Merge branch 'initial' into 'main' (35f53273) · Commits · to be continuous... / Rust

.gitlab/merge_request_templates/new_feature.md

+2 −2

Original line number	Diff line number	Diff line
		@@ -8,8 +8,8 @@ Closes #999
		## Checklist

		* General:
		* [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
		* [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
		* [ ] use [rules](https://docs.gitlab.com/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ci/yaml/#onlyexcept-advanced)
		* [ ] optimized [cache](https://docs.gitlab.com/ci/caching/) configuration (wherever applicable)
		* Publicly usable:
		* [ ] untagged runners
		* [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`

CONTRIBUTING.md

+1 −1

Original line number	Diff line number	Diff line
		@@ -61,7 +61,7 @@ To contribute:

		1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
		2. Make sure the issue has been reviewed and agreed.
		3. Create a Merge Request, from your own fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
		3. Create a Merge Request, from your own fork (see [forking workflow](https://docs.gitlab.com/user/project/repository/forking_workflow/) documentation).
		Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.

		### Git Commit Conventions

README.md

+83 −55

Original line number	Diff line number	Diff line
		# GitLab CI template for Rust

		This project implements a GitLab CI/CD template to build, test, and analyse your [Rust](https://www.rust-lang.org/) projects.
		This project implements a GitLab CI/CD template to build, test, and analyse your [Rust](https://www.rust-lang.org/) projects
		with [Cargo](https://doc.rust-lang.org/cargo/).

		## Usage

		This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component)
		or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
		This template can be used both as a [CI/CD component](https://docs.gitlab.com/ci/components/#use-a-component)
		or using the legacy [`include:project`](https://docs.gitlab.com/ci/yaml/#includeproject) syntax.

		### Use as a CI/CD component

		@@ -18,7 +19,7 @@ include:
		# 2: set/override component inputs
		inputs:
		# ⚠ this is only an example
		build-args: "build --with-my-args"
		build-args: "--all-targets --all-features"
		```

		### Use as a CI/CD template (legacy)
		@@ -35,7 +36,7 @@ include:
		variables:
		# 2: set/override template variables
		# ⚠ this is only an example
		RUST_BUILD_ARGS: "build --with-my-args"
		RUST_BUILD_ARGS: "--all-targets --all-features"
		```

		## Global configuration
		@@ -43,94 +44,121 @@ variables:
		The Rust template uses some global configuration used throughout all jobs.

		\| Input / Variable \| Description \| Default value \|
		\| ---------------------- \| ------------------------------------ \| ----------------------- \|
		\| `image` / `RUST_IMAGE` \| The Docker image used to run `cargo` \| `docker.io/rust:latest` \|
		\|------------------------------------\|----------------------------------------------------------------------------------------\|-----------------------------------------------\|
		\| `image` / `RUST_IMAGE` \| The Docker image used to run `cargo` \| `docker.io/library/rust:latest` <br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-RUST_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-RUST_IMAGE) \|
		\| `rustflags` / `RUST_RUSTFLAGS` \| Compiler flags to pass to all [`rustc`](https://doc.rust-lang.org/rustc/) invocations. \| _none_ \|
		\| `project-dir` / `RUST_PROJECT_DIR` \| Cargo project root directory \| `.` \|

		> :information_source: Important:
		>
		> * :construction: :construction: :construction:
		> The default value for `RUST_RUSTFLAGS` is currently set to tarpaulin defaults, in order to reduce the need of unnecessary recompilation.
		> :construction: :construction: :construction:

		## Jobs

		### `rust-build` job
		### `rust-build-test` job

		This job performs build and tests at once.
		This job performs build and tests running `cargo build` and `cargo test`.

		It uses the following variable:

		\| Input / Variable \| Description \| Default value \|
		\| -------------------------------- \| ------------------------------- \| --------------------------- \|
		\| `build-args` / `RUST_BUILD_ARGS` \| Arguments used by the build job \| `build --with-default-args` \|
		\|----------------------------------------------\|----------------------------------------------------------------------------------------------\|---------------\|
		\| `build-args` / `RUST_BUILD_ARGS` \| Arguments used by [`cargo build`](https://doc.rust-lang.org/cargo/commands/cargo-build.html) \| _none_ \|
		\| `build-rustflags` / `RUST_BUILD_RUSTFLAGS` \| Compiler flags for rust-build [`rustc`](https://doc.rust-lang.org/rustc/) \| _none_ \|
		\| `test-args` / `RUST_TEST_ARGS` \| Arguments used by [`cargo test`](https://doc.rust-lang.org/cargo/commands/cargo-test.html) \| _none_ \|
		\| `test-binary-args` / `RUST_TEST_BINARY_ARGS` \| Arguments used by the test binary (see `cargo test -- -h`) \| _none_ \|
		\| `test-rustflags` / `RUST_TEST_RUSTFLAGS` \| Compiler flags for rust-test [`rustc`](https://doc.rust-lang.org/rustc/) \| _none_ \|

		> [!information]
		> The Rust template doesn't support yet the integration of either a [unit test report](https://docs.gitlab.com/ci/testing/unit_test_reports/) or
		> [code coverage report](https://docs.gitlab.com/ci/testing/code_coverage/).

		### SonarQube analysis

		If you're using the SonarQube template to analyse your RUST code, here are 2 sample `sonar-project.properties` files.
		If you're using the SonarQube template to analyse your Python code, here is a sample `sonar-project.properties` file:

		```properties
		# see: https://docs.sonarqube.org/latest/analysis/languages/rust/
		# set your source directories here (relative to the sonar-project.properties file)
		sonar.sources=.
		# exclude unwanted directories and files from being analysed
		sonar.exclusions=output/,/*_test.rust

		# set your tests directories here (relative to the sonar-project.properties file)
		sonar.tests=.
		sonar.test.inclusions=*/_test.rust

		# tests report (TODO)
		sonar.rust.testExecutionReportPaths=reports/sonar_test_report.xml
		# coverage report (TODO)
		sonar.rust.coverage.reportPaths=reports/coverage.cov
		# see: https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/languages/rust/
		# disable Clippy analysis and supply JSON report
		sonar.rust.clippy.enable=false
		sonar.rust.clippy.reportPaths=reports/rust-clippy.native.json
		```

		More info:

		- [Rust language support](https://docs.sonarqube.org/latest/analysis/languages/rust/)
		- [test coverage & execution parameters](https://docs.sonarqube.org/latest/analysis/coverage/)
		- [third-party issues](https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/)
		- [Rust language support](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/languages/rust/)

		### `rust-lint` job
		### `rust-clippy` job

		This job performs a [lint](link-to-the-tool) analysis of your code, mapped to the `build` stage.
		This job runs [Clippy](https://doc.rust-lang.org/clippy/) to analyze your code. It is mapped to the `build` stage.

		It uses the following variables:

		\| Input / Variable \| Description \| Default value \|
		\| -------------------------------------- \| ----------------------------------------------------- \| ------------------- \|
		\| `lint-image` / `RUST_LINT_IMAGE` \| The Docker image used to run the lint tool \| `rust-lint:latest` \|
		\| `lint-disabled` / `RUST_LINT_DISABLED` \| Set to `true` to disable the `lint` analysis \| _none_ (enabled) \|
		\| `lint-args` / `RUST_LINT_ARGS` \| Lint [options and arguments](link-to-the-cli-options) \| `--serevity=medium` \|
		\|--------------------------------------------\|-----------------------------------------------------------------------------------------------------------------------------------------------------------\|-----------------------------------------------\|
		\| `clippy-disabled` / `RUST_CLIPPY_DISABLED` \| Set to `true` to disable the Clippy analysis \| _none_ (enabled) \|
		\| `clippy-args` / `RUST_CLIPPY_ARGS` \| Clippy [options and arguments](https://doc.rust-lang.org/clippy/usage.html#command-line).<br/>:warning: Be sure to prefix with `--` for clippy arguments. \| `--all-targets --all-features -- --deny warnings` \|

		In addition to logs in the console, this job produces the following report:

		\| Report \| Format \| Usage \|
		\|------------------------------\|-----------------------------------------------------------------------------------------------------------------------\|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\|
		\| `$RUST_PROJECT_DIR/reports/rust-clippy.native.json` \| [JSON](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/languages/rust/#clippy-integration) \| [SonarQube integration](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/importing-external-issues/external-analyzer-reports/)<br/>_This report is generated only if SonarQube template is detected_ \|

		### `rust-depcheck` job
		### `rust-audit` job

		This job enables a manual [dependency check](link-to-the-tool) analysis of your code, mapped to the `test` stage.
		This job runs [`cargo audit`](https://rustsec.org/) to scan for vulnerabilites in the dependencies. It is mapped to the `test` stage.

		It uses the following variables:

		\| Input / Variable \| Description \| Default value \|
		\| ---------------------------------------- \| ----------------------------------------------------------------- \| ---------------------- \|
		\| `depcheck-image` / `RUST_DEPCHECK_IMAGE` \| The Docker image used to run the dependency check tool \| `rust-depcheck:latest` \|
		\| `depcheck-args` / `RUST_DEPCHECK_ARGS` \| Dependency check [options and arguments](link-to-the-cli-options) \| _none_ \|
		\|------------------------------------------\|------------------------------------------------------------------------------------------------\|------------------\|
		\| `audit-disabled` / `RUST_AUDIT_DISABLED` \| Set to `true` to disable the Audit (dependency vulnerability scanner) \| _none_ (enabled) \|
		\| `audit-args` / `RUST_AUDIT_ARGS` \| Arguments for [`cargo audit`](https://docs.rs/crate/cargo-audit/latest) (see `cargo audit -h`) \| _none_ \|

		### `rust-publish` job

		This job is disabled by default and performs a publish of your built binaries.
		This job is disabled by default and performs a [`cargo publish`](https://doc.rust-lang.org/cargo/commands/cargo-publish.html) of your cargo project.

		It uses the following variables:

		\| Input / Variable \| Description \| Default value \|
		\| ------------------------------------------ \| ---------------------------------- \| ----------------------------- \|
		\| `publish-enabled` / `RUST_PUBLISH_ENABLED` \| Variable to enable the publish job \| _none_ (disabled) \|
		\| `publish-args` / `RUST_PUBLISH_ARGS` \| Arguments used by the publish job \| `publish --with-default-args` \|
		\| :lock: `RUST_PUBLISH_LOGIN` \| Login to use to publish \| must be defined \|
		\| :lock: `RUST_PUBLISH_PASSWORD` \| Password to use to publish \| must be defined \|
		\|-------------------------------------------------\|----------------------------------------------------------------------------------------------------------------------------------\|----------------------------------------------------------------\|
		\| `publish-enabled` / `RUST_PUBLISH_ENABLED` \| Set to `true` to enable publish \| _none_ (disabled) \|
		\| `publish-args` / `RUST_PUBLISH_ARGS` \| Arguments used by [`cargo publish`](https://doc.rust-lang.org/cargo/commands/cargo-publish.html) \| _none_ \|
		\| :lock: `RUST_PUBLISH_TOKEN` \| [crates.io](https://crates.io/) API Token used by [`cargo publish`](https://doc.rust-lang.org/cargo/commands/cargo-publish.html) \| must be defined when using [crates.io](https://crates.io/) \|
		\| :lock: `CARGO_REGISTRIES_<registry_name>_TOKEN` \| _registry_name_ API Token used by [`cargo publish`](https://doc.rust-lang.org/cargo/commands/cargo-publish.html) \| must be defined when using an alternate registry \|

		:information_source: Currently, [GitLab does not support cargo registries](https://docs.gitlab.com/user/packages/package_registry/supported_package_managers/).

		#### Using an alternate registry

		An alternate registry (other than [crates.io](https://crates.io)) can be configured in the in a
		[`.cargo/config.toml`](https://doc.rust-lang.org/cargo/reference/config.html). More information is available [here](https://doc.rust-lang.org/cargo/reference/registries.html#using-an-alternate-registry)

		> Example configuration:
		>
		> ```toml
		> # .cargo/config.toml
		>
		> [registries]
		> my-registry = { index = "https://my-intranet:8080/git/index" }
		> ```
		>
		> Specify the registry token with :lock: `CARGO_REGISTRIES_MY_REGISTRY_TOKEN`.

		### Secrets management

		Here are some advices about your secrets (variables marked with a :lock:):

		1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ee/ci/variables/#define-a-cicd-variable-in-the-ui):
		- [masked](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
		1. Manage them as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#define-a-cicd-variable-in-the-ui):
		- [masked](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently
		displayed in your job logs,
		- [protected](https://docs.gitlab.com/ee/ci/variables/#protect-a-cicd-variable) if you want to secure some secrets
		- [protected](https://docs.gitlab.com/ci/variables/#protect-a-cicd-variable) if you want to secure some secrets
		you don't want everyone in the project to have access to (for instance production secrets).
		2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ee/ci/variables/#mask-a-cicd-variable),
		2. In case a secret contains [characters that prevent it from being masked](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable),
		simply define its value as the [Base64](https://en.wikipedia.org/wiki/Base64) encoded value prefixed with `@b64@`:
		it will then be possible to mask it and the template will automatically decode it prior to using it.
		3. Don't forget to escape special characters (e.g.: `$` -> `$$`).

kicker.json

+45 −36

Original line number	Diff line number	Diff line

		{
		"name": "Rust",
		"description": "Build, test and verify your [Rust](https://www.rust-lang.org/) projects",
		@@ -11,48 +10,64 @@
		{
		"name": "RUST_IMAGE",
		"description": "The Docker image used to run `cargo`",
		"default": "docker.io/rust:1.2.3"
		"default": "docker.io/library/rust:latest"
		},
		{
		"name": "RUST_BUILD_ARGS",
		"description": "Arguments used by the build job",
		"default": "build --with-default-args",
		"description": "Arguments used by [`cargo build`](https://doc.rust-lang.org/cargo/commands/cargo-build.html)",
		"advanced": true
		},
		{
		"name": "RUST_BUILD_RUSTFLAGS",
		"description": "Compiler flags for rust-build [`rustc`](https://doc.rust-lang.org/rustc/)",
		"advanced": true
		},
		{
		"name": "RUST_TEST_ARGS",
		"description": "Arguments used by [`cargo test`](https://doc.rust-lang.org/cargo/commands/cargo-test.html)",
		"advanced": true
		},
		{
		"name": "RUST_TEST_BINARY_ARGS",
		"description": "Arguments used by the test binary (see `cargo test -- -h`)",
		"advanced": true
		},
		{
		"name": "RUST_TEST_RUSTFLAGS",
		"description": "Compiler flags for rust-test [`rustc`](https://doc.rust-lang.org/rustc/)",
		"advanced": true
		},
		{
		"name": "RUST_PROJECT_DIR",
		"description": "Cargo project root directory",
		"default": ".",
		"advanced": true
		}
		],
		"features": [
		{
		"id": "lint",
		"name": "RUST lint",
		"description": "[RUST lint](link-to-the-tool) analysis",
		"disable_with": "RUST_LINT_DISABLED",
		"name": "Clippy (linter)",
		"description": "Runs [Clippy](https://doc.rust-lang.org/clippy/) to analyse your code",
		"disable_with": "RUST_CLIPPY_DISABLED",
		"variables": [
		{
		"name": "RUST_LINT_IMAGE",
		"description": "The Docker image used to run the lint tool",
		"default": "docker.io/rust-lint:latest"
		},
		{
		"name": "RUST_LINT_ARGS",
		"description": "Lint [options and arguments](link-to-the-cli-options)",
		"default": "--serevity=medium",
		"name": "RUST_CLIPPY_ARGS",
		"description": "Clippy [options and arguments](https://doc.rust-lang.org/clippy/usage.html#command-line)",
		"default": "--all-targets --all-features -- --deny warnings",
		"advanced": true
		}
		]
		},
		{
		"id": "depcheck",
		"name": "RUST dependency check",
		"description": "[RUST dependency check](link-to-the-tool) analysis",
		"id": "audit",
		"name": "Audit (dependency scanner)",
		"description": "Scans dependencies for security vulnerabilities with [`cargo audit`](https://rustsec.org/)",
		"disable_with": "RUST_AUDIT_DISABLED",
		"variables": [
		{
		"name": "RUST_DEPCHECK_IMAGE",
		"description": "The Docker image used to run the dependency check tool",
		"default": "docker.io/rust-depcheck:latest"
		},
		{
		"name": "RUST_DEPCHECK_ARGS",
		"description": "Dependency check [options and arguments](link-to-the-cli-options)",
		"name": "RUST_AUDIT_ARGS",
		"description": "Arguments for [`cargo audit`](https://docs.rs/crate/cargo-audit/latest) (see `cargo audit -h`)",
		"advanced": true
		}
		]
		@@ -60,23 +75,17 @@
		{
		"id": "publish",
		"name": "Publish",
		"description": "Publish your package to a repository",
		"description": "[Publishes](https://doc.rust-lang.org/cargo/commands/cargo-publish.html) your packaged code to a registry",
		"enable_with": "RUST_PUBLISH_ENABLED",
		"variables": [
		{
		"name": "RUST_PUBLISH_ARGS",
		"description": "Arguments used by the publish job",
		"default": "publish --with-default-args",
		"description": "Arguments used by [`cargo publish`](https://doc.rust-lang.org/cargo/commands/cargo-publish.html)",
		"advanced": true
		},
		{
		"name": "RUST_PUBLISH_LOGIN",
		"description": "Login to use to publish",
		"secret": true
		},
		{
		"name": "RUST_PUBLISH_PASSWORD",
		"description": "Password to use to publish",
		"name": "RUST_PUBLISH_TOKEN",
		"description": "API Token used by [`cargo publish`](https://doc.rust-lang.org/cargo/commands/cargo-publish.html)",
		"secret": true
		}
		]

templates/gitlab-ci-rust.yml

+107 −102

File changed.

Preview size limit exceeded, changes collapsed.