Validate externally passed Rust toolchain identifiers (#1817) #2898
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
tags: | |
- v* | |
paths-ignore: | |
- 'README.md' | |
- 'CHANGELOG.md' | |
jobs: | |
fmt: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: nightly | |
default: true | |
components: rustfmt | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Check Formatting | |
uses: actions-rs/cargo@v1 | |
with: | |
command: fmt | |
args: --check | |
# Runs `cargo check` on each individual crate in the `crates` directory. | |
# | |
# This is required because the other commands build on the workspace level, | |
# or bring in `dev-dependencies` via the `test` target and it is possible | |
# for a crate to compile successfully in those cases, but fail when compiled | |
# on its own. | |
# | |
# Specifically, this happens where a dependency is missing features, but | |
# when building as part of the workspace or together with a `dev-dependency` | |
# those features are brought in via feature unification with another | |
# crate. | |
# | |
# When publishing, `cargo publish` will run a `check` on the individual | |
# crate being released. So this check is intended to catch any errors that | |
# may occur there, but otherwise would not be caught by the `test` and | |
# `clippy` commands which operate on the workspace and enable all targets. | |
check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Check each crate | |
run: | | |
for crate in ./crates/*/; do | |
echo "Checking $crate"; | |
cargo check --manifest-path ${crate}/Cargo.toml; | |
done | |
clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
default: true | |
components: clippy | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Check permissions of GITHUB_TOKEN, workaround for permission issues | |
# with @dependabot PRs. See https://github.com/actions-rs/clippy-check/issues/2#issuecomment-807878478 | |
- name: Check workflow permissions | |
id: check_permissions | |
uses: scherermichael-oss/action-has-permission@1.0.6 | |
with: | |
required-permission: write | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Clippy with features | |
uses: actions-rs/clippy-check@v1 | |
if: ${{ steps.check_permissions.outputs.has-permission }} | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --profile debug-ci --all-features --all-targets -- -D warnings | |
- name: Clippy without features | |
if: ${{ steps.check_permissions.outputs.has-permission }} | |
uses: actions-rs/clippy-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --profile debug-ci --all-targets -- -D warnings | |
# Runs if the GITHUB_TOKEN does not have `write` permissions e.g. @dependabot | |
- name: Clippy with features (no annotations) | |
if: ${{ !steps.check_permissions.outputs.has-permission }} | |
run: cargo clippy --profile debug-ci --all-features --all-targets -- -D warnings | |
# Runs if the GITHUB_TOKEN does not have `write` permissions e.g. @dependabot | |
- name: Clippy without features (no annotations) | |
if: ${{ !steps.check_permissions.outputs.has-permission }} | |
run: cargo clippy --profile debug-ci --all-targets -- -D warnings | |
build-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
# We want newer versions than 'latest' here to have current wasm-opt | |
os: ["ubuntu-22.04", "macos-12"] | |
runs-on: ${{ matrix.os }} | |
env: | |
RUST_BACKTRACE: full | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
default: true | |
target: wasm32-unknown-unknown | |
components: rust-src, clippy | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Install nextest | |
uses: taiki-e/install-action@v2.44.71 | |
with: | |
tool: nextest | |
- name: Build and archive tests | |
run: cargo nextest archive --cargo-profile debug-ci --workspace --all-features --archive-file nextest-archive-${{ matrix.os }}.tar.zst | |
- name: Upload archive to workflow | |
uses: actions/upload-artifact@v4 | |
with: | |
name: nextest-archive-${{ matrix.os }} | |
path: nextest-archive-${{ matrix.os }}.tar.zst | |
run-tests: | |
needs: build-tests | |
strategy: | |
fail-fast: false | |
matrix: | |
# We want newer versions than 'latest' here to have current wasm-opt | |
os: ["ubuntu-22.04", "macos-12"] | |
partition: [1, 2] | |
runs-on: ${{ matrix.os }} | |
env: | |
RUST_BACKTRACE: full | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
default: true | |
target: wasm32-unknown-unknown | |
components: rust-src, clippy | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Install nextest | |
uses: taiki-e/install-action@v2.44.71 | |
with: | |
tool: nextest | |
- name: Download archive | |
uses: actions/download-artifact@v4 | |
with: | |
name: nextest-archive-${{ matrix.os }} | |
- name: Run tests | |
run: cargo nextest run --archive-file nextest-archive-${{ matrix.os }}.tar.zst --partition count:${{ matrix.partition }}/2 -E 'not (test(integration_tests) | package(contract-build))' | |
- name: Run contract build tests | |
# The contract build tests cannot be run in parallel | |
run: cargo nextest run --archive-file nextest-archive-${{ matrix.os }}.tar.zst --partition count:${{ matrix.partition }}/2 -j 1 -E 'package(contract-build)' | |
run-integration-test: | |
needs: build-tests | |
strategy: | |
fail-fast: false | |
matrix: | |
# We want newer versions than 'latest' here to have current wasm-opt | |
os: ["ubuntu-22.04", "macos-12"] | |
partition: [1, 2] | |
runs-on: ${{ matrix.os }} | |
env: | |
RUST_BACKTRACE: full | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
default: true | |
target: wasm32-unknown-unknown | |
components: rust-src, clippy | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Install nextest | |
uses: taiki-e/install-action@v2.44.71 | |
with: | |
tool: nextest | |
- name: Download archive | |
uses: actions/download-artifact@v4 | |
with: | |
name: nextest-archive-${{ matrix.os }} | |
- name: Install latest `substrate-contracts-node` binary | |
env: | |
CONTRACTS_NODE_URL: https://github.com/paritytech/substrate-contracts-node/releases/latest/download/substrate-contracts-node- | |
run: | | |
if [ "$RUNNER_OS" == "Linux" ]; then | |
CONTRACTS_NODE_OS=linux | |
elif [ "$RUNNER_OS" == "macOS" ]; then | |
CONTRACTS_NODE_OS=mac-universal | |
else | |
echo "$RUNNER_OS not supported" | |
exit 1 | |
fi | |
curl -L -o substrate-contracts-node.tar.gz "$CONTRACTS_NODE_URL$CONTRACTS_NODE_OS.tar.gz" | |
tar xfzv substrate-contracts-node.tar.gz | |
chmod +x artifacts/substrate-contracts-node-*/substrate-contracts-node && | |
mv artifacts/substrate-contracts-node-*/substrate-contracts-node /usr/local/bin | |
shell: bash | |
- name: Run integration tests | |
# The integration tests cannot be run in parallel | |
run: cargo nextest run --archive-file nextest-archive-${{ matrix.os }}.tar.zst --partition count:${{ matrix.partition }}/2 -j 1 -E 'test(integration_tests)' | |
template: | |
strategy: | |
fail-fast: false | |
matrix: | |
# We want newer versions than 'latest' here to have current wasm-opt | |
os: ["ubuntu-22.04", "macos-12", "windows-2022"] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install nightly toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: nightly-2023-12-28 | |
- name: Install stable toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: stable | |
default: true | |
components: rust-src | |
- name: Cache | |
uses: Swatinem/rust-cache@v2 | |
- name: Check Template | |
run: >- | |
# The linter requires two crates | |
cargo install cargo-dylint dylint-link | |
cargo -vV && | |
cargo run --profile debug-ci -- contract --version && | |
cargo run --profile debug-ci -- contract new --target-dir ${{ runner.temp }} foobar && | |
# Build with linting | |
cargo run --profile debug-ci -- contract build --lint --manifest-path=${{ runner.temp }}/foobar/Cargo.toml && | |
cargo run --profile debug-ci -- contract check --manifest-path=${{ runner.temp }}/foobar/Cargo.toml && | |
cargo run --profile debug-ci -- contract build --manifest-path=${{ runner.temp }}/foobar/Cargo.toml --release && | |
# Run tests | |
cargo test --profile debug-ci --all-features -- --test-threads=1 |