Skip to content

feat(rust-build)!: enhance Rust workflow with linting and formatting #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nabil-Tounarti merged 18 commits into from
Jul 28, 2025
Merged

feat(rust-build)!: enhance Rust workflow with linting and formatting #79

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
8ea3461
refactor(rust-build): remove publish, add lint and audit steps
nabil-Tounarti Jul 22, 2025
e791f08
chore(ci): add rustfmt to toolchain components in rust-build workflow
nabil-Tounarti Jul 22, 2025
96a0dda
feat: add support for artifact upload and crates.io publishing in Rus…
nabil-Tounarti Jul 23, 2025
34b757a
refactor: improve structure and naming in Rust build & publish workflow
nabil-Tounarti Jul 23, 2025
9ccc229
chore(ci): rename build-profile to build-target and update cache path…
nabil-Tounarti Jul 23, 2025
1695481
ci: expose CARGO_REGISTRY_TOKEN as global env variable to simplify ca…
nabil-Tounarti Jul 23, 2025
842305a
feat(workflow): add configurable working directory
nabil-Tounarti Jul 24, 2025
e37df50
refactor: centralize working-directory using defaults.run
nabil-Tounarti Jul 24, 2025
32ddee3
refactor: add working-directory to each step in the workflow
nabil-Tounarti Jul 24, 2025
1704cef
refactor: unify Rust build and publish into single job
nabil-Tounarti Jul 25, 2025
85ee789
refactor: simplify rust workflow and update README
nabil-Tounarti Jul 28, 2025
320df78
refactor: remove explicit rust-toolchain install, rely on preinstalle…
nabil-Tounarti Jul 28, 2025
1050416
Revert "refactor: simplify rust workflow and update README"
nabil-Tounarti Jul 28, 2025
1df3fd0
Revert "Revert "refactor: simplify rust workflow and update README""
nabil-Tounarti Jul 28, 2025
4b112e5
Revert "refactor: remove explicit rust-toolchain install, rely on pre…
nabil-Tounarti Jul 28, 2025
af030ce
refactor: make Rust toolchain version configurable via input
nabil-Tounarti Jul 28, 2025
f66e22a
fix: use literal rust-toolchain version to fix invalid syntax
nabil-Tounarti Jul 28, 2025
42fff7a
ci: use dtolnay/rust-toolchain@master to support dynamic Rust version…
nabil-Tounarti Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 38 additions & 24 deletions .github/workflows/rust-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,14 @@ on:
description: 'Rust version to use'
default: 'stable'
type: string
build-target:
build-profile:
Comment thread
jbern0rd marked this conversation as resolved.
Outdated
description: 'Cargo profile to use for building (debug, release)'
default: 'release'
type: string
run-audit:
description: 'Run cargo-audit for security vulnerabilities'
default: true
type: boolean
enable-cache:
description: 'Enable caching of dependencies'
default: true
Expand All @@ -35,41 +39,55 @@ on:
CRATES_IO_TOKEN:
required: false

env:
CARGO_TERM_COLOR: always

jobs:
build:
runs-on: ubuntu-latest
outputs:
build_success: ${{ steps.set-output.outputs.build_success }}
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
uses: dtolnay/rust-toolchain@stable
Comment thread
jbern0rd marked this conversation as resolved.
Outdated
with:
profile: minimal
toolchain: ${{ inputs.rust-version }}
override: true
components: clippy, rustfmt

- name: Cache dependencies
if: ${{ inputs.enable-cache }}
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
Comment thread
jbern0rd marked this conversation as resolved.
Outdated
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
key: ${{ runner.os }}-cargo-${{ inputs.build-profile }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ inputs.build-profile }}-

- name: Check formatting
run: cargo fmt --all -- --check

- name: Run linter (Clippy)
run: cargo clippy --all-targets -- -D warnings

- name: Install cargo-audit
if: ${{ inputs.run-audit }}
run: cargo install cargo-audit

- name: Run security audit
if: ${{ inputs.run-audit }}
run: cargo audit

- name: Build
run: cargo build --profile ${{ inputs.build-target }}
run: cargo build --profile ${{ inputs.build-profile }}

- name: Run tests
run: cargo test --profile ${{ inputs.build-target }}

- name: Set build success output
id: set-output
run: echo "build_success=true" >> $GITHUB_OUTPUT
run: cargo test --profile ${{ inputs.build-profile }}

- name: Upload artifact
if: ${{ inputs.upload-artifact }}
Expand All @@ -80,24 +98,20 @@ jobs:

publish:
needs: build
if: ${{ inputs.publish-crates-io && needs.build.outputs.build_success == 'true' }}
if: ${{ inputs.publish-crates-io && needs.build.result == 'success' }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
uses: dtolnay/rust-toolchain@stable
with:
profile: minimal
toolchain: ${{ inputs.rust-version }}
override: true

- name: Login to crates.io
run: cargo login ${{ secrets.CRATES_IO_TOKEN }}
components: cargo

- name: Package for crates.io
run: cargo package
- name: Validate package
run: cargo package --allow-dirty
Comment thread
jbern0rd marked this conversation as resolved.
Outdated

- name: Publish to crates.io
run: cargo publish
run: cargo publish --token ${{ secrets.CRATES_IO_TOKEN }}
69 changes: 48 additions & 21 deletions rust-build/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
# Rust Build Workflow

A reusable GitHub Actions workflow for building, testing, and publishing Rust packages.
A reusable GitHub Actions workflow for building, linting, testing, and auditing Rust packages, with optional artifact upload and crates.io publishing.

## Features

- Build and test Rust packages
- Lint code using `clippy`
- Check formatting with `cargo fmt`
- Run security audits with `cargo audit`
- Cache dependencies for faster builds
- Publish packages to crates.io
- Upload build artifacts
- Publish to crates.io

## Usage

Expand All @@ -21,30 +24,34 @@ jobs:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
with:
rust-version: 'stable'
build-target: 'release'
build-profile: 'release'
run-audit: true
enable-cache: true
upload-artifact: true
artifact-name: 'my-rust-app'
artifact-path: 'target/release/my-app'
artifact-name: my-crate
artifact-path: target/release/my-crate
secrets:
CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
```

## Inputs

| Name | Description | Default | Required |
|---------------------|----------------------------------------------------|-----------|-------------------------------------|
| `rust-version` | Rust version to use | `stable` | No |
| `build-target` | Cargo profile to use for building (debug, release) | `release` | No |
| `enable-cache` | Enable caching of dependencies | `true` | No |
| `publish-crates-io` | Publish package to crates.io | `false` | No |
| `upload-artifact` | Upload build artifact | `false` | No |
| `artifact-name` | Name of the artifact to upload | - | Only if `upload-artifact` is `true` |
| `artifact-path` | Path to the artifact to upload | - | Only if `upload-artifact` is `true` |
| Name | Description | Default | Required |
| ------------------- | ------------------------------------------------------------ | --------- | -------- |
| `rust-version` | Rust version to use | `stable` | No |
| `build-profile` | Cargo profile to use for building (`debug`, `release`, etc.) | `release` | No |
| `run-audit` | Run `cargo audit` for security vulnerabilities | `true` | No |
| `enable-cache` | Enable caching of dependencies | `true` | No |
| `upload-artifact` | Upload a build artifact after building | `false` | No |
| `artifact-name` | Name of the artifact to upload | – | No |
| `artifact-path` | Path to the artifact to upload | – | No |
| `publish-crates-io` | Publish the package to crates.io (only if build succeeds) | `false` | No |

## Secrets

| Name | Description | Required |
|-------------------|-----------------------------------|---------------------------------------|
| `CRATES_IO_TOKEN` | Token for publishing to crates.io | Only if `publish-crates-io` is `true` |
| Name | Description | Required |
| ----------------- | --------------------------------------- | ------------------------------------- |
| `CRATES_IO_TOKEN` | crates.io API token for `cargo publish` | Only if `publish-crates-io` is `true` |

## Examples

Expand All @@ -56,19 +63,39 @@ jobs:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
```

### Build, Test, and Upload Artifact
### Disable Security Audit

```yaml
jobs:
build-and-test:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
with:
run-audit: false
```

### Use Debug Profile

```yaml
jobs:
build-and-test:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
with:
build-profile: 'debug'
```

### Upload Artifact After Build

```yaml
jobs:
build-and-upload:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@main
with:
upload-artifact: true
artifact-name: 'my-rust-app'
artifact-path: 'target/release/my-app'
artifact-name: my-crate
artifact-path: target/release/my-crate
```

### Build, Test, and Publish to crates.io
### Publish to crates.io (requires CRATES_IO_TOKEN)

```yaml
jobs:
Expand Down