-
Notifications
You must be signed in to change notification settings - Fork 0
134 lines (114 loc) · 3.73 KB
/
build.yml
File metadata and controls
134 lines (114 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: "Build"
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
actions: write
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ matrix.rust-version }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
rust-version: [ stable, beta, nightly ]
steps:
- name: "Checkout"
uses: actions/checkout@v6
- name: "Setup - Rust Toolchain"
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9
if: steps.changes.outputs.src == 'true'
with:
components: clippy,rustfmt
toolchain: ${{ matrix.rust-version }}
- name: "Restore cached Cargo"
id: cache-restore
uses: actions/cache/restore@v5
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-${{ matrix.rust-version }}-cargo
- name: "Formatting Check"
run: cargo fmt --check
- name: "Run build..."
run: |
set -e
cargo build --workspace
cargo test --workspace
- name: Save Cargo / Rust Cache
id: cache-save
if: ${{ github.event_name == 'push' }}
uses: actions/cache/save@v5
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ steps.cache-restore.outputs.cache-primary-key }}
container:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
permissions:
id-token: write
contents: write
env:
REGISTRY: ghcr.io
steps:
- name: "Checkout"
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
- name: Set Container Metadata
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051
id: meta
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}
tags: |
# latest / main
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
- name: Login to GitHub Container Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Container ${{ github.repository }}
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
id: build
with:
file: "./Dockerfile"
context: .
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# SBOM Settings
sbom: true
# Pass GitHub token as a build secret
secrets: |
"github_token=${{ secrets.GITHUB_TOKEN }}"
# Upload Software Bill of Materials (SBOM) to GitHub
- name: Upload SBOM
uses: advanced-security/spdx-dependency-submission-action@5530bab9ee4bbe66420ce8280624036c77f89746 # v0.1.1
with:
filePath: '.'
filePattern: '*.spdx.json'
markdown:
uses: advanced-security/reusable-workflows/.github/workflows/markdown-lint.yml@main
if: github.event_name == 'pull_request'
permissions:
id-token: write
contents: write
pull-requests: read
secrets: inherit