schmalz/shared-actions
16
0
Fork 0
Code Issues Pull requests 1 Releases Packages Activity Actions

feat: add rust-build action with documentation #39

Merged
Michael.Seele merged 1 commit from feature/rust-build into main 2026-06-02 05:21:34 +00:00
Conversation 1 Commits 1 Files changed 4 +156
4 changed files with 156 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.forgejo/workflows/tag-release.yml
View file

@ -25,6 +25,7 @@ on:
- maven-build - maven-build
- pnpm-build - pnpm-build
- publish-static-contents - publish-static-contents
- rust-build
- terraform-apply - terraform-apply
- terraform-validate - terraform-validate
- upload-artifact - upload-artifact

1
README.md
View file

@ -18,6 +18,7 @@ Shared actions for Forgejo CI/CD pipelines.
| [maven-build](maven-build) | Action for building and validating Maven projects | | [maven-build](maven-build) | Action for building and validating Maven projects |
| [pnpm-build](pnpm-build) | Action for building and validating with PNPM | | [pnpm-build](pnpm-build) | Action for building and validating with PNPM |
| [publish-static-contents](publish-static-contents) | Syncs frontend assets to S3 and invalidates a CloudFront distribution | | [publish-static-contents](publish-static-contents) | Syncs frontend assets to S3 and invalidates a CloudFront distribution |
| [rust-build](rust-build) | Set up Rust toolchain, run checks, and build via the project's build.sh |
| [terraform-apply](terraform-apply) | Apply Terraform configuration files using the official Terraform CLI | | [terraform-apply](terraform-apply) | Apply Terraform configuration files using the official Terraform CLI |
| [terraform-validate](terraform-validate) | Validate Terraform configuration files using the official Terraform CLI | | [terraform-validate](terraform-validate) | Validate Terraform configuration files using the official Terraform CLI |
| [upload-artifact](upload-artifact) | Upload files as a Forgejo Actions artifact | | [upload-artifact](upload-artifact) | Upload files as a Forgejo Actions artifact |

42
rust-build/README.md Normal file
View file

@ -0,0 +1,42 @@
# rust-build
Set up Rust toolchain, configure Cargo registry, cache dependencies, run optional checks, and build via the project's `build.sh` script.
## Inputs
| Input | Required | Default | Description |
|-------|----------|---------|-------------|
| `working-directory` | No | `.` | Directory containing `Cargo.toml` and `build.sh` |
| `rust-version` | No | `1.95.0` | Rust toolchain version |
| `cross-target` | No | `x86_64-unknown-linux-musl` | Cross-compilation target triple |
| `build-mode` | No | `release` | Build mode — `release` or `debug` |
| `run-checks` | No | `""` | Comma-separated checks to run before building — `fmt`, `clippy`, `test` |
| `jfrog-token` | No | `""` | JFrog token for the Artifactory Cargo registry |
## Usage
### PR check (checks + debug build)
```yaml
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/rust-build@rust-build-v1
with:
working-directory: backend-rs
build-mode: debug
run-checks: fmt,clippy,test
jfrog-token: ${{ secrets.JFROG_TOKEN }}
```
### Release build
```yaml
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/rust-build@rust-build-v1
with:
working-directory: backend-rs
jfrog-token: ${{ secrets.JFROG_TOKEN }}
```
## Notes
- Requires a `build.sh` in `working-directory` that accepts `--target <triple>` and optionally `--release`. The script is responsible for running `cargo build` and copying binaries to `target/deploy/`.
- Configures the Artifactory Cargo registry only if `jfrog-token` is provided.
- Third-party actions used internally are pinned to exact commit SHAs to prevent supply chain attacks.

112
rust-build/action.yml Normal file
View file

@ -0,0 +1,112 @@
name: rust-build
description: >
Set up Rust toolchain, configure Cargo registry, cache dependencies,
run optional checks, and build via the project's build.sh script.
inputs:
working-directory:
description: Directory containing Cargo.toml and build.sh
required: false
default: "."
rust-version:
description: Rust toolchain version (passed to dtolnay/rust-toolchain)
required: false
default: "1.95.0"
cross-target:
description: Cross-compilation target triple
required: false
default: x86_64-unknown-linux-musl
build-mode:
description: Build mode — 'release' or 'debug'
required: false
default: release
run-checks:
description: Comma-separated checks to run before building — 'fmt', 'clippy', 'test'
required: false
default: ""
jfrog-token:
description: JFrog token for the Artifactory Cargo registry
required: false
default: ""
runs:
using: composite
steps:
- name: Install musl tools
shell: bash
run: |
if ! command -v musl-gcc &>/dev/null; then
sudo apt-get update -qq && sudo apt-get install -y -qq musl-tools
fi
# Pinned to commit SHA instead of a tag to prevent supply chain attacks.
# dtolnay/rust-toolchain v1 (2026-03-27) — https://github.com/dtolnay/rust-toolchain/commit/3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
- name: Setup Rust toolchain
id: rust-toolchain
uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
with:
toolchain: ${{ inputs.rust-version }}
targets: ${{ inputs.cross-target }}
components: rustfmt,clippy
- name: Configure Cargo registry (JFrog Artifactory)
if: ${{ inputs.jfrog-token != '' }}
shell: bash
env:
JFROG_TOKEN: ${{ inputs.jfrog-token }}
run: |
mkdir -p "${CARGO_HOME}"
cat >> "${CARGO_HOME}/config.toml" <<'EOF'
[registries.artifactory]
index = "sparse+https://schmalz.jfrog.io/artifactory/api/cargo/schmalz-cargo-local/index/"
[registry]
global-credential-providers = ["cargo:token"]
EOF
cat >> "${CARGO_HOME}/credentials.toml" <<EOF
[registries.artifactory]
token = "Bearer ${JFROG_TOKEN}"
EOF
- name: Cache cargo registry
uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-${{ steps.rust-toolchain.outputs.cachekey }}-${{ inputs.cross-target }}-${{ hashFiles(format('{0}/Cargo.lock', inputs.working-directory)) }}
restore-keys: |
${{ runner.os }}-cargo-${{ steps.rust-toolchain.outputs.cachekey }}-${{ inputs.cross-target }}-
${{ runner.os }}-cargo-${{ steps.rust-toolchain.outputs.cachekey }}-
- name: Run checks
if: ${{ inputs.run-checks != '' }}
shell: bash
env:
WORKING_DIR: ${{ inputs.working-directory }}
CROSS_TARGET: ${{ inputs.cross-target }}
RUN_CHECKS: ${{ inputs.run-checks }}
run: |
IFS=',' read -ra CHECKS <<< "${RUN_CHECKS}"
for check in "${CHECKS[@]}"; do
case "${check}" in
fmt) cargo fmt --manifest-path="${WORKING_DIR}/Cargo.toml" --check ;;
clippy) cargo clippy --manifest-path="${WORKING_DIR}/Cargo.toml" --target="${CROSS_TARGET}" -- -D warnings ;;
test) cargo test --manifest-path="${WORKING_DIR}/Cargo.toml" ;;
*) echo "Unknown check: ${check}"; exit 1 ;;
esac
done
- name: Build
shell: bash
working-directory: ${{ inputs.working-directory }}
env:
CROSS_TARGET: ${{ inputs.cross-target }}
BUILD_MODE: ${{ inputs.build-mode }}
run: |
BUILD_ARGS="--target ${CROSS_TARGET}"
if [ "${BUILD_MODE}" = "release" ]; then
BUILD_ARGS="${BUILD_ARGS} --release"
fi
./build.sh ${BUILD_ARGS}