diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 84b5730..5e2aaa9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,12 +40,14 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Rust toolchain + if: matrix.runner != 'cachekit' || matrix.rust == '1.85' uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master with: toolchain: ${{ matrix.rust }} components: ${{ matrix.rust != '1.85' && 'rustfmt, clippy' || '' }} - name: Cache cargo registry + if: matrix.runner != 'cachekit' uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: cache-all-crates: true @@ -71,17 +73,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - - - name: Cache cargo registry - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - with: - cache-all-crates: true - - - name: Install security tools - run: cargo install cargo-deny cargo-audit - - name: Check dependencies (licenses & security advisories) run: cargo deny check diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6ac6a19..f5c9590 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,9 +25,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - - name: Initialize CodeQL uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d2f5331..ea04e63 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,12 +38,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - - - name: Cache cargo registry - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 - - name: Run tests before publish run: cargo test --all-features diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index ef3c867..468cccc 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -27,31 +27,6 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable - with: - toolchain: "stable" - components: clippy - - - name: Cache Rust dependencies - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 - with: - path: | - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: ${{ runner.os }}-cargo-security-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-security- - ${{ runner.os }}-cargo- - - - name: Install cargo-audit - run: cargo install cargo-audit --locked - - - name: Install cargo-deny - run: cargo install cargo-deny --locked - - name: Run cargo audit (CVE scanning) run: cargo audit @@ -92,24 +67,8 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # nightly - - - name: Cache Rust dependencies - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 - with: - path: | - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - fuzz/target/ - key: ${{ runner.os }}-cargo-fuzz-nightly-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-fuzz-nightly- - ${{ runner.os }}-cargo- - - - name: Install cargo-fuzz - run: cargo install cargo-fuzz --locked + - name: Use nightly toolchain + run: rustup default nightly - name: Run quick fuzz (corpus only) run: | @@ -147,24 +106,8 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@5b842231ba77f5c045dba54ac5560fed2db780e2 # nightly - - - name: Cache Rust dependencies - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 - with: - path: | - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - fuzz/target/ - key: ${{ runner.os }}-cargo-fuzz-nightly-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-fuzz-nightly- - ${{ runner.os }}-cargo- - - - name: Install cargo-fuzz - run: cargo install cargo-fuzz --locked + - name: Use nightly toolchain + run: rustup default nightly - name: Run deep fuzz (30 minutes per target) run: | @@ -190,24 +133,6 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master - with: - toolchain: "1.85" - - - name: Cache Rust dependencies - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 - with: - path: | - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: ${{ runner.os }}-cargo-kani-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-kani- - ${{ runner.os }}-cargo- - - name: Install Kani run: | cargo install --locked kani-verifier || echo "Kani install failed, skipping verification" @@ -225,23 +150,8 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master - with: - toolchain: "1.85" - - - name: Cache Rust dependencies - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 - with: - path: | - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: ${{ runner.os }}-cargo-vet-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-vet- - ${{ runner.os }}-cargo- + - name: Generate lockfile + run: cargo generate-lockfile - name: Install cargo-vet run: cargo install cargo-vet --locked @@ -257,24 +167,6 @@ jobs: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # master - with: - toolchain: "1.85" - - - name: Cache Rust dependencies - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 - with: - path: | - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: ${{ runner.os }}-cargo-sbom-${{ hashFiles('**/Cargo.lock') }} - restore-keys: | - ${{ runner.os }}-cargo-sbom- - ${{ runner.os }}-cargo- - - name: Install cargo-sbom run: cargo install cargo-sbom --locked