.github/workflows/ci.yaml

---
name: ci

"on":
  push:
    branches:
      - 'main'
  pull_request:

env:
  CARGO_INCREMENTAL: 0
  RUSTFLAGS: "-Dwarnings"
  CARGO_UNSTABLE_SPARSE_REGISTRY: true

jobs:
  # TODO: Fix automatically
  lint:
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt
      - uses: r7kamura/rust-problem-matchers@v1
      - run: cargo fmt --all -- --check
      - uses: xt0rted/markdownlint-problem-matcher@v2
      - uses: DavidAnson/markdownlint-cli2-action@v10
        with:
          globs: "**/*.md"
      # FIXME: Add yamllint problem matcher
      - run: yamllint -s .

  crev:
    runs-on: ubuntu-22.04
    needs:
      - lint
    # TODO: once we have enough reviews, make this a required check
    continue-on-error: true
    permissions:
      pull-requests: write
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable
      - uses: actions/cache@v3
        continue-on-error: false
        with:
          path: |
            Cargo.lock
            ~/.cargo/bin/
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
          restore-keys: ${{ runner.os }}-cargo-
      - name: Install Crev
        run: |
          cargo install cargo-crev || true
          cargo crev trust \
            --level high \
            --no-commit https://github.com/mobilecoinfoundation/crev-proofs
      - name: Run Cargo Crev
        id: cargo-crev
        run: |
          set +e
          export MARKER=$RANDOM
          echo "UNREVIEWED_DEPENDENCIES<<EOF${MARKER}" >> $GITHUB_OUTPUT
          # GH does not like colors in crev output
          export TERM=xterm-mono
          # - Get a TSV-formatted table of dependencies without reviews
          # - Skip any "local" dependencies
          # - Convert the table to GHF markdown
          # - Sort descending by the "LoC" value (first column preceeds first
          #   pipe)

          cargo generate-lockfile --offline
          cargo crev crate verify \
              --for-id vMr-9g5KzKQLsCpkp1tc8o7AR6a0OptjOICjf7NMyHE \
              --show-all \
              --skip-indirect \
              --skip-verified \
              --skip-known-owners \
              --trust medium \
              --thoroughness medium \
              --understanding medium \
              --redundancy 2 | \
            grep -v '^local ' | \
            awk '{
              printf("| %s | %s | %s | %s | %s | %s | %s |\n",
                     $14, $15, $2, $10, $11, $12, $13)
            }' | \
            sort -t\| -n -k5 | \
            tee /dev/stderr >> $GITHUB_OUTPUT
          STATUS=$?
          echo "EOF${MARKER}" >> $GITHUB_OUTPUT

          set -e

          # TODO: When we're ready to make this required
          # exit $STATUS
          exit 0
        shell: bash
      - uses: mshick/add-pr-comment@v2
        with:
          # yamllint disable rule:line-length
          message: |
            #### :x: Unreviewed dependencies found

            | Crate | Version | Reviews (N/2) | LoC | Left-Pad Index | Geiger | Flags |
            | ----- | ------- | ------------- | --- | -------------- | ------ | ----- |
            ${{ steps.cargo-crev.outputs.UNREVIEWED_DEPENDENCIES }}
          # yamllint enable rule:line-length

  deny:
    runs-on: ubuntu-22.04
    needs:
      - lint
    strategy:
      matrix:
        checks:
          - advisories
          - bans licenses sources
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable
      - uses: EmbarkStudios/cargo-deny-action@v1
        with:
          command: check ${{ matrix.checks }}

  sort:
    runs-on: ubuntu-22.04
    needs:
      - lint
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable
      - run: cargo install cargo-sort
      - run: cargo sort --workspace --check >/dev/null
      # TODO: Fix automatically

  clippy:
    runs-on: ubuntu-22.04
    needs:
      - lint
    strategy:
      matrix:
        rust:
          - stable
          - beta
      fail-fast: false
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
          components: clippy
      - uses: r7kamura/rust-problem-matchers@v1
      - run: |
          cargo +${{ matrix.rust }} clippy --all --all-features -- -D warnings
      # TODO: Fix automatically, or post GH-suggestions comments

  build:
    runs-on: ubuntu-22.04
    needs:
      - lint
    strategy:
      matrix:
        rust:
          - stable
          - beta
          - nightly-2023-01-04
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
      - uses: r7kamura/rust-problem-matchers@v1
      - run: cargo +${{ matrix.rust }} build --release

  test:
    runs-on: ubuntu-22.04
    needs:
      - lint
    strategy:
      matrix:
        rust:
          - stable
          - beta
          - nightly-2023-01-04
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
      - uses: r7kamura/rust-problem-matchers@v1
      - run: cargo +${{ matrix.rust }} test --release --all-features

  doc:
    runs-on: ubuntu-22.04
    needs:
      - lint
    strategy:
      matrix:
        rust:
          - stable
          - beta
    # Prevent beta docs warnings from causing CI failure
    continue-on-error: ${{ matrix.rust == 'beta' }}
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
      - uses: r7kamura/rust-problem-matchers@v1
      - run: cargo +${{ matrix.rust }} doc --release --no-deps

  coverage:
    runs-on: ubuntu-22.04
    needs:
      - lint
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: llvm-tools-preview
      - uses: taiki-e/install-action@cargo-llvm-cov
      - run: cargo llvm-cov --workspace --lcov --output-path lcov.info
      - uses: codecov/codecov-action@v3
        with:
          files: lcov.info

  notify:
    runs-on: ubuntu-latest
    if: github.event_name == 'push' && failure()
    needs:
      - lint
      - deny
      - sort
      - clippy
      - build
      - test
      - doc
      - coverage
    steps:
      - name: Notify Discord on failure
        uses: sarisia/actions-status-discord@v1
        with:
          webhook: ${{ secrets.DISCORD_WEBHOOK }}
          username: "Github Actions"
          status: Failure
          color: 0xff0000
          nodetail: true
          # yamllint disable rule:line-length
          title: "${{ github.repository }} ${{ github.workflow }} has failed on ${{ github.event_name }} to ${{ github.ref_name }}"
          url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
          description: >
            [`@${{ github.actor }}`](${{ github.server_url }}/${{ github.actor }})
            was the last one to touch
            [that repository](${{ github.server_url }}/${{ github.repository }}),
            is all I'm saying.
          avatar_url: "https://media0.giphy.com/media/oe33xf3B50fsc/200.gif"
          # yamllint enable rule:line-length