organize-rs · simonsan · Sep 9, 2023 · Jun 5, 2023 · Jun 5, 2023 · Jun 6, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -0,0 +1,31 @@
+name: Security audit
+
+on:
+  schedule:
+    # Runs at 00:00 UTC everyday
+    - cron: "0 0 * * *"
+  push:
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - "crates/**/Cargo.toml"
+      - "crates/**/Cargo.lock"
+  pull_request:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      # Ensure that the latest version of Cargo is installed
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          profile: minimal
+          override: true
+      - uses: Swatinem/rust-cache@v2
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/breaking_changes.yml b/.github/workflows/breaking_changes.yml
@@ -0,0 +1,30 @@
+on:
+  push:
+    branches:
+      - release/*
+
+name: Breaking changes
+
+jobs:
+  test:
+    name: Test
+    runs-on: ${{ matrix.job.os }}
+    strategy:
+      matrix:
+        rust: [stable]
+        job:
+          - os: macos-latest
+          - os: ubuntu-latest
+          - os: windows-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: Swatinem/rust-cache@v2
+      - uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: -r --all-targets --all-features --workspace -- --ignored
diff --git a/.github/workflows/check-and-lint.yaml b/.github/workflows/check-and-lint.yaml
@@ -0,0 +1,68 @@
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - "**/*.md"
+      - "docs/**/*"
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - "**/*.md"
+      - "docs/**/*"
+
+name: Check and Lint
+# env:
+#   RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: Swatinem/rust-cache@v2
+      - uses: actions-rs/cargo@v1
+        with:
+          command: check
+          args: --all-features --workspace
+
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - run: rustup component add rustfmt
+      - uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          components: clippy
+          override: true
+      - uses: Swatinem/rust-cache@v2
+      - uses: actions-rs/clippy-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          args: --all-targets --all-features -- -D warnings
+          name: Clippy Output
diff --git a/.github/workflows/lint-markdown-toml.yaml b/.github/workflows/lint-markdown-toml.yaml
@@ -0,0 +1,14 @@
+name: Lint Markdown / Toml
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  style:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: dprint/[email protected]
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,228 @@
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - "**/*.md"
+      - "docs/**/*"
+  push:
+    branches:
+      - main
+      - release/*
+    paths-ignore:
+      - "**/*.md"
+      - "docs/**/*"
+
+name: Build release binaries
+
+jobs:
+  publish:
+    name: Publishing ${{ matrix.job.target }}
+    runs-on: ${{ matrix.job.os }}
+    strategy:
+      matrix:
+        rust: [stable]
+        job:
+          - os: windows-latest
+            os-name: windows
+            target: x86_64-pc-windows-msvc
+            architecture: x86_64
+            binary-postfix: ".exe"
+            use-cross: false
+          - os: macos-latest
+            os-name: macos
+            target: x86_64-apple-darwin
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: false
+          - os: macos-latest
+            os-name: macos
+            target: aarch64-apple-darwin
+            architecture: arm64
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: linux
+            target: x86_64-unknown-linux-gnu
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: false
+          - os: ubuntu-latest
+            os-name: linux
+            target: x86_64-unknown-linux-musl
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: false
+          - os: ubuntu-latest
+            os-name: linux
+            target: aarch64-unknown-linux-gnu
+            architecture: arm64
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: linux
+            target: i686-unknown-linux-gnu
+            architecture: i686
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: netbsd
+            target: x86_64-unknown-netbsd
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: linux
+            target: armv7-unknown-linux-gnueabihf
+            architecture: armv7
+            binary-postfix: ""
+            use-cross: true
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          profile: minimal
+          override: true
+          target: ${{ matrix.job.target }}
+      - name: install compiler
+        shell: bash
+        run: |
+          if [[ ${{ matrix.job.target }} == x86_64-unknown-linux-musl ]]; then
+              sudo apt update
+              sudo apt-get install -y musl-tools
+          fi
+      - name: install cargo-auditable for non-cross builds
+        shell: bash
+        if: ${{ matrix.job.use_cross != true}}
+        run: |
+          cargo install cargo-auditable cargo-audit
+      - uses: Swatinem/rust-cache@v2
+        with:
+          key: ${{ matrix.job.target }}
+      - name: Set Version
+        shell: bash
+        run: echo "PROJECT_VERSION=$(git describe --tags)" >> $GITHUB_ENV
+      - name: Cargo build
+        uses: actions-rs/cargo@v1
+        if: ${{ matrix.job.use-cross == true }}
+        with:
+          command: build
+          use-cross: ${{ matrix.job.use-cross }}
+          toolchain: ${{ matrix.rust }}
+          args: --release --target ${{ matrix.job.target }}
+      - name: Cargo auditable build
+        uses: actions-rs/cargo@v1
+        if: ${{ matrix.job.use-cross == false }}
+        with:
+          command: auditable
+          use-cross: ${{ matrix.job.use-cross }}
+          toolchain: ${{ matrix.rust }}
+          args: build --release --target ${{ matrix.job.target }}
+      - name: Packaging final binary
+        shell: bash
+        id: package-binary
+        run: |
+          cp -a config target/${{ matrix.job.target }}/release/config
+          cd target/${{ matrix.job.target }}/release
+
+          ########## create tar.gz ##########
+
+          # accounting for main branch and therefore beta builds
+          if [[ ${{ github.ref }} = refs/heads/main ]]; then
+              RELEASE_NAME=organize-beta-${{ matrix.job.target}}.tar.gz
+          elif [[ ${{ github.ref }} = refs/tags/* ]]; then
+              RELEASE_NAME=organize-${{ github.ref_name }}-${{ matrix.job.target}}.tar.gz
+          else    
+              RELEASE_NAME=organize-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.job.target}}.tar.gz 
+          fi
+
+          tar czvf $RELEASE_NAME organize${{ matrix.job.binary-postfix }} config/
+
+          ########## create sha256 ##########
+          if [[ ${{ runner.os }} == 'Windows' ]]; then
+            certutil -hashfile $RELEASE_NAME sha256 | grep -E [A-Fa-f0-9]{64} > $RELEASE_NAME.sha256
+          else
+            shasum -a 256 $RELEASE_NAME > $RELEASE_NAME.sha256
+          fi
+
+          echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT
+      - name: Storing binary as artefact
+        uses: actions/upload-artifact@v3
+        with:
+          name: binary-${{ matrix.job.target}}
+          path: target/${{ matrix.job.target }}/release/${{ steps.package-binary.outputs.release_name }}*
+      - name: Releasing release versions
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            target/${{ matrix.job.target }}/release/${{ steps.package-binary.outputs.release_name }}*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # publish-beta:
+  #   name: Publishing beta-builds
+  #   needs: publish
+  #   if: ${{ github.ref == 'refs/heads/main' }}
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Download all workflow run artifacts
+  #       uses: actions/download-artifact@v3
+  #     - name: Releasing beta builds
+  #       shell: bash
+  #       run: |
+  #         # set up some directories
+  #         WORKING_DIR=$(mktemp -d)
+  #         DEST_DIR=beta
+
+  #         # set up the github deploy key
+  #         mkdir -p ~/.ssh
+  #         echo "${{ secrets.BETA_RELEASE_KEY }}" > ~/.ssh/id_rsa
+  #         chmod 600 ~/.ssh/id_rsa
+
+  #         # set up git
+  #         git config --global user.name "${{ github.actor }}"
+  #         git config --global user.email "${{ github.actor }}"
+  #         ssh-keyscan -H github.com > ~/.ssh/known_hosts
+  #         GIT_SSH='ssh -i ~/.ssh/id_rsa -o UserKnownHostsFile=~/.ssh/known_hosts'
+
+  #         # clone the repo into our working directory
+  #         GIT_SSH_COMMAND=$GIT_SSH git clone [email protected]:organize-rs/organize-beta.git $WORKING_DIR
+
+  #         # ensure destination directory exists
+  #         mkdir -p $WORKING_DIR/$DEST_DIR
+
+  #         # do the copy
+  #         for i in binary-*; do cp -a $i/* $WORKING_DIR/$DEST_DIR; done
+
+  #         # create the commit
+  #         cd $WORKING_DIR
+  #         git add .
+  #         git commit -m "${{ github.job }} from https://github.com/${{ github.repository }}/commit/${{ github.sha }}" || echo
+  #         GIT_SSH_COMMAND=$GIT_SSH git pull --rebase
+  #         GIT_SSH_COMMAND=$GIT_SSH git push
+
+  #         #  publish-cargo:
+  #         #    name: Publishing to Cargo
+  #         #    runs-on: ubuntu-latest
+  #         #    steps:
+  #         #      - name: Checkout repository
+  #         #        uses: actions/checkout@v3
+  #         #      - uses: actions-rs/toolchain@v1
+  #       #        with:
+  #       #          toolchain: stable
+  #       #          profile: minimal
+  #       #          override: true
+  #       #      - uses: Swatinem/rust-cache@v2
+  #       #        with:
+  #       #          key: ${{ matrix.job.target }}
+  #       #      - uses: actions-rs/cargo@v1
+  #       #        with:
+  #       #          command: publish
+  #       #          args: --token ${{ secrets.CARGO_API_KEY }}