Skip to content

Use common detectors #46

Use common detectors

Use common detectors #46

name: Test Detectors
on:
pull_request:
paths:
- "apps/cargo-scout-audit/**"
- "detectors/**"
- "test-cases/**"
- "scripts/**"
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: full
PYTHONUNBUFFERED: 1
jobs:
validate-detectors:
name: Validate
runs-on: ubuntu-latest
outputs:
status: ${{ job.status }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Validate detectors
run: python scripts/validate-detectors.py
build:
name: Build
needs: [validate-detectors]
strategy:
matrix:
os:
- ubuntu-latest
# - macos-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Cache cargo dependencies and tool versions
uses: actions/cache@v4
with:
path: |
~/.cargo
~/.rustup
key: ${{ runner.os }}-tests-${{ hashFiles('**/Cargo.toml', 'apps/cargo-scout-audit/src/**/*.rs') }}
restore-keys: ${{ runner.os }}-tests-
- name: Install Rust stable
run: rustup install stable --profile minimal
- name: Update Rust Toolchain
run: rustup update
- name: Install Rust nightly
run: rustup install nightly --profile minimal
- name: Install dylint, dylint-link
run: cargo +nightly install cargo-dylint dylint-link
- name: Install cargo-scout-audit
working-directory: apps/cargo-scout-audit
run: cargo install --path .
- name: Determine build status and write to file
run: echo "${{ job.status }}" > status-${{ matrix.os }}.txt
- name: Upload build status artifact
uses: actions/upload-artifact@v4
with:
name: build-status-${{ matrix.os }}
path: status-${{ matrix.os }}.txt
prepare-detector-matrix:
name: Prepare Detector Matrix
runs-on: ubuntu-latest
needs: [build, validate-detectors]
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- id: set-matrix
run: echo "matrix=$(python3 scripts/find-test-cases.py)" >> $GITHUB_OUTPUT
test:
name: Test detector
needs: [build, prepare-detector-matrix]
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
# - macos-latest
# - windows-latest
detector: ${{fromJson(needs.prepare-detector-matrix.outputs.matrix)}}
runs-on: ${{ matrix.os }}
outputs:
status: ${{ job.status }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Cache cargo dependencies and tool versions
uses: actions/cache@v4
with:
path: |
~/.cargo
~/.rustup
key: ${{ runner.os }}-tests-${{ hashFiles('**/Cargo.toml', 'apps/cargo-scout-audit/src/**/*.rs') }}
restore-keys: ${{ runner.os }}-tests-
- name: Run unit and integration tests
run: python scripts/run-tests.py --detector=${{ matrix.detector }}
comment-on-pr:
name: Comment on PR
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [validate-detectors, build, test]
steps:
- name: Download build status artifacts
uses: actions/download-artifact@v4
- name: Read Ubuntu build status
id: ubuntu_status
working-directory: build-status-ubuntu-latest
run: echo "status=$(cat status-ubuntu-latest.txt)" >> $GITHUB_OUTPUT
# - name: Read macOS build status
# id: macos_status
# working-directory: build-status-macos-latest
# run: echo "status=$(cat status-macos-latest.txt)" >> $GITHUB_OUTPUT
# - name: Read Windows build status
# id: windows_status
# working-directory: build-status-windows-latest
# run: echo "status=$(cat status-windows-latest.txt)" >> $GITHUB_OUTPUT
- name: Find comment
id: find_comment
uses: peter-evans/find-comment@v3
with:
issue-number: ${{ github.event.pull_request.number }}
body-includes: "🎉 **Test Detectors Workflow Summary** 🎉"
- name: Create or Update PR Comment
uses: peter-evans/create-or-update-comment@v4.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
comment-id: ${{ steps.find_comment.outputs.comment-id }}
edit-mode: replace
issue-number: ${{ github.event.pull_request.number }}
body: |
🎉 **Test Detectors Workflow Summary** 🎉
| Component | Status |
|-------------------------|--------|
| Detector Validation | ${{ (needs.validate-detectors.outputs.status == 'success' && '✅ Successful') || '❌ Failed' }} |
| Build on Ubuntu | ${{ (steps.ubuntu_status.outputs.status == 'success' && '✅ Successful') || '❌ Failed' }} |
| Tests Execution | ${{ (needs.test.outputs.status == 'success' && '✅ Successful') || '❌ Failed' }} |
The workflow has completed. Great job! 🚀
# | Build on macOS | ${{ (steps.macos_status.outputs.status == 'success' && '✅ Successful') || '❌ Failed' }} |
# | Build on Windows | ${{ (steps.windows_status.outputs.status == 'success' && '✅ Successful') || '❌ Failed' }} |