dockerfile-deployment-service-package-updates #35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main] | |
| release: | |
| types: [published] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| test: | |
| name: Test Suite | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| rust: [stable, beta] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| components: rustfmt, clippy | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Cache cargo index | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/git | |
| key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Cache cargo build | |
| uses: actions/cache@v4 | |
| with: | |
| path: target | |
| key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Run tests | |
| run: cargo test --all-features --workspace | |
| - name: Run doc tests | |
| run: cargo test --doc --all-features --workspace | |
| fmt: | |
| name: Rustfmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --all -- --check | |
| clippy: | |
| name: Clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - run: cargo clippy --all-targets --all-features -- -D warnings | |
| coverage: | |
| name: Code Coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install tarpaulin | |
| run: cargo install cargo-tarpaulin | |
| - name: Generate coverage | |
| run: cargo tarpaulin --out Xml --output-dir coverage | |
| - name: Upload to codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: ./coverage/cobertura.xml | |
| wasm: | |
| name: WASM Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: wasm32-unknown-unknown | |
| - name: Install wasm-pack | |
| run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
| - name: Build WASM | |
| run: | | |
| cd crates/llm-shield-wasm | |
| wasm-pack build --target web --out-dir pkg | |
| - name: Check WASM size | |
| run: | | |
| ls -lh crates/llm-shield-wasm/pkg/*.wasm | |
| SIZE=$(stat -c%s crates/llm-shield-wasm/pkg/*.wasm) | |
| echo "WASM size: $SIZE bytes" | |
| if [ $SIZE -gt 5242880 ]; then | |
| echo "Warning: WASM bundle exceeds 5MB" | |
| fi | |
| - name: Test WASM | |
| run: | | |
| cd crates/llm-shield-wasm | |
| wasm-pack test --headless --chrome | |
| - name: Upload WASM artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: wasm-package | |
| path: crates/llm-shield-wasm/pkg/ | |
| benchmark: | |
| name: Performance Benchmarks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Run benchmarks | |
| run: cargo bench --workspace | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@v1 | |
| with: | |
| tool: 'cargo' | |
| output-file-path: target/criterion/output.txt | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| auto-push: true | |
| security-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install cargo-audit | |
| run: cargo install cargo-audit | |
| - name: Run security audit | |
| run: cargo audit | |
| publish-crates: | |
| name: Publish to crates.io | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'release' | |
| needs: [test, fmt, clippy, wasm] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Publish llm-shield-core | |
| run: cargo publish -p llm-shield-core --token ${{ secrets.CARGO_TOKEN }} | |
| - name: Wait for crates.io | |
| run: sleep 30 | |
| - name: Publish llm-shield-scanners | |
| run: cargo publish -p llm-shield-scanners --token ${{ secrets.CARGO_TOKEN }} | |
| - name: Wait for crates.io | |
| run: sleep 30 | |
| - name: Publish llm-shield-wasm | |
| run: cargo publish -p llm-shield-wasm --token ${{ secrets.CARGO_TOKEN }} | |
| publish-npm: | |
| name: Publish to NPM | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'release' | |
| needs: [test, wasm] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: wasm32-unknown-unknown | |
| - name: Install wasm-pack | |
| run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
| - name: Build WASM package | |
| run: | | |
| cd crates/llm-shield-wasm | |
| wasm-pack build --target bundler --out-dir pkg | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Publish to NPM | |
| run: | | |
| cd crates/llm-shield-wasm/pkg | |
| npm publish --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |