Skip to content

build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.1 to 2.0.2 #908

build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.1 to 2.0.2

build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.1 to 2.0.2 #908

Workflow file for this run

name: AIC Build, Test, Deploy
permissions: {}
on:
pull_request:
workflow_dispatch:
push:
branches:
# Test everything that goes on on main.
- main
# The special branch “ci” is used for testing CI behaviors even without a PR.
- ci
# next/* branches are used for testing with future versions of dependencies,
# usually by way of `[patch]`ing a dependency, thus won’t have outstanding PRs.
- "next/*"
env:
CARGO_TERM_COLOR: always
# Disable incremental compilation because we aren't caching incremental compilation
# artifacts, so they won't be useful for anything (other than maybe the exhaustive
# builds with different features).
CARGO_INCREMENTAL: 0
# Collect backtrace on panic.
RUST_BACKTRACE: 1
# Tell `anyhow` *not* to collect backtraces for errors.
# <https://users.rust-lang.org/t/anyhow-backtraces/107437>
RUST_LIB_BACKTRACE: 0
jobs:
build:
strategy:
fail-fast: false
matrix:
# This matrix doesn't do any actual Cartesian products, but instead has a
# basic configuration (Linux, stable Rust, using lockfile) and also tries
# changing one of those parameters but not the others.
include:
# This is the configuration we use for the wasm build and exhaustive tests.
- os: ubuntu
toolchain: stable
depversions: locked
primary: true
# Additional configurations to try:
# Windows
- os: windows
toolchain: stable
depversions: locked
primary: false
# macOS
- os: macos
toolchain: stable
depversions: locked
primary: false
# Nightly Rust
# We test on this so that we can report new compiler bugs fast.
# However, by the same premise, it breaks often.
- os: ubuntu
toolchain: nightly
depversions: locked
primary: false
# Beta Rust (future stable release)
# We test on this so that we can report compiler bugs that made it out of
# nightly and their fixes should be backported, and so that we have signal
# that is less unstable than nightly.
- os: ubuntu
toolchain: beta
depversions: locked
primary: false
# Dependencies updated
- os: ubuntu
toolchain: stable
depversions: latest
primary: false
# Dependencies reverted to minimal-versions
- os: ubuntu
toolchain: stable
depversions: minimal
primary: false
runs-on: ${{ matrix.os }}-latest
continue-on-error: ${{ !matrix.primary }}
steps:
# Free some disk space so our largest builds can complete reliably.
- uses: jlumbroso/[email protected]
if: ${{ matrix.os == 'ubuntu' }}
with:
large-packages: false # slow
swap-storage: false
- run: df -h .
- uses: actions/checkout@v4
- run: df -h .
- name: Set Rust toolchain
# The rust-toolchain.toml file specifies the targets and components we need,
# but we may want to override the toolchain.
if: ${{ matrix.toolchain != 'stable' }}
run: |
sed -i.origstable "s/stable/${{ matrix.toolchain }}/" rust-toolchain.toml
rustup show # triggers installation of selected toolchain
- name: Install nightly for -Z direct-minimal-versions
if: ${{ matrix.depversions == 'minimal' }}
run: rustup toolchain install nightly --profile=minimal
- name: Install native libraries
if: ${{ runner.os == 'Linux' }}
run: |
sudo apt update
sudo apt-get -y install libxrandr-dev xorg-dev libx11-xcb-dev libwayland-dev libasound2-dev libudev-dev
# libxrandr-dev xorg-dev libx11-xcb-dev libwayland-dev: needed for windowing
# Note that `libwayland-dev` provides the library called `wayland-client`
# libasound2-dev: needed for audio via `kira`
# libudev-dev: needed for gamepad input via `gilrs`
- run: df -h .
# Load cache before doing any Rust builds
- uses: Swatinem/[email protected]
with:
# This is not necessary for keying, but makes the GHA cache viewing page more helpful.
prefix-key: "v1-rust-${{ matrix.os }}-${{ matrix.toolchain }}-${{ matrix.depversions }}"
# Override the default job-id-based key explicitly so that our dependent jobs can
# reuse this cache.
shared-key: "build"
workspaces: |
./
all-is-cubes-wasm/
- run: df -h .
# break this out as a separate non-silenced build step
- name: Compile xtask
run: cargo build --package xtask
- name: Update dependencies
run: |
cargo xtask update "${{ matrix.depversions }}"
cargo tree --all-features
- run: df -h .
- name: Install tools
# Note: Swatinem/rust-cache will cache these installed binaries, so we don't have to worry
# about caching the builds of them.
# cargo-mutants is not used in this step but it will be cached for later use.
run: |
cargo install --locked [email protected] [email protected]
# Not locked so that we can have a newer `syn` than is in the lockfile
cargo install [email protected]
- run: df -h .
- name: Compile tests
# compile is broken out so we have visibility into compile vs. run times
run: cargo xtask --scope=only-normal test --timings --no-run
- name: Run tests
run: cargo xtask --scope=only-normal test --timings
- run: df -h .
# Save the test-renderers results so we can download and view them
- name: Save test-renderers output
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: test-renderers-output ${{ matrix.os }} ${{ matrix.toolchain }} ${{ matrix.depversions }}
path: |
target/test-renderers-output/
- run: df -h .
# Save timing reports so we can download and view them
# (for understanding build performance in CI)
- name: Save cargo --timings output
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: cargo-timings build ${{ matrix.os }} ${{ matrix.toolchain }} ${{ matrix.depversions }}
path: |
target/cargo-timings/cargo-timing-*.html
- run: df -h .
# Build web version with release profile.
build-web:
# Only do this if the tests passed
needs: build
runs-on: ubuntu-latest
# Same condition as "deploy-web" job, because the result will only be used then.
if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/pages-alt') }}
steps:
- uses: actions/checkout@v4
- uses: Swatinem/[email protected]
with:
# Reuse the cache from the normal `build` job instead of creating an independent one,
# to reduce redundant work and save disk space — but don't *write* to that cache, so
# we don't bloat it or conflict.
#
# Since this is a release build, it won’t be able to reuse most of the build artifacts,
# but it will be able to reuse xtask and possibly some build dependencies, so it will
# still be faster than a clean build.
prefix-key: "v1-rust-ubuntu-stable-locked"
shared-key: "build"
save-if: false
workspaces: |
./
all-is-cubes-wasm/
- run: cargo build --package xtask
- run: cargo xtask build-web-release
# Save wasm build so that we can optionally deploy it without rebuilding
# (but only for the stablest matrix version)
- uses: actions/upload-pages-artifact@v3
with:
path: all-is-cubes-wasm/target/web-app-release
# Deploy web build to GitHub Pages.
deploy-web:
needs: build-web
runs-on: ubuntu-latest
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
# Do this only if we are pushing to main, not to pull requests.
# (Or if we're on a special 'pages-alt' branch, so we can experiment with
# deployment before pushing to main.)
#
# Caution: GitHub's parsing is weird around multiline expressions so just don't.
# https://github.community/t/how-to-write-multi-line-condition-in-if/128477
if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/pages-alt') }}
steps:
# This action uses the artifact previously uploaded by actions/upload-pages-artifact
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
# Run `xtask lint`.
#
# This job is separate from the main "build" job so that:
# * Lint results are delivered quickly by running them in parallel with other jobs.
# * We build with `-Dwarnings` so the failures aren't silent, but don't want this to
# cause *re*building in the main build job and its cache.
lint:
strategy:
fail-fast: false
matrix:
toolchain: ["stable", "nightly", "beta"]
runs-on: ubuntu-latest
continue-on-error: false
env:
RUSTFLAGS: '-Dwarnings'
steps:
- uses: actions/checkout@v4
- name: Set Rust toolchain
# The rust-toolchain.toml file specifies the targets and components we need,
# but we may want to override the toolchain.
if: ${{ matrix.toolchain != 'stable' }}
run: |
sed -i.origstable "s/stable/${{ matrix.toolchain }}/" rust-toolchain.toml
rustup show # triggers installation of selected toolchain
- name: Install native libraries
if: ${{ runner.os == 'Linux' }}
run: |
sudo apt update
sudo apt-get -y install libxrandr-dev xorg-dev libx11-xcb-dev libwayland-dev libasound2-dev libudev-dev
- run: df -h .
- uses: Swatinem/[email protected]
with:
# We cannot reuse the cache from the `build` job, because `RUSTFLAGS=-Dwarnings`
# would invalidate all cached artifacts anyway.
prefix-key: "v1-rust-${{ matrix.toolchain }}"
shared-key: "lint"
# Job's likely to fail and yet have useful cache material.
cache-on-failure: true
workspaces: |
./
all-is-cubes-wasm/
- name: Install tools
run: |
cargo install --locked [email protected]
- run: df -h .
# break this out as a separate non-silenced build step
- name: Compile xtask
run: cargo build --package xtask
- name: Lint
run: cargo xtask --scope=all lint --timings
- run: df -h .
- name: Save cargo --timings output
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: cargo-timings lint ${{ matrix.toolchain }}
path: |
target/cargo-timings/cargo-timing-*.html
# Run `xtask test-more` to look for broken `features`.
features:
# Don't spend time on this if the normal builds failed.
# Also, we reuse the cache from it.
needs: build
runs-on: ubuntu-latest
continue-on-error: false
steps:
# Free some disk space so our largest builds can complete reliably.
- uses: jlumbroso/[email protected]
with:
large-packages: false # slow
swap-storage: false
- uses: actions/checkout@v4
- name: Install native libraries
if: ${{ runner.os == 'Linux' }}
run: |
sudo apt update
sudo apt-get -y install libxrandr-dev xorg-dev libx11-xcb-dev libwayland-dev libasound2-dev libudev-dev
# Load cache before doing any Rust builds
- uses: Swatinem/[email protected]
with:
# Reuse the cache from the normal `build` job instead of creating an independent one,
# to reduce redundant work and save disk space — but don't *write* to that cache, so
# we don't bloat it or conflict.
prefix-key: "v1-rust-ubuntu-stable-locked"
shared-key: "build"
save-if: false
workspaces: |
./
all-is-cubes-wasm/
# break this out as a separate non-silenced build step
- name: Compile xtask
run: cargo build --package xtask
- name: Install tools
# These should already be installed but we might have a cache miss, so don't fail in that case.
run: |
cargo install --locked [email protected] [email protected]
- run: df -h .
# Run tests in `test-more` mode which exercises each library's features.
- name: Run exhaustive tests
run: cargo xtask --scope=only-normal test-more --timings
- run: df -h .
# Save timing reports so we can download and view them
# (for understanding build performance in CI)
- name: Save cargo --timings output
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: cargo-timings features
path: |
target/cargo-timings/cargo-timing-*.html
deny:
runs-on: ubuntu-latest
# next/* branches are expected to have git dependencies or otherwise break cargo-deny rules,
# so don't run cargo-deny on them. We still want to do so in pull requests, but that doesn't
# need a special rule because according to the GitHub docs, this will not be the branch name:
# “For pull requests, the format is `<pr_number>/merge`.”
# -- <https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#github-context>
if: ${{ !startsWith(github.ref, 'refs/heads/next/') }}
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/[email protected]
with:
# disables default --all-features
arguments:
command-arguments: --config=tools/deny.toml
# Run mutation testing against the changed code
# Based on example from https://mutants.rs/pr-diff.html
incremental-mutants:
runs-on: ubuntu-latest
# Running on push would require more work to determine the base revision
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
with:
# Needed to ensure `main` branch is needed
fetch-depth: 0
# Load cache before doing any Rust builds
# Note: we aren't depending on the build job so this cache might be stale, but the
# shorter time-to-useful-results seems worth it.
- uses: Swatinem/[email protected]
with:
# Reuse the cache from the normal `build` job instead of creating an independent one,
# to reduce redundant work and save disk space — but don't *write* to that cache, so
# we don't bloat it.
prefix-key: "v1-rust-ubuntu-stable-locked"
shared-key: "build"
save-if: false
workspaces: |
./
all-is-cubes-wasm/
# Install cargo-mutants
# This should usually be already installed, but is present in case of cache miss
# Not locked so that we can have a newer `syn` than is in the lockfile
- run: cargo install [email protected]
- name: Relative diff
run: |
git branch -av
git diff origin/${{ github.base_ref }}.. | tee git.diff
- name: Mutants
# See mutants.yml for notes on the package selection
run: cargo mutants --in-diff git.diff --package all-is-cubes -- --all-features
- uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: mutants-incremental.out
path: mutants.out
miri:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: Swatinem/[email protected]
- name: Install Rust toolchain
run: |
rustup toolchain install nightly --component miri
- name: Run Miri tests, std
# `universe::owning_guard` is the only module that contains nontrivial unsafe code,
# and the tests in `universe` are those most worth running to exercise it.
run: |
cargo +nightly miri test --no-default-features -p all-is-cubes universe:: --features std
- name: Run Miri tests, no_std
run: |
cargo +nightly miri test --no-default-features -p all-is-cubes universe::
no_std:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# The build is faster *without* this cache.
# - uses: Swatinem/[email protected]
- name: Install Rust toolchain
run: |
rustup toolchain install stable --profile minimal
rustup target add thumbv7em-none-eabihf
# TODO: move this command into xtask so it centrally tracks package info like "no_std compatible"
- name: no_std lint
run: |
cargo clippy --target=thumbv7em-none-eabihf --no-default-features -p all-is-cubes -p all-is-cubes-render -p all-is-cubes-ui -p all-is-cubes-mesh
- name: no_std build
# This is `cargo build`, not `cargo check`, because `cargo check` won't detect problems like
# use of undefined linker symbols. Not sure if that matters.
run: |
cargo build --target=thumbv7em-none-eabihf --no-default-features -p all-is-cubes -p all-is-cubes-render -p all-is-cubes-ui -p all-is-cubes-mesh
fuzz:
# Don't spend time on fuzzing if the build failed indicating the code is bad other ways
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Cache both the main workspace (for xtask builds) and the fuzzing workspace
- uses: Swatinem/[email protected]
with:
workspaces: |
.
fuzz
- name: Install Rust toolchain
run: |
rustup toolchain install nightly --profile=minimal --component=clippy --component=rustfmt
rustup override set nightly
- name: Install cargo-fuzz
run: cargo install cargo-fuzz
- name: Cache fuzzer corpus
uses: actions/cache@v4
with:
# Failed runs are useful to cache since they expand the corpus
save-always: true
key: fuzz-corpus
path: |
fuzz/corpus
- name: Fuzz
# Note: The specified timeout value is per-fuzz-target; as of this writing
# there are 6 fuzz targets and so the total time will be 720 seconds = 12 minutes.
run: cargo xtask --scope=only-fuzz fuzz 120
# Save the fuzz artifacts so we can repro elsewhere
- name: Save fuzz artifacts
if: ${{ failure() }}
uses: actions/upload-artifact@v4
with:
name: fuzz-artifacts
path: fuzz/artifacts