CI -> Introduce cargo ci licenses check.

eclipse-opendut · Dec 14, 2023 · c7cc328 · c7cc328
1 parent ce45d5e
commit c7cc328
Show file tree

Hide file tree

Showing 12 changed files with 100 additions and 60 deletions.
diff --git a/.ci/xtask/src/packages/lea.rs b/.ci/xtask/src/packages/lea.rs
@@ -2,6 +2,7 @@ use std::path::PathBuf;
 use std::process::Command;
 
 use crate::Package;
+use crate::util::RunRequiringSuccess;
 
 const PACKAGE: &Package = &Package::Lea;
 
@@ -21,7 +22,7 @@ impl LeaTask {
                 Command::new("trunk")
                     .arg("watch")
                     .current_dir(self_dir())
-                    .status()?;
+                    .run_requiring_success();
             }
         };
         Ok(())
@@ -45,7 +46,7 @@ pub mod build {
                 "--dist", &out_dir.display().to_string(),
             ])
             .current_dir(working_dir)
-            .status()?;
+            .run_requiring_success();
 
         Ok(())
     }

diff --git a/.ci/xtask/src/tasks/build.rs b/.ci/xtask/src/tasks/build.rs
@@ -3,6 +3,7 @@ use std::path::PathBuf;
 
 use crate::{constants, util, Package};
 use crate::Arch;
+use crate::util::RunRequiringSuccess;
 
 
 #[tracing::instrument]
@@ -21,7 +22,7 @@ pub fn build_release(package: &Package, target: &Arch) -> anyhow::Result<()> {
             "--target",
             &target.triple(),
         ])
-        .status()?;
+        .run_requiring_success();
     Ok(())
 }
 

diff --git a/.ci/xtask/src/tasks/licenses.rs b/.ci/xtask/src/tasks/licenses.rs
@@ -7,9 +7,11 @@ use strum::IntoEnumIterator;
 
 use crate::{constants, util};
 use crate::Package;
+use crate::util::RunRequiringSuccess;
 
 #[derive(Debug, Subcommand)]
 pub enum LicensesTask {
+    Check,
     /// Generate a license representation in JSON
     Json {
         #[arg(long)]
@@ -20,6 +22,9 @@ impl LicensesTask {
     #[tracing::instrument]
     pub fn handle_task(self) -> anyhow::Result<()> {
         match self {
+            LicensesTask::Check => {
+                check::check_licenses()?;
+            }
             LicensesTask::Json { package } => match package {
                 Some(package) => json::export_json(&package)?,
                 None => {
@@ -33,6 +38,20 @@ impl LicensesTask {
     }
 }
 
+mod check {
+    use super::*;
+
+    #[tracing::instrument]
+    pub fn check_licenses() -> anyhow::Result<()> {
+        util::install_crate("cargo-deny")?;
+
+        Command::new("cargo-deny")
+            .arg("check")
+            .run_requiring_success();
+
+        Ok(())
+    }
+}
 
 pub mod json {
     use super::*;
@@ -47,7 +66,7 @@ pub mod json {
         Command::new("sh")
             .arg("-c")
             .arg(format!("cargo deny --exclude-dev list --layout crate --format json > {}", out_file.display()))
-            .status()?;
+            .run_requiring_success();
 
         log::debug!("Wrote licenses for package '{package}' to path: {}", out_file.display());
 

diff --git a/.ci/xtask/src/util.rs b/.ci/xtask/src/util.rs
@@ -1,13 +1,29 @@
 use std::process::Command;
 
-use anyhow::Result;
-
-
-#[tracing::instrument]
-pub fn install_crate(name: &str) -> Result<()> {
+#[tracing::instrument(level = tracing::Level::TRACE)]
+pub fn install_crate(name: &str) -> anyhow::Result<()> {
     Command::new("cargo")
         .arg("install")
         .arg(name)
-        .status()?;
+        .run_requiring_success();
     Ok(())
 }
+
+
+pub(crate) trait RunRequiringSuccess {
+    fn run_requiring_success(&mut self);
+}
+impl RunRequiringSuccess for Command {
+    fn run_requiring_success(&mut self) {
+        let status = self.status()
+            .expect("Error while running command.");
+
+        if !status.success() {
+            let mut error = format!("Error while running command: {self:?}\n");
+            if let Some(status) = &status.code() {
+                error += format!("  Exited with status code {}.\n", status).as_ref();
+            }
+            panic!("{}", error)
+        }
+    }
+}
diff --git a/opendut-edgar/src/setup/tasks/check_os_requirements.rs b/opendut-edgar/src/setup/tasks/check_os_requirements.rs
@@ -3,7 +3,7 @@ use std::process::Command;
 use anyhow::{Context, Result};
 
 use crate::setup::task::{Success, Task, TaskFulfilled};
-use crate::setup::util::evaluate_requiring_success;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 pub struct CheckOsRequirements;
 impl Task for CheckOsRequirements {
@@ -15,9 +15,9 @@ impl Task for CheckOsRequirements {
     }
     fn execute(&self) -> Result<Success> {
 
-        let mut systemd = Command::new("systemctl");
-        let systemd = systemd.arg("--version");
-        evaluate_requiring_success(systemd)
+        Command::new("systemctl")
+            .arg("--version")
+            .evaluate_requiring_success()
             .context("SystemD is required.")?;
 
         Ok(Success::default())

diff --git a/opendut-edgar/src/setup/tasks/create_service.rs b/opendut-edgar/src/setup/tasks/create_service.rs
@@ -7,7 +7,7 @@ use anyhow::{Context, Result};
 use crate::setup::task::{Success, Task, TaskFulfilled};
 use crate::setup::constants::{executable_install_path, USER_NAME};
 use crate::setup::constants::SYSTEMD_SERVICE_FILE_NAME;
-use crate::setup::util::evaluate_requiring_success;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 
 pub fn systemd_file_path() -> PathBuf {
@@ -62,10 +62,9 @@ impl Task for CreateServiceFile {
         fs::write(&out_path, systemd_file_content())
             .context(format!("Error while writing service file to '{}'", out_path.display()))?;
 
-        let mut command = Command::new("systemctl");
-        let command = command
-            .arg("daemon-reload");
-        let _ = evaluate_requiring_success(command)?;
+        let _ = Command::new("systemctl")
+            .arg("daemon-reload")
+            .evaluate_requiring_success()?;
 
         Ok(Success::default())
     }

diff --git a/opendut-edgar/src/setup/tasks/linux_network_capability/request_capability_for_executable.rs b/opendut-edgar/src/setup/tasks/linux_network_capability/request_capability_for_executable.rs
@@ -4,19 +4,17 @@ use anyhow::Result;
 
 use crate::setup::constants;
 use crate::setup::task::{Success, Task, TaskFulfilled};
-use crate::setup::util::evaluate_requiring_success;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 pub struct RequestCapabilityForExecutable;
 impl Task for RequestCapabilityForExecutable {
     fn description(&self) -> String {
         String::from("Linux Network Capability - Request for Executable")
     }
     fn check_fulfilled(&self) -> Result<TaskFulfilled> {
-        let mut command = Command::new("getcap");
-        let command = command
-            .arg(constants::executable_install_path()?);
-
-        let output = evaluate_requiring_success(command)?;
+        let output = Command::new("getcap")
+            .arg(constants::executable_install_path()?)
+            .evaluate_requiring_success()?;
 
         if output.stdout.is_empty() {
             Ok(TaskFulfilled::No)
@@ -25,12 +23,11 @@ impl Task for RequestCapabilityForExecutable {
         }
     }
     fn execute(&self) -> Result<Success> {
-        let mut command = Command::new("setcap");
-        let command = command
+        let _ = Command::new("setcap")
             .arg("CAP_NET_ADMIN=ei") //"effective" and "inheritable"
-            .arg(constants::executable_install_path()?);
+            .arg(constants::executable_install_path()?)
+            .evaluate_requiring_success()?;
 
-        let _ = evaluate_requiring_success(command)?;
         Ok(Success::default())
     }
 }
diff --git a/opendut-edgar/src/setup/tasks/linux_network_capability/request_capability_for_user.rs b/opendut-edgar/src/setup/tasks/linux_network_capability/request_capability_for_user.rs
@@ -7,6 +7,7 @@ use anyhow::{Context, Result};
 use crate::setup::constants::USER_NAME;
 use crate::setup::task::{Success, Task, TaskFulfilled};
 use crate::setup::util;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 fn capability_file() -> PathBuf {
     PathBuf::from("/etc/security/capability.conf")
@@ -26,12 +27,11 @@ impl Task for RequestCapabilityForUser {
                 .context(format!("Failed to read content of PAM file '{}'.", capability_file.display()))?;
             if file_content.contains(LINE_TO_ADD) {
 
-                let mut command = Command::new("su");
-                let command = command
+                Command::new("su")
                     .arg(USER_NAME)
                     .arg("-c")
-                    .arg("/sbin/capsh --has-i=cap_net_admin");
-                let _ = util::evaluate_requiring_success(command)?;
+                    .arg("/sbin/capsh --has-i=cap_net_admin")
+                    .evaluate_requiring_success()?;
 
                 return Ok(TaskFulfilled::Yes)
             }

diff --git a/opendut-edgar/src/setup/tasks/netbird/install_service.rs b/opendut-edgar/src/setup/tasks/netbird/install_service.rs
@@ -4,7 +4,7 @@ use anyhow::Result;
 
 use crate::setup::constants::netbird;
 use crate::setup::task::{Success, Task, TaskFulfilled};
-use crate::setup::util::evaluate_requiring_success;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 pub struct InstallService;
 impl Task for InstallService {
@@ -26,9 +26,10 @@ impl Task for InstallService {
     fn execute(&self) -> Result<Success> {
         let netbird = netbird::unpacked_executable()?;
 
-        let mut command = Command::new(netbird);
-        let command = command.arg("service").arg("install");
-        let _ = evaluate_requiring_success(command)?;
+        let _ = Command::new(netbird)
+            .arg("service")
+            .arg("install")
+            .evaluate_requiring_success()?;
 
         Ok(Success::default())
     }

diff --git a/opendut-edgar/src/setup/tasks/netbird/start_service.rs b/opendut-edgar/src/setup/tasks/netbird/start_service.rs
@@ -5,7 +5,7 @@ use std::time::Duration;
 use anyhow::{anyhow, Result};
 
 use crate::setup::task::{Success, Task, TaskFulfilled};
-use crate::setup::util::evaluate_requiring_success;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 const UP_CHECK_RETRIES: usize = 50;
 const UP_CHECK_INTERVAL: Duration = Duration::from_millis(200);
@@ -28,9 +28,10 @@ impl Task for StartService {
         }
     }
     fn execute(&self) -> Result<Success> {
-        let mut command = Command::new("systemctl");
-        let command = command.arg("start").arg("netbird");
-        let _ = evaluate_requiring_success(command)?;
+        let _ = Command::new("systemctl")
+            .arg("start")
+            .arg("netbird")
+            .evaluate_requiring_success()?;
 
         let socket_path = opendut_netbird_client_api::client::socket_path();
         for _ in 1..=UP_CHECK_RETRIES {

diff --git a/opendut-edgar/src/setup/tasks/start_service.rs b/opendut-edgar/src/setup/tasks/start_service.rs
@@ -4,7 +4,7 @@ use anyhow::Result;
 
 use crate::setup::constants::SYSTEMD_SERVICE_FILE_NAME;
 use crate::setup::task::{Success, Task, TaskFulfilled};
-use crate::setup::util::evaluate_requiring_success;
+use crate::setup::util::EvaluateRequiringSuccess;
 
 pub struct StartService;
 impl Task for StartService {
@@ -24,11 +24,11 @@ impl Task for StartService {
         }
     }
     fn execute(&self) -> Result<Success> {
-        let mut command = Command::new("systemctl");
-        let command = command
+        let _ = Command::new("systemctl")
             .args(["enable", "--now"]) //enable and start
-            .arg(SYSTEMD_SERVICE_FILE_NAME);
-        let _ = evaluate_requiring_success(command)?;
+            .arg(SYSTEMD_SERVICE_FILE_NAME)
+            .evaluate_requiring_success()?;
+
         Ok(Success::default())
     }
 }
diff --git a/opendut-edgar/src/setup/util.rs b/opendut-edgar/src/setup/util.rs
@@ -10,23 +10,28 @@ use sha2::{Digest, Sha256};
 
 use crate::setup::constants;
 
-pub fn evaluate_requiring_success(command: &mut Command) -> anyhow::Result<Output> {
-    let output = command.output()?;
+pub(crate) trait EvaluateRequiringSuccess {
+    fn evaluate_requiring_success(&mut self) -> anyhow::Result<Output>;
+}
+impl EvaluateRequiringSuccess for Command {
+    fn evaluate_requiring_success(&mut self) -> anyhow::Result<Output> {
+        let output = self.output()?;
 
-    if !output.status.success() {
-        let mut error = format!("Error while running `{command:?}`:\n");
-        if let Some(status) = &output.status.code() {
-            error += format!("  Status Code: {}\n", status).as_ref();
-        }
-        if !output.stdout.is_empty() {
-            error += format!("  Stdout: {}\n", String::from_utf8(output.stdout.clone())?).as_str();
-        }
-        if !output.stderr.is_empty() {
-            error += format!("  Stderr: {}\n", String::from_utf8(output.stderr.clone())?).as_str();
+        if !output.status.success() {
+            let mut error = format!("Error while running `{self:?}`:\n");
+            if let Some(status) = &output.status.code() {
+                error += format!("  Status Code: {}\n", status).as_ref();
+            }
+            if !output.stdout.is_empty() {
+                error += format!("  Stdout: {}\n", String::from_utf8(output.stdout.clone())?).as_str();
+            }
+            if !output.stderr.is_empty() {
+                error += format!("  Stderr: {}\n", String::from_utf8(output.stderr.clone())?).as_str();
+            }
+            bail!(error)
         }
-        bail!(error)
+        Ok(output)
     }
-    Ok(output)
 }
 
 pub fn chown(path: impl AsRef<Path>) -> anyhow::Result<()> {