Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optimize GitHub Actions Workflow for Code Quality and Security #822

Open
wants to merge 23 commits into
base: main
Choose a base branch
from

Conversation

niStee
Copy link
Contributor

@niStee niStee commented Jun 12, 2024

Optimize GitHub Actions workflow for code quality and security

— Reuse checkout step from shared-setup job to reduce duplication
— Add caching for Rust toolchain to improve build times
— These changes should improve the overall efficiency and performance of the workflow without compromising the code quality and security checks

Standards checklist

  • The PR title is descriptive.
  • I have read CONTRIBUTING.md
  • Optional: I have tested the code myself

For new steps

  • Optional: Top grade skips this step where needed
  • Optional: The --dry-run option works with this step
  • Optional: The --yes option works with this step if it is supported by
    the underlying command

If you developed a feature or a bug fix for someone else, and you do not have the
means to test it, please tag this person here.

…e checkout step from shared-setup job to reduce duplication - Add caching for Rust toolchain to improve build times - These changes should improve the overall efficiency and performance of the workflow without compromising the code quality and security checks

This pull request optimizes the existing GitHub Actions workflow for code quality and security checks. The key changes include:

1. Reusing the checkout step from the `shared-setup` job in both the `devskim` and `rust-clippy` jobs to reduce duplication.
2. Adding caching for the Rust toolchain in the `rust-clippy` job to speed up the installation process.

These changes should help improve the overall efficiency and performance of the workflow, while maintaining the same level of code quality and security checks.
Copy link
Member

@SteveLauC SteveLauC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, sorry for the late reply! Hope it is not too late.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

…stems

The GitHub Actions workflow has been updated to support multiple operating systems. This change allows the workflow to run on Ubuntu, macOS, and Windows. The matrix strategy has been added to specify the different operating systems. This optimization improves code quality and security.
@niStee
Copy link
Contributor Author

niStee commented Jul 27, 2024

Hi, sorry for the late reply! Hope it is not too late.

Hi, no need to apologize.

…t operating system, as it is only supported on Linux
…f-fmt are already installed before installing them
…f-fmt are already installed before installing them
…f-fmt are already installed before installing them
…-fmt without checking if they are already installed
The insert_startup_scripts function in the windows.rs file has been optimized to improve performance and readability. The unnecessary conversion of the path variable to a Path object has been removed, resulting in more efficient code execution. This change enhances the overall functionality of the function and ensures smoother operation on Windows systems.
@niStee niStee requested a review from SteveLauC July 27, 2024 17:44
Adding OSV Scanner
@niStee
Copy link
Contributor Author

niStee commented Oct 16, 2024

@SteveLauC I am not sure if we want the OSV Scanner check to be --fail-on-vuln=true" or false? What do you suggest?

@SteveLauC
Copy link
Member

@SteveLauC I am not sure if we want the OSV Scanner check to be --fail-on-vuln=true" or false? What do you suggest?

It is good to have vulnerability checked, but the reported vulnerabilities are all about Topgrade's indirect dependencies, so they are pretty hard to fix, we have to disable this option if we cannot find other workarounds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants