forked from BamPeers/rust-ci-github-actions-workflow
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathTaskfile.dist.yaml
252 lines (214 loc) · 6.5 KB
/
Taskfile.dist.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
version: '3'
env:
#ENV: dev
#ENV: testing
#ENV: staging
ENV: production
dotenv: ['.env', '{{ .taskEnv }}']
vars:
project: Hello World
homepage: https://example.com
forums: https://example.com/forums
chat: https://chat.example.com
ircserver: irc.libera.chat
ircroom: help
homepage: https://example.com
author: Acme Inc.
version: 0.0.1
build:
sh: git rev-parse --short HEAD
date:
sh: date -Ins
license: MIT
user:
sh: id -u -n
hostname:
sh: hostname
taskEnv: .task.env
tasks:
default:
cmds:
- task: hello
hello:
desc: "Display project welcome message"
summary: |
Display project information and welcome message
This is space for a longer description.
cmds:
- cmd: echo " Hello {{ .fullname }}!"
silent: true
- cmd: echo -e "\nRun `just help` to get started."
silent: true
- cmd: just help
silent: true
build:
desc: Build
deps: ['build:templates']
cmds:
- cargo auditable build --release
- defer: { task: cleanup }
build:templates:
desc: "Compile templates"
sources:
- '**/*.j2'
cmds:
- for: sources
cmd: minijinja-cli --strict --format toml --output $(basename {{ .ITEM }} .j2) {{ .ITEM }} variables.toml
test:
desc: Run tests
deps: ['test:code', 'test:scripts', 'test:apis']
test:code:
desc: Test code
cmds:
- task: test:code:rust
test:code:rust:
desc: "Test Rust code"
sources:
- '**/*.rs'
cmds:
- cargo test --all-features
test:scripts:
desc: Test using scripts
cmds:
- task: run:venom
test:apis:
desc: Test APIs
cmds:
- task: run:hurl
run:venom:
desc: Run venom scripted tests
sources:
- '**/*.venom.yaml'
run: always
cmds:
- for: sources
cmd: task run:venom:test -- {{ .ITEM }}
run:venom:test:
desc: Run a venom test
cmds:
- if [ ! -f build/tests/venom/variables.yaml ]; then echo '---' > build/tests/venom/variables.yaml ; fi
- venom run --output-dir build/tests/venom/results --html-report --var-from-file build/tests/venom/variables.yaml {{ .CLI_ARGS }}
- mv build/tests/venom/results/test_results.html build/tests/venom/results/index.html
- cat build/tests/venom/results/test_results_venom.json | jq
- echo www --port 4001 build/tests/venom/results
run:hurl:
desc: Run hurl API tests
sources:
- '**/*.hurl.yaml'
run: always
cmds:
- for: sources
cmd: task run:hurl:test -- {{ .ITEM }}
run:hurl:test:
desc: Run a hurl test
cmds:
- hurl --test --parallel --glob {{ .CLI_ARGS }} --report-html build/tests/hurl --report-json build/tests/hurl
- cat build/tests/hurl/report.json | jq
- echo www --port 4002 build/tests/hurl
clean:
desc: Clean up
cmds:
- echo Cleaning...
lint:
desc: Lint code
deps: ['run:lychee', 'run:cargo-outdated']
run:lychee:
desc: Run lychee link checker
sources:
- '**/*.md'
cmds:
- for: sources
cmd: if ! test "$PWD" != "${PWD%node_modules*}" ; echo lychee {{ .ITEM }} ; fi
run:cargo-outdated:
desc: Run cargo outdated
sources:
- '**/Cargo.toml'
cmds:
- for: sources
cmd: cd $(dirname {{ .ITEM }}) ; cargo outdated
format:
desc: Format code
deps: ['run:treefmt']
run:treefmt:
desc: Run treefmt
cmds:
- treefmt
# for v2: treefmt --on-unmatched=info
docs:
desc: Build documentation pages
deps: ['run:mdbook', 'run:zola']
run:mdbook:
desc: Build mdbook technical notes
generates:
- './docs/technical/mdbook'
cmds:
- echo Building mdbook...
- if [ ! -d mdbook ]; then mkdir -p docs/technical ; cd docs/technical ; mdbook init mdbook --title "Technical Documentation" --ignore git; fi
- cd docs/technical/mdbook ; mkdir -p ../../../build/docs/technical/mdbook ; mdbook build --dest-dir ../../../build/docs/technical/mdbook
- 'echo Start server: mdbook serve --dest-dir ../../../build/docs/technical/mdbook --port 3001'
#run:docusourus:
#desc: Build docusourus user guides
#vars:
#GIT_OWNER:
#sh: git remote get-url origin | grep owner
#GIT_PROJECT:
#sh: git remote get-url origin | grep owner
#generates:
#- './docs/user-guides/docusourus'
#cmds:
#- echo Building docusourus...
#- if [ ! -d docusourus ]; then npx --yes create-docusaurus@latest --typescript --git-strategy shallow --package-manager yarn docusourus classic ; fi
#- cd docusourus
#- 'sd --fixed-strings "facebook/docusourus" "{{.GIT_OWNER}}/{{.GIT_PROJECT}}" docusaurus.config.ts'
#- 'sd "organizationName: .facebook." "{{.GIT_OWNER}}" docusaurus.config.ts'
#- yarn build
#- 'echo Start server: www --port 3002 build'
run:zola:
desc: Build zola blog and release notes
generates:
- './docs/blog/zola'
cmds:
- echo Building zola...
- if [ ! -d zola ]; then mkdir -p docs/blog ; cd docs/blog ; zola init zola ; fi
- cd docs/blog/zola ; mkdir -p ../../../build/docs/blog/zola ; zola build --force --base-url https://localhost:3004 --output-dir ../../../build/docs/blog/zola
- 'echo Start server: www --port 3004 ../../../build/docs/blog/zola'
audit:
desc: Perform a security audit
deps: ['audit:secrets', 'audit:vulnerabilities', 'audit:code-quality']
audit:secrets:
desc: Scan for secrets
cmds:
- task: run:trufflehog
run:trufflehog:
desc: Run trufflehog
summary: |
Scan for:
- 700 credential detectors that support active verification against their respective APIs.
- GitHub, GitLab, Docker, filesystems, S3, GCS, Circle CI and Travis CI.
- Instantly verify private keys against millions of GitHub users and billions of TLS certificates
- Scan binaries and documents
cmds:
- trufflehog git file://. --since-commit HEAD --only-verified --no-update --fail
audit:vulnerabilities:
desc: Scan for vulnerabilities
cmds:
- task: run:trivy
run:trivy:
desc: Run trivy
summary: |
Scan for:
OS packages and software dependencies in use (SBOM)
Known vulnerabilities (CVEs)
IaC issues and misconfigurations
Sensitive information and secrets
Software licenses
cmds:
- trivy --config trivy.yaml fs .
audit:code-quality:
desc: Look for code smells
cmds:
- task: run:sonarcube
run:sonarcube:
desc: Run sonarcube
cmds:
- echo sonarcube run