Skip to content

CI

CI #1769

Workflow file for this run

name: CI
on:
merge_group:
pull_request:
schedule:
- cron: "0 3 * * 0" # 0 = Sunday
workflow_dispatch:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
maybe-expedite:
outputs:
value: ${{ steps.expedite.outputs.value }}
runs-on: ubuntu-latest
steps:
- name: Log github refs
run: |
echo '```' >> "$GITHUB_STEP_SUMMARY"
echo 'github.ref: ${{ github.ref }}' >> "$GITHUB_STEP_SUMMARY"
echo 'github.sha: ${{ github.sha }}' >> "$GITHUB_STEP_SUMMARY"
echo '```' >> "$GITHUB_STEP_SUMMARY"
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check if merging an up-to-date branch
if: ${{ github.event_name == 'merge_group' }}
id: expedite
run: |
N="$(expr "${{ github.ref }}" : '.*-\([0-9]\+\)-[^-]*$')"
BASE_SHA="$(gh api /repos/${{ github.repository }}/pulls/"$N" | jq -r '.base.sha')"
if git diff --quiet ${{ github.event.merge_group.base_sha }} "$BASE_SHA"; then
echo "value=1" >> "$GITHUB_OUTPUT"
fi
env:
GH_TOKEN: ${{ github.token }}
test:
needs: [maybe-expedite]
if: ${{ ! needs.maybe-expedite.outputs.value }}
strategy:
fail-fast: ${{ github.event_name == 'merge_group' }}
matrix:
environment: [ubuntu-latest, macos-latest, windows-latest]
test: [without-token, with-token-0, with-token-1]
runs-on: ${{ matrix.environment }}
defaults:
run:
shell: bash
env:
RUST_BACKTRACE: 1
GROUP_RUNNER: target.'cfg(all())'.runner = 'group-runner'
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cache/cargo-unmaintained/
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
key: ${{ runner.os }}-cargo-${{ hashFiles('.github/workflows/ci.yml', 'tests/ci.rs') }}
- uses: taiki-e/install-action@v2
with:
tool: cargo-audit, cargo-hack, cargo-sort, cargo-udeps
- name: Install tools
run: |
rustup update --no-self-update
rustup install nightly --no-self-update
rustup component add rustfmt --toolchain nightly
export CARGO_TARGET_DIR="$(mktemp -d)"
cargo install cargo-dylint --git=https://github.com/trailofbits/dylint --no-default-features --features=cargo-cli || true
cargo install dylint-link || true
cargo install cargo-license || true
cargo install group-runner || true
- name: Enable verbose logging
if: ${{ runner.debug == 1 }}
run: echo 'VERBOSE=1' >> "$GITHUB_ENV"
- name: Build
run: cargo test --no-run
- name: Test
run: |
case '${{ matrix.test }}' in
without-token)
cargo test --config "$GROUP_RUNNER" -- --nocapture
;;
with-token-0)
export GITHUB_TOKEN='${{ github.token }}'
cargo test --config "$GROUP_RUNNER" --features=ei \
--test dogfood \
--test rustsec_advisories \
-- --nocapture
;;
with-token-1)
export GITHUB_TOKEN='${{ github.token }}'
cargo test --config "$GROUP_RUNNER" --features=ei \
--test rustsec_issues \
--test save_token \
--test snapbox \
-- --nocapture
;;
*)
exit 1
;;
esac
env:
GIT_LFS_SKIP_SMUDGE: 1
all-checks:
needs: [test]
# smoelius: From "Defining prerequisite jobs"
# (https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow#defining-prerequisite-jobs):
# > If you would like a job to run even if a job it is dependent on did not succeed, use the
# > `always()` conditional expression in `jobs.<job_id>.if`.
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Check results
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1