add pipeline via CoPilot #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | ||
|
Check failure on line 1 in .github/workflows/main.yaml
|
||
| on: | ||
| push: | ||
| branches: [ main, develop ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| jobs: | ||
| test: | ||
| name: Test | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Install Rust | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| components: clippy, rustfmt | ||
| - name: Cache dependencies | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: | | ||
| ~/.cargo/cache | ||
| ~/.cargo/registry | ||
| target/ | ||
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
| - name: Check formatting | ||
| run: cargo fmt --all -- --check | ||
| - name: Run clippy | ||
| run: cargo clippy --all-targets --all-features -- -D warnings | ||
| - name: Build | ||
| run: cargo build --verbose | ||
| - name: Run tests | ||
| run: cargo test --verbose | ||
| - name: Generate coverage report | ||
| run: | | ||
| cargo install cargo-tarpaulin | ||
| cargo tarpaulin --out xml --output-dir coverage/ | ||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v3 | ||
| with: | ||
| file: coverage/cobertura.xml | ||
| fail_ci_if_error: true | ||
| dependency-scan: | ||
| name: Dependency Scan | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Install Rust | ||
| uses: dtolnay/rust-toolchain@stable | ||
| - name: Cache dependencies | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: | | ||
| ~/.cargo/cache | ||
| ~/.cargo/registry | ||
| target/ | ||
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
| - name: Install cargo-audit | ||
| run: cargo install cargo-audit | ||
| - name: Run security audit | ||
| run: cargo audit | ||
| - name: Install cargo-outdated | ||
| run: cargo install cargo-outdated | ||
| - name: Check for outdated dependencies | ||
| run: cargo outdated --exit-code 1 | ||
| sonarqube: | ||
| name: SonarQube Analysis | ||
| runs-on: ubuntu-latest | ||
| needs: test | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Install Rust | ||
| uses: dtolnay/rust-toolchain@stable | ||
| - name: Cache dependencies | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: | | ||
| ~/.cargo/cache | ||
| ~/.cargo/registry | ||
| target/ | ||
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
| - name: Generate coverage report for SonarQube | ||
| run: | | ||
| cargo install cargo-tarpaulin | ||
| cargo tarpaulin --out xml --output-dir coverage/ | ||
| - name: SonarQube Scan | ||
| uses: sonarqube-quality-gate-action@master | ||
| env: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | ||
| build-docker: | ||
| name: Build Docker Image | ||
| runs-on: ubuntu-latest | ||
| needs: [test, dependency-scan] | ||
| if: github.ref == 'refs/heads/main' | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Build Docker image | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: false | ||
| tags: git-next-tag:latest | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
