Skip to content

mcu-util: blocking call to can-rs in async #215

mcu-util: blocking call to can-rs in async

mcu-util: blocking call to can-rs in async #215

Workflow file for this run

name: Rust CI
on:
pull_request:
workflow_dispatch:
workflow_call:
secrets:
GIT_HUB_TOKEN:
required: true
CACHIX_AUTH_TOKEN:
required: false
push:
branches:
- main
- prod
tags:
- '**'
jobs:
fmt:
name: Format
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22
with:
github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12
continue-on-error: true
with:
name: worldcoin
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Check Rust formatting
run: cargo fmt --check --all
- name: Check Nix formatting
run: |
nix develop -c \
nixpkgs-fmt --check flake.nix
clippy:
name: Clippy
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22
with:
github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12
continue-on-error: true
with:
name: worldcoin
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Authorize private git repos
run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
- name: Cache cargo dependencies
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
- name: Clippy lints
run: |
nix develop -c \
cargo clippy --all --all-features --all-targets --no-deps -- -D warnings
doc:
name: Doc
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22
with:
github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12
continue-on-error: true
with:
name: worldcoin
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Authorize private git repos
run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
- name: Cache cargo dependencies
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
- name: Cargo Doc
run: |
nix develop -c \
cargo doc --all --all-features --no-deps --document-private-items
test:
name: Test
strategy:
matrix:
platform: [ public-ubuntu-22.04-32core, macos-13 ]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22
with:
github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12
continue-on-error: true
with:
name: worldcoin
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Authorize private git repos
run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
- name: Cache cargo dependencies
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
- name: Configure cargo to exclude platform-specific crates
if: ${{ matrix.platform == 'macos-13' }}
run: |
MAC_EXCLUDE=(
"--exclude orb-thermal-cam-ctrl"
"--exclude seek-camera"
"--exclude seek-camera-sys"
"--exclude can-rs"
"--exclude mcu-util"
"--exclude orb-sound"
"--exclude orb-ui"
)
echo MAC_EXCLUDE="${MAC_EXCLUDE[*]}" >>${GITHUB_ENV}
cat ${GITHUB_ENV}
- name: Cargo Test
run: |
uname -a
nix develop -c env
nix develop -c \
cargo test --all --all-features --all-targets $MAC_EXCLUDE
build:
name: Build
runs-on: public-ubuntu-22.04-32core
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22
with:
github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12
continue-on-error: true
with:
name: worldcoin
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Authorize private git repos
run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
- name: Cache cargo dependencies
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # pin@v2
- name: Choose cargo profile
run: |
set -Eeuxo pipefail
if [[ ${{ github.event_name }} == "pull_request" || ${{ github.event_name }} == "push" ]]; then
CI_PROFILE="release"
else
CI_PROFILE="artifact"
fi
echo CI_PROFILE=${CI_PROFILE} >>${GITHUB_ENV}
- name: Compile ${{ matrix.target }} Binaries
run: |
set -Eeuxo pipefail
uname -a
nix develop -c env
binaries=(
mcu-util
orb-attest
orb-backend-state
orb-slot-ctrl
orb-thermal-cam-ctrl
orb-ui
verity-tree-calc
)
nix develop -c scripts/build_rust_artifacts.py \
binaries ${CI_PROFILE} ${binaries[@]}
ls -aRsh binaries
- name: Bundle artifacts
run: |
set -Eeuxo pipefail
mkdir artifacts
for b in binaries/*; do
b="$(basename ${b})"
# We make sure that the tarball is idempotent:
# https://stackoverflow.com/a/54908072
tar --sort=name --owner=root:0 --group=root:0 --mtime='@0' \
-vahcf artifacts/${b}.tar.zst -C binaries/${b} .
done
ls -aRsh artifacts
- name: Upload artifacts
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3
with:
name: artifacts
path: artifacts
if-no-files-found: error
cargo-deny:
name: Check licensing
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac # pin@v22
with:
github_access_token: ${{ secrets.GIT_HUB_TOKEN }}
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # pin@v12
continue-on-error: true
with:
name: worldcoin
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Authorize private git repos
run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com
- name: Check licenses and security advisories
run: |
nix develop -c \
cargo deny check