fix: hotfix for openssl-sys dependencies in auths-python/node packages'; #292
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - 'LICENSE*' | |
| - '.gitignore' | |
| pull_request: | |
| branches: [main] | |
| paths-ignore: | |
| - '**.md' | |
| - 'docs/**' | |
| - 'LICENSE*' | |
| - '.gitignore' | |
| permissions: | |
| contents: read | |
| checks: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: -D warnings | |
| jobs: | |
| fmt: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --check --all | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-clippy-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-clippy- | |
| - run: cargo clippy --all-targets --all-features -- -D warnings | |
| - run: cargo run -p xtask -- check-clippy-sync | |
| schemas: | |
| name: Schema validation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-schemas-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-schemas- | |
| - name: Regenerate schemas and check for drift | |
| run: | | |
| cargo run -p xtask -- generate-schemas | |
| git diff --exit-code schemas/ | |
| - name: Validate fixtures against schemas | |
| run: cargo run -p xtask -- validate-schemas | |
| test: | |
| name: Test (${{ matrix.os }}) | |
| needs: [fmt, clippy] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # TODO: add os: [ubuntu-latest, macos-latest, windows-latest] | |
| os: [macos-latest, ubuntu-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-test-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-test- | |
| - name: Install nextest | |
| uses: taiki-e/install-action@nextest | |
| - name: Install SoftHSMv2 (Ubuntu) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get install -y softhsm2 | |
| mkdir -p /tmp/softhsm/tokens | |
| echo "directories.tokendir = /tmp/softhsm/tokens" > /tmp/softhsm2.conf | |
| export SOFTHSM2_CONF=/tmp/softhsm2.conf | |
| softhsm2-util --init-token --slot 0 --label "auths-test" --pin 12345678 --so-pin 12345678 | |
| echo "SOFTHSM2_CONF=/tmp/softhsm2.conf" >> "$GITHUB_ENV" | |
| - name: Install SoftHSMv2 (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| brew install softhsm | |
| mkdir -p /tmp/softhsm/tokens | |
| echo "directories.tokendir = /tmp/softhsm/tokens" > /tmp/softhsm2.conf | |
| export SOFTHSM2_CONF=/tmp/softhsm2.conf | |
| softhsm2-util --init-token --slot 0 --label "auths-test" --pin 12345678 --so-pin 12345678 | |
| echo "SOFTHSM2_CONF=/tmp/softhsm2.conf" >> "$GITHUB_ENV" | |
| - name: Configure Git | |
| run: | | |
| git config --global user.name "CI" | |
| git config --global user.email "ci@auths.dev" | |
| - name: Run tests | |
| run: cargo nextest run --workspace --all-features --no-fail-fast | |
| - name: Run doc tests | |
| run: cargo test --all --doc | |
| - name: Security audit | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: rustsec/audit-check@v2.0.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # capsec-audit: | |
| # name: Capability Audit | |
| # runs-on: ubuntu-latest | |
| # permissions: | |
| # contents: read | |
| # security-events: write | |
| # pull-requests: write | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # - uses: dtolnay/rust-toolchain@stable | |
| # - name: Audit clean crates (zero I/O expected) | |
| # uses: bordumb/capsec-github-action@v1 | |
| # with: | |
| # only: auths-crypto,auths-verifier,auths-policy,auths-keri | |
| # fail-on: low | |
| # upload-sarif: false | |
| # comment-on-pr: false | |
| # - name: Audit dirty crates (no new high-risk I/O) | |
| # uses: bordumb/capsec-github-action@v1 | |
| # with: | |
| # only: auths-core,auths-id | |
| # fail-on: high | |
| # diff: 'true' | |
| # upload-sarif: true | |
| # sarif-category: capsec-audit-dirty | |
| # comment-on-pr: true | |
| msrv: | |
| name: MSRV check (1.93) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@1.93 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-msrv-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-msrv- | |
| - run: cargo check --workspace | |
| wasm: | |
| name: WASM build (auths-verifier) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: wasm32-unknown-unknown | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-wasm-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-wasm- | |
| - name: Install wasm-pack | |
| run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
| - name: Build WASM with wasm-pack | |
| working-directory: crates/auths-verifier | |
| run: wasm-pack build --target bundler --no-default-features --features wasm | |
| e2e-tests: | |
| name: E2E Tests (${{ matrix.os }}) | |
| needs: [test] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@1.93 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-e2e-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-e2e- | |
| - uses: astral-sh/setup-uv@v4 | |
| - name: Build auths binaries | |
| run: cargo build --package auths-cli | |
| - name: Configure git | |
| run: | | |
| git config --global user.name "CI" | |
| git config --global user.email "ci@auths.dev" | |
| - name: Run E2E tests | |
| working-directory: tests/e2e | |
| run: uv run pytest -v --junitxml=../../results-${{ matrix.os }}.xml | |
| env: | |
| AUTHS_BIN: ${{ github.workspace }}/target/debug/auths | |
| AUTHS_SIGN_BIN: ${{ github.workspace }}/target/debug/auths-sign | |
| AUTHS_VERIFY_BIN: ${{ github.workspace }}/target/debug/auths-verify | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-results-${{ matrix.os }} | |
| path: results-*.xml |