rust-llkv/.github/workflows/rust-lint.yml at main · jzombie/rust-llkv · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: rust-lint

on: [pull_request]

# Ensure only one run per branch/PR at a time. If new commits are pushed,
# older jobs will be automatically canceled.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  udeps:
    name: udeps
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v6

      - uses: dtolnay/rust-toolchain@nightly

      - name: Calculate lockfile hash
        id: lockfile
        shell: bash
        run: |
          if command -v sha256sum >/dev/null 2>&1; then
            HASH=$(sha256sum Cargo.lock | awk '{print $1}')
          elif command -v shasum >/dev/null 2>&1; then
            HASH=$(shasum -a 256 Cargo.lock | awk '{print $1}')
          else
            echo "No hashing utility found"
            exit 1
          fi
          echo "hash=$HASH" >> "$GITHUB_OUTPUT"

      - name: Cache Cargo dependencies
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/bin/
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
            target/
          key: ${{ runner.os }}-udeps-${{ steps.lockfile.outputs.hash }}
          restore-keys: |
            ${{ runner.os }}-udeps-

      - name: Install cargo-udeps
        shell: bash
        run: |
          set -euo pipefail
          if ! command -v cargo-udeps >/dev/null 2>&1; then
            cargo install cargo-udeps --locked
          else
            echo "cargo-udeps already installed; skipping"
          fi

      - name: Check unused dependencies
        run: cargo udeps --workspace --all-targets --all-features

  lint:
    name: lint
    runs-on: ubuntu-latest
    needs: udeps

    steps:
      - uses: actions/checkout@v6

      - uses: dtolnay/rust-toolchain@stable

      # Workaround for macOS error when using `hashFiles`:
      # "Error: The template is not valid....Fail to hash files under directory"
      - name: Calculate lockfile hash
        id: lockfile
        shell: bash
        run: |
          if command -v sha256sum >/dev/null 2>&1; then
            HASH=$(sha256sum Cargo.lock | awk '{print $1}')
          elif command -v shasum >/dev/null 2>&1; then
            HASH=$(shasum -a 256 Cargo.lock | awk '{print $1}')
          else
            echo "No hashing utility found"
            exit 1
          fi
          echo "hash=$HASH" >> "$GITHUB_OUTPUT"

      - name: Cache Cargo dependencies
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/bin/
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
            target/
          key: ${{ runner.os }}-lint-${{ steps.lockfile.outputs.hash }}
          restore-keys: |
            ${{ runner.os }}-lint-

      # Note: This is a workaround for an issue that just started appearing in lint checks
      # and I'm not yet sure if it's due to GitHub Actions having updated something behind
      # the scenes:
      # error: 'cargo-fmt' is not installed for the toolchain 'stable-x86_64-unknown-linux-gnu'
      - name: Install rustfmt
        run: rustup component add rustfmt clippy

      - name: Install cargo-binstall
        shell: bash
        run: |
          set -euo pipefail
          if ! command -v cargo-binstall >/dev/null 2>&1; then
            curl -sSfL https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
          fi

      - name: Install tools
        shell: bash
        run: |
          set -euo pipefail
          cargo binstall --no-confirm --no-symlinks --force cargo-deny cargo-audit cargo-sort \
            || cargo install --locked --force cargo-deny cargo-audit cargo-sort

      # Ensure all Cargo.toml files are sorted
      - name: Check Cargo manifest sorting
        run: cargo sort --workspace --check

      # Check formatting across the entire workspace
      - name: Check formatting
        run: cargo fmt --all -- --check

      # Run Clippy with all targets and features across workspace
      - name: Run Clippy
        run: cargo clippy --workspace --all-targets --all-features -- -D warnings

      # Fail if any documentation warnings occur
      - name: Check documentation
        run: RUSTDOCFLAGS="-D warnings" cargo doc --workspace --no-deps --document-private-items

      # Security: cargo-deny across workspace
      - name: Run cargo-deny
        run: cargo deny check # Note: Apparently `-- --workspace` is not valid here

      # Security: cargo-audit on root Cargo.lock
      - name: Run cargo-audit
        run: cargo audit