Skip to content

feat: Added Semver Version and Versionreq support for plugin versions #1339

feat: Added Semver Version and Versionreq support for plugin versions

feat: Added Semver Version and Versionreq support for plugin versions #1339

Workflow file for this run

name: Hipcheck
# Run on both PRs and pushes to the main branch.
# It may seem redundant to run tests on main, since we disallow pushing directly
# to main and all PRs get tested before merging.
#
# But due to how GitHub Actions isolates caches, we need to run the tests on
# main so that caches are available to new PRs. The caches created when testing
# PR code cannot be re-used outside of testing that PR.
#
# See the GitHub Actions documentation here:
# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache
on:
push:
branches: [main]
pull_request:
branches: [main]
merge_group:
types: [checks_requested]
permissions:
contents: read
env:
RUSTFLAGS: -Dwarnings -C debuginfo=0 -C strip=symbols
CARGO_TERM_COLOR: always
jobs:
test:
strategy:
matrix:
# NOTE: MUST be synced manually with runners in 'dist-workspace.toml'
#
# We've purposefully chosen to use two different versions of macOS here
# to achieve ARM and x86 support (macos-14 is ARM, macos-13 is x86),
# since alternative runners with matching versions aren't all on the
# free plan for GitHub Actions.
os: [ubuntu-22.04, windows-2019, macos-14, macos-13]
name: "Test (${{ matrix.os }})"
runs-on: ${{ matrix.os }}
timeout-minutes: 20
permissions:
contents: read
pull-requests: read
steps:
# Get the repo, get Rust, get `cargo-nextest`, setup caching.
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
code:
- "config/**"
- "hipcheck/**"
- "plugins/**"
- "xtask/**"
- "sdk/rust/**"
- "hipcheck-common/**"
- "hipcheck-macros/**"
- "hipcheck-sdk-macros/**"
- uses: dtolnay/rust-toolchain@stable
if: steps.filter.outputs.code == 'true'
- uses: taiki-e/install-action@nextest
if: steps.filter.outputs.code == 'true'
- uses: swatinem/rust-cache@v2
if: steps.filter.outputs.code == 'true'
with:
key: ${{ matrix.os }}
# Install the protobuf compiler
- if: runner.os == 'Linux' && steps.filter.outputs.code == 'true'
run: sudo apt-get install -y protobuf-compiler
- if: runner.os == 'macOS' && steps.filter.outputs.code == 'true'
run: brew install protobuf
- if: runner.os == 'Windows' && steps.filter.outputs.code == 'true'
run: choco install protoc
# Print dependency info (useful for debugging)
- name: Dependency Tree
if: steps.filter.outputs.code == 'true'
run: cargo tree
# Try building every crate in the workspace, without debug symbols to
# hopefully reduce build times
- name: Build
if: steps.filter.outputs.code == 'true'
run: cargo build --verbose --workspace
# Test the code.
- name: Test
if: steps.filter.outputs.code == 'true'
run: cargo nextest r --verbose --workspace
# Run the linter.
- name: Lint
if: steps.filter.outputs.code == 'true'
run: cargo clippy --verbose --workspace
# Run our own checks for licensing and other info.
- name: Check
if: steps.filter.outputs.code == 'true'
run: cargo xtask check
# Run a few variants of Hipcheck
- name: Run with Policy
if: steps.filter.outputs.code == 'true'
env:
HC_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./target/debug/hc --policy ./config/Hipcheck.kdl check https://github.com/mitre/hipcheck
- name: Run with Local Policy
if: steps.filter.outputs.code == 'true'
env:
HC_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./target/debug/hc --policy ./config/local.Hipcheck.kdl check https://github.com/mitre/hipcheck
- name: Run with Config
if: steps.filter.outputs.code == 'true'
env:
HC_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./target/debug/hc --config ./config check https://github.com/mitre/hipcheck