Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: 🐝 update CI config #1

Merged
merged 1 commit into from
Apr 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .cz.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"commitizen": {
"name": "cz_conventional_commits",
"tag_format": "$version",
"version_scheme": "semver",
"version_provider": "cargo",
"update_changelog_on_bump": true,
"major_version_zero": true
}
}
6 changes: 6 additions & 0 deletions .github/CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
My name is Rodney. I am a keen developer interested in security and online
privacy. I also love building accessible JAMStack and full stack sites. I am
equally keen to hear your suggestions for improving this project. Thanks for
your interest in the project. Could I ask you to take a look at the project's
Code of Conduct before continuing with your contribution? Thanks! A good
starting point for getting up-to-speed on the project is the README file.
36 changes: 36 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---

**Describe the bug** A clear and concise description of what the bug is.

**To Reproduce** Steps to reproduce the behaviour:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Expected behaviour** A clear and concise description of what you expected to
happen.

**Screenshots** If applicable, add screenshots to help explain your problem.

**Desktop (please complete the following information):**

- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]

**Smartphone (please complete the following information):**

- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]

**Additional context** Add any other context about the problem here.
19 changes: 19 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---

**Is your feature request related to a problem? Please describe.** A clear and
concise description of what the problem is. Ex. I'm always frustrated when [...]

**Describe the solution you'd like** A clear and concise description of what you
want to happen.

**Describe alternatives you've considered** A clear and concise description of
any alternative solutions or features you've considered.

**Additional context** Add any other context or screenshots about the feature
request here.
45 changes: 45 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Description

Please include a summary of the change and which issue is fixed. Please also
include relevant motivation and context. List any dependencies that are required
for this change.

Fixes # (issue)

## Type of change

Please delete options that are not relevant.

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to
not work as expected)
- [ ] This change requires a documentation update
- [ ] Dependency update

# How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details for your
test configuration

- [ ] Test A
- [ ] Test B

**Test Configuration**:

- Firmware version:
- Hardware:
- Toolchain:
- SDK:

# Checklist:

- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream modules
36 changes: 36 additions & 0 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# SecurityPolicies and Procedures

## Reporting a Bug

The Rodney Lab team and community take all security bugs in Rodney Lab repos
seriously. Thank you for improving the security of Rodney Lab repos. We
appreciate your efforts and responsible disclosure and will make every effort to
acknowledge your contributions.

Report security bugs by emailing security@rodneylab.com.

You can encrypt your message
<a arai-label="Downloaf P G P key" href="https://rodneylab.com/0xF3AC300FB4F159FE7827612473FCBF24CF9396A7-pub.asc">using
this PGP public key</a>.

That account will acknowledge your email within 48 hours, and will send a more
detailed response within 48 hours indicating the next steps in handling your
report. After the initial reply to your report, we will endeavour to keep you
informed of the progress towards a fix and full announcement, and may ask for
additional information or guidance.

## Disclosure Policy

When we receive a security bug report, we will assign it to a primary handler.
This person will coordinate the fix and release process, involving the following
steps:

- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Prepare fixes for all releases still under maintenance. These fixes will be
released as fast as possible.

## Comments on this Policy

If you have suggestions on how this process could be improved please submit a
pull request.
10 changes: 10 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
- package-ecosystem: cargo
directory: /
schedule:
interval: daily
16 changes: 16 additions & 0 deletions .github/workflows/audit-on-push.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Security audit
permissions:
contents: read
on:
push:
paths:
- 'Cargo.toml'
- 'Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
25 changes: 25 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required,
# PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
disable-telemetry: true
- name: 'Checkout Repository'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: 'Dependency Review'
uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5
115 changes: 115 additions & 0 deletions .github/workflows/general.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
name: Rust
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened]
branches:
- main
permissions: read-all
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-Dwarnings -Cinstrument-coverage"
LLVM_PROFILE_FILE: "project-%p-%m.profraw"
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
disable-telemetry: true
- name: Install Linux Dependencies
run: sudo apt-get update && sudo apt-get install pkg-config libx11-dev libxi-dev libgl1-mesa-dev libasound2-dev
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable
- name: Run tests
run: cargo test
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
disable-telemetry: true
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable
with:
components: rustfmt
- name: Enforce formatting
run: cargo fmt --check
fmt-dprint:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: dprint/check@2f1cf31537886c3bfb05591c031f7744e48ba8a1 # v2.2
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
disable-telemetry: true
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable
with:
components: clippy
- name: Linting
run: cargo clippy -- -D warnings
msrv:
runs-on: ubuntu-latest
strategy:
matrix:
msrv: ["1.73.0"]
name: ubuntu / ${{ matrix.msrv }}
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Install Linux Dependencies
run: sudo apt-get update && sudo apt-get install pkg-config libx11-dev libxi-dev libgl1-mesa-dev libasound2-dev
- name: Install ${{ matrix.msrv }}
uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable
with:
toolchain: ${{ matrix.msrv }}
- name: cargo +${{ matrix.msrv }} check
run: cargo check
coverage:
name: Code coverage
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
disable-telemetry: true
- name: Install Linux Dependencies
run: sudo apt-get update && sudo apt-get install pkg-config libx11-dev libxi-dev libgl1-mesa-dev libasound2-dev
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: dtolnay/rust-toolchain@4f366e621dc8fa63f557ca04b8f4361824a35a45 # stable
with:
components: llvm-tools-preview
- name: Install grcov
run: cargo install grcov
- name: Build
run: cargo build
- name: Run tests
run: cargo test
- name: Generate code coverage
run: grcov . -s . --binary-path ./target/debug/ -t lcov --branch --ignore-not-existing -o ./target/debug/
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
with:
file: ./target/debug/lcov
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
25 changes: 25 additions & 0 deletions .github/workflows/pre-commit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: pre-commit
on:
push:
branches: [main, master, dev]
pull_request:
branches: [main, master, dev]
permissions:
contents: read
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
with:
go-version: '>=1.18.0'
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
env:
SKIP: no-commit-to-branch
14 changes: 14 additions & 0 deletions .github/workflows/scheduled-audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Security audit
on:
schedule:
- cron: '21 22 * * *'
permissions:
contents: read
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
Loading
Loading