github workflows
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
This commit is contained in:
parent
12d2a9f962
commit
ccab3b867f
|
@ -0,0 +1,45 @@
|
|||
# CI job for scanning Cargo dependencies for vulnerabilities and report/fail job based on criticality.
|
||||
# Critically vulnerable dependencies with fix available will mark the run as failed (X)
|
||||
name: Rust Cargo Audit
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
pull_request:
|
||||
|
||||
# Allowing manual runs with ability to choose branch
|
||||
workflow_dispatch:
|
||||
|
||||
# Optimisation option by targeting direct paths to only scan when there are changes to dependencies in the push/PR
|
||||
# push:
|
||||
# paths:
|
||||
# - 'Cargo.toml'
|
||||
# - 'Cargo.lock'
|
||||
# pull_request:
|
||||
# paths:
|
||||
# - 'Cargo.toml'
|
||||
# - 'Cargo.lock'
|
||||
|
||||
# Example of running scheduled scans at 6AM UTC every Monday to regularly check for vulnerable dependencies
|
||||
# schedule:
|
||||
# - cron: '0 6 * * 1'
|
||||
|
||||
# Run the job
|
||||
jobs:
|
||||
Cargo-audit:
|
||||
name: Cargo Vulnerability Scanner
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Check out GitHub repo
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
# Install cargo audit
|
||||
- name: Install Cargo Audit
|
||||
uses: actions-rs/install@v0.1
|
||||
with:
|
||||
crate: cargo-audit
|
||||
version: latest
|
||||
|
||||
# Run cargo audit using args from .cargo/audit.toml (ignores, etc.)
|
||||
- name: Run Cargo Audit
|
||||
run: cargo audit -c always
|
|
@ -0,0 +1,72 @@
|
|||
name: Lint and Test
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
pull_request:
|
||||
|
||||
env:
|
||||
CARGO_TERM_COLOR: always
|
||||
SOLANA_VERSION: "1.9.5"
|
||||
RUST_TOOLCHAIN: stable
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: ./
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install Rust nightly
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
override: true
|
||||
profile: minimal
|
||||
toolchain: ${{ env.RUST_TOOLCHAIN }}
|
||||
components: rustfmt, clippy
|
||||
- name: Cache dependencies
|
||||
uses: Swatinem/rust-cache@v1
|
||||
|
||||
- name: Run fmt
|
||||
run: cargo fmt -- --check
|
||||
# The style and complexity lints have not been processed yet.
|
||||
- name: Run clippy
|
||||
run: cargo clippy -- --deny=warnings --allow=clippy::style --allow=clippy::complexity
|
||||
|
||||
tests:
|
||||
name: Test
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install Linux dependencies
|
||||
run: sudo apt-get update && sudo apt-get install -y pkg-config build-essential libudev-dev
|
||||
- name: Install Rust nightly
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
override: true
|
||||
profile: minimal
|
||||
toolchain: ${{ env.RUST_TOOLCHAIN }}
|
||||
- name: Cache dependencies
|
||||
uses: Swatinem/rust-cache@v1
|
||||
|
||||
# Install Solana
|
||||
- name: Cache Solana binaries
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.cache/solana
|
||||
key: ${{ runner.os }}-${{ env.SOLANA_VERSION }}
|
||||
- name: Install Solana
|
||||
run: |
|
||||
sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
|
||||
echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
|
||||
export PATH="/home/runner/.local/share/solana/install/active_release/bin:$PATH"
|
||||
solana --version
|
||||
echo "Generating keypair..."
|
||||
solana-keygen new -o "$HOME/.config/solana/id.json" --no-passphrase --silent
|
||||
|
||||
- name: Run bpf tests
|
||||
run: cargo test-bpf
|
|
@ -0,0 +1,56 @@
|
|||
name: Soteria Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
pull_request:
|
||||
|
||||
env:
|
||||
CARGO_TERM_COLOR: always
|
||||
SOLANA_VERSION: "1.9.5"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Soteria
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check-out repo
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Cache Solana binaries
|
||||
uses: actions/cache@v2
|
||||
id: solana-cache
|
||||
with:
|
||||
path: |
|
||||
~/.cache/solana
|
||||
~/.local/share/solana
|
||||
~/.rustup
|
||||
key: solana-${{ env.SOLANA_VERSION }}
|
||||
|
||||
- name: Cache build dependencies
|
||||
uses: Swatinem/rust-cache@v1
|
||||
with:
|
||||
target-dir: .coderrect/build
|
||||
|
||||
- name: Install Solana
|
||||
if: steps.solana-cache.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
echo Installing Solana v${{ env.SOLANA_VERSION }}...
|
||||
sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
|
||||
echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
|
||||
export PATH="/home/runner/.local/share/solana/install/active_release/bin:$PATH"
|
||||
echo Installing bpf toolchain...
|
||||
(cd /home/runner/.local/share/solana/install/active_release/bin/sdk/bpf/scripts; ./install.sh)
|
||||
shell: bash
|
||||
|
||||
- name: Install Soteria
|
||||
run: |
|
||||
echo Installing Soteria...
|
||||
sh -c "$(curl -k https://supercompiler.xyz/install)"
|
||||
export PATH=$PWD/soteria-linux-develop/bin/:$PATH
|
||||
echo "$PWD/soteria-linux-develop/bin" >> $GITHUB_PATH
|
||||
shell: bash
|
||||
|
||||
- name: Run Soteria
|
||||
run: soteria -analyzeAll .
|
||||
shell: bash
|
Loading…
Reference in New Issue