-
Notifications
You must be signed in to change notification settings - Fork 17
105 lines (103 loc) · 4.37 KB
/
unit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Unit
on:
push:
branches:
- main
- develop
pull_request:
paths:
- ".github/workflows/unit.yml"
- "chain-signatures/**/*.rs"
- "chain-signatures/Cargo.*"
- "mpc-recovery/**/*.rs"
- "mpc-recovery/Cargo.*"
- "load-tests/**/*.rs"
- "test-oidc-provider/**/*.rs"
- "integration-tests/**/*.rs"
env:
RUSTFLAGS: -D warnings
jobs:
test:
runs-on: warp-ubuntu-latest-x64-4x
name: Check & Test
steps:
- uses: actions/checkout@v3
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
target: wasm32-unknown-unknown
- uses: WarpBuilds/cache@v1
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: "${{ runner.os }}-cargo-${{ hashFiles('mpc-recovery/Cargo.lock') }}"
restore-keys: ${{ runner.os }}-cargo-
- name: Install Protoc
uses: arduino/[email protected]
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Compile Contract
run: cd chain-signatures && cargo build -p mpc-contract --target wasm32-unknown-unknown --release
- name: Compile
run: |
( cd chain-signatures ; cargo check )
( cd mpc-recovery ; cargo check )
( cd load-tests ; cargo check )
( cd test-oidc-provider ; cargo check )
( cd integration-tests/chain-signatures ; cargo check )
( cd integration-tests/fastauth ; cargo check )
- name: Test format
run: |
( cd chain-signatures ; cargo fmt -- --check )
( cd mpc-recovery ; cargo fmt -- --check )
( cd load-tests ; cargo fmt -- --check )
( cd test-oidc-provider ; cargo fmt -- --check )
( cd integration-tests/chain-signatures ; cargo fmt -- --check )
( cd integration-tests/fastauth ; cargo fmt -- --check )
- name: Test clippy
run: |
( cd chain-signatures ; cargo clippy --tests -- -Dclippy::all )
( cd mpc-recovery ; cargo clippy --tests -- -Dclippy::all )
( cd load-tests ; cargo clippy --tests -- -Dclippy::all )
( cd test-oidc-provider ; cargo clippy --tests -- -Dclippy::all )
( cd integration-tests/chain-signatures ; cargo clippy --tests -- -Dclippy::all )
( cd integration-tests/fastauth ; cargo clippy --tests -- -Dclippy::all )
- name: Unit tests (FastAuth)
working-directory: mpc-recovery
run: cargo test
- name: Unit tests (Chain Signatures)
working-directory: chain-signatures
run: cargo test
audit:
name: Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
- name: Install Audit
run: cargo install cargo-audit
- name: Run Audit (FastAuth)
working-directory: integration-tests/fastauth
run: |
cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2024-0019 --ignore RUSTSEC-2024-0344 --ignore RUSTSEC-2024-0357
- name: Run Audit (Chain Signatures)
# even if previous audit step fails, run this audit step to ensure all crates are audited
if: always()
working-directory: chain-signatures
# ALL audit exceptions must be justified here
# RUSTSEC-2024-0344 and RUSTSEC-2022-0093 are both to do with ed25519 signatures in near-sdk, we don't sign things with this library so it's safe
# RUSTSEC-2022-0054 wee-alloc is unmaintained, it's fine for now because we barely use an allocator and the contracts are short lived, but we should find a replacement/use the default allocator
# RUSTSEC-2021-0145 atty can do an unallocated read with a custom allocator in windows. We don't run this in windows and we don't use a custom allocator.
# RUSTSEC-2024-0399 according to the description, this is not affecting us since we are not using Acceptor
run: |
cargo audit --ignore RUSTSEC-2022-0093 --ignore RUSTSEC-2024-0344 --ignore RUSTSEC-2022-0054 --ignore RUSTSEC-2021-0145 --ignore RUSTSEC-2024-0399