WRAPPER=$PWD/scripts/rustc-coverage-wrapper.sh" >> "$GITHUB_ENV" | |
| - run: cargo build --locked --profile dev-release -p neard --bin neard | |
| - run: echo "CURRENT_NEARD=$PWD/target/dev-release/neard" >> "$GITHUB_ENV" | |
| - run: echo "NEAR_ROOT=$PWD" >> "$GITHUB_ENV" | |
| - run: cd pytest && python3 tests/sanity/db_migration.py | |
| - run: cargo llvm-cov report --profile dev-release --codecov --output-path py-db-migration.json | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: py-db-migration.json | |
| py_sanity_checks: | |
| name: "Sanity Checks" | |
| runs-on: ubuntu-22.04-16core | |
| strategy: | |
| fail-fast: false | |
| timeout-minutes: 90 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-llvm-cov | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-linux" | |
| save-if: "false" # use the cache from nextest, but don’t double-save | |
| - run: pip3 install --user -r pytest/requirements.txt | |
| # This is the only job that uses `--features nightly` so we build this in-line instead of a | |
| # separate job like done with the regular neard. | |
| - run: cargo llvm-cov show-env | grep -v RUSTFLAGS | tr -d "'" >> "$GITHUB_ENV" | |
| - run: echo "RUSTC_WORKSPACE_WRAPPER=$PWD/scripts/rustc-coverage-wrapper.sh" >> "$GITHUB_ENV" | |
| - run: cargo build --profile dev-release -p neard --bin neard --features nightly | |
| # Note: We're not running spin_up_cluster.py for non-nightly | |
| # because spinning up non-nightly clusters is already covered | |
| # by other steps in the CI, e.g. upgradable. | |
| - run: python3 pytest/tests/sanity/spin_up_cluster.py | |
| env: | |
| NEAR_ROOT: "target/dev-release" | |
| - run: cargo llvm-cov report --profile dev-release --codecov --output-path py-sanity-checks.json | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: py-sanity-checks.json | |
| py_genesis_check: | |
| name: "Genesis Changes" | |
| runs-on: ubuntu-22.04-8core | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-llvm-cov | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-linux" | |
| save-if: "false" # use the cache from nextest, but don’t double-save | |
| - run: pip3 install --user -r pytest/requirements.txt | |
| - run: cargo llvm-cov show-env | grep -v RUSTFLAGS | tr -d "'" >> "$GITHUB_ENV" | |
| - run: echo "RUSTC_WORKSPACE_WRAPPER=$PWD/scripts/rustc-coverage-wrapper.sh" >> "$GITHUB_ENV" | |
| - run: cargo build --locked --profile dev-release -p neard --bin neard | |
| - run: echo "CURRENT_NEARD=$PWD/target/dev-release/neard" >> "$GITHUB_ENV" | |
| - run: python3 scripts/state/update_res.py check | |
| - run: cargo llvm-cov report --profile dev-release --codecov --output-path py-genesis-check.json | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: py-genesis-check.json | |
| py_style_check: | |
| name: "Style" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: just | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| - run: pip3 install --user -r pytest/requirements.txt | |
| - run: just python-style-checks | |
| py_upgradability: | |
| name: "Upgradability" | |
| runs-on: ubuntu-22.04-8core | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| cache: pip | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: cargo-llvm-cov | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-linux" | |
| save-if: "false" # use the cache from nextest, but don’t double-save | |
| - run: pip3 install --user -r pytest/requirements.txt | |
| - run: cargo llvm-cov show-env | grep -v RUSTFLAGS | tr -d "'" >> "$GITHUB_ENV" | |
| - run: echo "RUSTC_WORKSPACE_WRAPPER=$PWD/scripts/rustc-coverage-wrapper.sh" >> "$GITHUB_ENV" | |
| - run: cargo build --locked --profile dev-release -p neard --bin neard | |
| - run: echo "CURRENT_NEARD=$PWD/target/dev-release/neard" >> "$GITHUB_ENV" | |
| - run: cd pytest && python3 tests/sanity/upgradable.py | |
| - run: cargo llvm-cov report --profile dev-release --codecov --output-path py-upgradability.json | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: coverage | |
| path: py-upgradability.json | |
| rpc_error_schema: | |
| name: "RPC Schema" | |
| runs-on: ubuntu-22.04-8core | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 | |
| with: | |
| prefix-key: "0" # change this to invalidate CI cache | |
| shared-key: "cargo_nextest-linux" | |
| save-if: "false" # use the cache from nextest, but don’t double-save | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: just | |
| - run: just check-rpc-errors-schema | |
| lychee_checks: | |
| name: "Lychee Lints" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: lycheeverse/lychee-action@2ac9f030ccdea0033e2510a23a67da2a2da98492 | |
| with: | |
| fail: true | |
| check_non_default: | |
| name: "Non-default configuration builds" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: baptiste0928/cargo-install@21a18ba3bf4a184d1804e8b759930d3471b1c941 | |
| with: | |
| crate: just | |
| - run: just check-non-default | |
| upload_coverage: | |
| name: "Upload Coverage" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cargo_nextest | |
| - py_backward_compat | |
| - py_db_migration | |
| - py_sanity_checks | |
| - py_genesis_check | |
| - py_upgradability | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: coverage | |
| # Keep the number of uploads here in sync with codecov.yml’s after_n_build value | |
| # codecov will send a comment only after having receidev this number of uploads. | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: unit-linux.json | |
| fail_ci_if_error: true | |
| flags: unittests,linux | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: unit-linux-nightly.json | |
| fail_ci_if_error: true | |
| flags: unittests,linux-nightly | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: unit-macos.json | |
| fail_ci_if_error: true | |
| flags: unittests,macos | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: integration-linux.json | |
| fail_ci_if_error: true | |
| flags: integration-tests,linux | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: integration-linux-nightly.json | |
| fail_ci_if_error: true | |
| flags: integration-tests,linux-nightly | |
| # - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| # with: | |
| # token: ${{ secrets.CODECOV_TOKEN }} | |
| # files: integration-macos.json | |
| # fail_ci_if_error: true | |
| # flags: integration-tests,macos | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: py-backward-compat.json | |
| fail_ci_if_error: true | |
| flags: pytests,backward-compatibility,linux | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: py-db-migration.json | |
| fail_ci_if_error: true | |
| flags: pytests,db-migration,linux | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: py-sanity-checks.json | |
| fail_ci_if_error: true | |
| flags: pytests,sanity-checks,linux | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: py-genesis-check.json | |
| fail_ci_if_error: true | |
| flags: pytests,genesis-check,linux | |
| - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: py-upgradability.json | |
| fail_ci_if_error: true | |
| flags: pytests,upgradability,linux |