Add integrity variants for each factor source (#308) #2444
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Testing CI - Runs on each PR and Push | |
name: Test | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
CARGO_TERM_COLOR: always | |
RUST_TOOLCHAIN: nightly-2024-07-30 | |
RUST_COMPONENTS: "rust-std" | |
SWIFT_CODE_COV_REPORT_PATH: ".build/artifacts/info.lcov" # chosen | |
jobs: | |
# typos | |
check-typos: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Install Rust Toolchain | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
default: true | |
profile: minimal | |
- name: Install typos | |
uses: RDXWorks-actions/cargo-install@main | |
with: | |
crate: typos-cli | |
version: 1.22.7 | |
- name: Check typos | |
run: typos | |
# version bump | |
check-version: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: RDXWorks-actions/checkout@main | |
with: | |
fetch-depth: 0 # Ensure the full git history is fetched | |
- name: Fetch all tags | |
run: git fetch --tags | |
- name: Get latest tag | |
id: get_latest_tag | |
run: | | |
latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`) | |
echo "Latest tag is $latest_tag" | |
echo "latest_tag=$latest_tag" >> $GITHUB_ENV | |
- name: Verify Cargo.toml version bump | |
run: | | |
# Extract the version from the latest tag | |
latest_tag_version=$latest_tag | |
# Extract the version from both Cargo.toml in the PR branch | |
pr_version_sargon=$(grep '^version' crates/sargon/Cargo.toml | sed 's/version = "\(.*\)"/\1/') | |
pr_version_sargon_uniffi=$(grep '^version' crates/sargon-uniffi/Cargo.toml | sed 's/version = "\(.*\)"/\1/') | |
echo "Latest tag version: $latest_tag_version" | |
echo "PR version sargon: $pr_version_sargon" | |
echo "PR version sargon-uniffi: $pr_version_sargon_uniffi" | |
# Check if sargon and sargon-uniffi versions match | |
if [ "$pr_version_sargon" != "$pr_version_sargon_uniffi" ]; then | |
echo "Error: sargon version ($pr_version_sargon) does not match sargon-uniffi version ($pr_version_sargon_uniffi)." | |
exit 1 | |
fi | |
# Split the versions into major, minor, and patch components | |
IFS='.' read -r -a tag_version_parts <<< "$latest_tag_version" | |
IFS='.' read -r -a pr_version_parts <<< "$pr_version_sargon" | |
major_diff=$((pr_version_parts[0] - tag_version_parts[0])) | |
minor_diff=$((pr_version_parts[1] - tag_version_parts[1])) | |
patch_diff=$((pr_version_parts[2] - tag_version_parts[2])) | |
# Check if the PR version is a valid bump | |
if [ "$major_diff" -eq 1 ] && [ "${pr_version_parts[1]}" -eq 0 ] && [ "${pr_version_parts[2]}" -eq 0 ]; then | |
echo "Major version bump valid!" | |
elif [ "$major_diff" -eq 0 ] && [ "$minor_diff" -eq 1 ] && [ "${pr_version_parts[2]}" -eq 0 ]; then | |
echo "Minor version bump valid!" | |
elif [ "$major_diff" -eq 0 ] && [ "$minor_diff" -eq 0 ] && [ "$patch_diff" -eq 1 ]; then | |
echo "Patch version bump valid!" | |
else | |
echo "Version bump is invalid!" | |
exit 1 | |
fi | |
# phylum | |
phylum-analyze: | |
if: ${{ github.event.pull_request }} | |
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main | |
permissions: | |
id-token: write | |
pull-requests: write | |
contents: read | |
deployments: write | |
secrets: | |
phylum_api_key: ${{ secrets.PHYLUM_API_KEY }} | |
with: | |
phylum_pr_number: ${{ github.event.number }} | |
phylum_pr_name: ${{ github.head_ref }} | |
phylum_group_name: Wallet | |
phylum_project_id: fb999d0c-b260-474e-8c08-2f163aa2c75f | |
github_repository: ${{ github.repository }} | |
add_report_comment_to_pull_request: true | |
# cargo check | |
check-cargo-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Install Rust Toolchain | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
default: true | |
profile: minimal | |
- name: Cargo Check | |
run: cargo check --all | |
# cargo fmt check | |
check-formatting: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Install Rust Toolchain | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
default: true | |
components: rustfmt | |
- name: Check formatting | |
run: cargo fmt --check | |
# clippy | |
check-clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Install Rust Toolchain | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
default: true | |
components: clippy | |
- name: Clippy Check | |
run: cargo clippy --all -- -D warnings | |
# Rust unit, doc and integration | |
test-rust: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Install cargo nextest | |
uses: RDXWorks-actions/cargo-install@v1 | |
with: | |
crate: cargo-nextest | |
locked: true | |
- name: Install Rust Toolchain | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
default: true | |
- name: Run rust tests | |
run: cargo nextest run --all | |
# Swift formatting | |
check-swift-format: | |
name: "Swift format" | |
if: > | |
( github.event.action == 'opened' && github.event.pull_request.draft == false ) || | |
( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) || | |
( github.event.action == 'ready_for_review' ) || | |
( github.event_name == 'push' && github.ref == 'refs/heads/main' ) | |
runs-on: macos-15-xlarge | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: "Run Lint" | |
run: | | |
brew update | |
brew upgrade swiftformat | |
swiftformat . --lint | |
# Swift testing on macOS (Apple Silicon) | |
test-swift: | |
runs-on: macos-15-xlarge | |
timeout-minutes: 20 | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- uses: RDXWorks-actions/setup-xcode@master | |
with: | |
xcode-version: "16.0.0" | |
- name: Install Rust Toolchain for aarch64-apple-darwin | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
target: aarch64-apple-darwin | |
- name: Build for macOS target and run swift test | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
rustup target add aarch64-apple-darwin | |
sh ./scripts/ios/test.sh --build --codecov ${{ env.SWIFT_CODE_COV_REPORT_PATH }} | |
- name: Upload to CodeCov.io | |
uses: RDXWorks-actions/codecov-action@main | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
files: ${{ env.SWIFT_CODE_COV_REPORT_PATH }} | |
name: codecov-swift | |
flags: swift | |
# Kotlin test run on JVM on macOS (Apple Silicon) | |
test-kotlin: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- name: Remove unused software | |
run: | | |
sudo rm -rf \ | |
"$AGENT_TOOLSDIRECTORY" \ | |
/opt/google/chrome \ | |
/opt/microsoft/msedge \ | |
/opt/microsoft/powershell \ | |
/opt/pipx \ | |
/usr/lib/mono \ | |
/usr/local/julia* \ | |
/usr/local/lib/node_modules \ | |
/usr/local/share/chromium \ | |
/usr/local/share/powershell \ | |
/usr/share/dotnet \ | |
/usr/local/share/boost \ | |
/opt/ghc | |
- name: Install Rust Toolchain for x86_64-unknown-linux-gnu | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
components: ${{ env.RUST_COMPONENTS }} | |
target: x86_64-unknown-linux-gnu | |
default: 'true' | |
- name: Set up JDK 17 | |
uses: RDXWorks-actions/setup-java@v3 | |
with: | |
distribution: "adopt" | |
java-version: "17" | |
- name: Setup Android SDK | |
uses: RDXWorks-actions/setup-android@v2 | |
- name: Unit test with coverage | |
uses: RDXWorks-actions/gradle-build-action@main | |
with: | |
arguments: sargon-android:koverXmlReportDebug | |
build-root-directory: jvm | |
- name: Upload to CodeCov.io | |
uses: RDXWorks-actions/codecov-action@main | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
file: ./jvm/sargon-android/build/reports/kover/reportDebug.xml | |
name: codecov-jvm | |
flags: kotlin | |
# Code Coverage uses Tarpaulin and uploads to CodeCov.io | |
code-coverage: | |
runs-on: macos-15-xlarge | |
steps: | |
- uses: RDXWorks-actions/checkout@main | |
- uses: RDXWorks-actions/setup-xcode@master | |
with: | |
# trying to fix https://github.com/rust-lang/rust/issues/113783 | |
xcode-version: "16.0.0" | |
- name: Install Rust Toolchain | |
uses: RDXWorks-actions/toolchain@master | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
default: true | |
- name: Install cargo tarpaulin | |
uses: RDXWorks-actions/cargo-install@main | |
with: | |
crate: cargo-tarpaulin | |
tag: 0.30.0 | |
locked: true | |
- name: Code Coverage - Generate | |
run: cargo tarpaulin | |
- name: Code Coverage - Upload to CodeCov.io | |
uses: RDXWorks-actions/codecov-action@main | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
flags: rust |