diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c888e5b --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,41 @@ +version: 2 +updates: + - package-ecosystem: "cargo" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + day: "monday" + labels: + - "dependencies" + - "cargo" + commit-message: + prefix: "deps" + include: "scope" + groups: + rust-dependencies: + patterns: + - "*" + open-pull-requests-limit: 10 + reviewers: + - "Nayrosk" + + - package-ecosystem: "github-actions" + directory: "/" + target-branch: "develop" + schedule: + interval: "weekly" + day: "monday" + labels: + - "dependencies" + - "ci" + commit-message: + prefix: "ci" + include: "scope" + groups: + github-actions: + patterns: + - "*" + open-pull-requests-limit: 5 + reviewers: + - "Nayrosk" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..3efaf8c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,71 @@ +name: Build + +on: + pull_request: + branches: [develop] + +permissions: + contents: read + +env: + CARGO_TERM_COLOR: always + RUST_VERSION: "1.94.1" + +jobs: + build: + name: Build (${{ matrix.target }}) + runs-on: ${{ matrix.runner }} + strategy: + fail-fast: false + matrix: + include: + - target: x86_64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: false + - target: x86_64-unknown-linux-musl + runner: ubuntu-latest + use-cross: false + - target: aarch64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: true + - target: aarch64-unknown-linux-musl + runner: ubuntu-latest + use-cross: true + - target: aarch64-apple-darwin + runner: macos-latest + use-cross: false + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + targets: ${{ matrix.target }} + + - uses: Swatinem/rust-cache@v2 + with: + key: ${{ matrix.target }} + + - name: Install musl-tools + if: contains(matrix.target, 'musl') && !matrix.use-cross + run: sudo apt-get update && sudo apt-get install -y musl-tools + + - name: Install cross + if: matrix.use-cross + run: cargo install cross --locked + + - name: Build + run: | + if [ "${{ matrix.use-cross }}" = "true" ]; then + cross build --release --locked --target ${{ matrix.target }} + else + cargo build --release --locked --target ${{ matrix.target }} + fi + + - name: Run tests + run: | + if [ "${{ matrix.use-cross }}" = "true" ]; then + cross test --release --locked --target ${{ matrix.target }} + else + cargo test --release --locked --target ${{ matrix.target }} + fi diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..c5a03ac --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,29 @@ +name: CodeQL + +on: + pull_request: + branches: [develop] + push: + branches: [develop] + schedule: + - cron: "0 6 * * 1" + +permissions: + security-events: write + contents: read + +jobs: + analyze: + name: Analyze Rust + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: github/codeql-action/init@v4 + with: + languages: rust + build-mode: none + + - uses: github/codeql-action/analyze@v4 + with: + category: "/language:rust" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..c7a6316 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,90 @@ +name: Lint + +on: + pull_request: + branches: [develop] + +permissions: + contents: read + +env: + CARGO_TERM_COLOR: always + RUST_VERSION: "1.94.1" + +jobs: + fmt: + name: Rustfmt + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + components: rustfmt + + - run: cargo fmt --check + + clippy: + name: Clippy + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + components: clippy + + - uses: Swatinem/rust-cache@v2 + + - run: cargo clippy --all-targets --all-features -- -D warnings + + deny: + name: Cargo Deny + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: EmbarkStudios/cargo-deny-action@v2 + + audit: + name: Cargo Audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: rustsec/audit-check@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + mutants: + name: Cargo Mutants + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + + - uses: Swatinem/rust-cache@v2 + + - uses: taiki-e/install-action@v2 + with: + tool: cargo-mutants + + - name: Generate diff + run: git diff origin/${{ github.base_ref }}.. | tee git.diff + + - name: Run mutation tests on diff + run: cargo mutants --no-shuffle -vV --in-diff git.diff + + - uses: actions/upload-artifact@v6 + if: always() + with: + name: mutants.out + path: mutants.out diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0d0bfd0 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,105 @@ +name: Release + +on: + push: + tags: + - "v*" + +permissions: + contents: write + +env: + CARGO_TERM_COLOR: always + RUST_VERSION: "1.94.1" + +jobs: + build-release: + name: Build (${{ matrix.target }}) + runs-on: ${{ matrix.runner }} + strategy: + fail-fast: true + matrix: + include: + - target: x86_64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: false + - target: x86_64-unknown-linux-musl + runner: ubuntu-latest + use-cross: false + - target: aarch64-unknown-linux-gnu + runner: ubuntu-latest + use-cross: true + - target: aarch64-unknown-linux-musl + runner: ubuntu-latest + use-cross: true + - target: aarch64-apple-darwin + runner: macos-latest + use-cross: false + steps: + - uses: actions/checkout@v6 + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.RUST_VERSION }} + targets: ${{ matrix.target }} + + - name: Install musl-tools + if: contains(matrix.target, 'musl') && !matrix.use-cross + run: sudo apt-get update && sudo apt-get install -y musl-tools + + - name: Install cross + if: matrix.use-cross + run: cargo install cross --locked + + - name: Build + run: | + if [ "${{ matrix.use-cross }}" = "true" ]; then + cross build --release --locked --target ${{ matrix.target }} + else + cargo build --release --locked --target ${{ matrix.target }} + fi + + - name: Package binary + run: | + BIN_NAME="dockermint" + TAG="${GITHUB_REF_NAME}" + ARCHIVE="${BIN_NAME}-${TAG}-${{ matrix.target }}.tar.gz" + tar -czf "${ARCHIVE}" \ + -C "target/${{ matrix.target }}/release" \ + "${BIN_NAME}" + echo "ARCHIVE=${ARCHIVE}" >> "$GITHUB_ENV" + + - uses: actions/upload-artifact@v6 + with: + name: release-${{ matrix.target }} + path: ${{ env.ARCHIVE }} + retention-days: 1 + + publish: + name: Publish Release + needs: build-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: actions/download-artifact@v7 + with: + pattern: release-* + merge-multiple: true + path: artifacts/ + + - name: Create source archive + run: | + TAG="${GITHUB_REF_NAME}" + git archive --format=tar.gz --prefix="dockermint-${TAG}/" \ + -o "artifacts/dockermint-${TAG}-src.tar.gz" HEAD + + - name: Generate checksums + working-directory: artifacts/ + run: sha256sum * > SHA256SUMS.txt + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + generate_release_notes: true + files: artifacts/*