-
Notifications
You must be signed in to change notification settings - Fork 2
146 lines (121 loc) · 4.26 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: CI
on:
merge_group:
pull_request:
schedule:
- cron: "0 3 * * 0" # 0 = Sunday
workflow_dispatch:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
maybe-expedite:
outputs:
value: ${{ steps.expedite.outputs.value }}
runs-on: ubuntu-latest
steps:
- name: Log github refs
run: |
echo '```' >> "$GITHUB_STEP_SUMMARY"
echo 'github.ref: ${{ github.ref }}' >> "$GITHUB_STEP_SUMMARY"
echo 'github.sha: ${{ github.sha }}' >> "$GITHUB_STEP_SUMMARY"
echo '```' >> "$GITHUB_STEP_SUMMARY"
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check if merging an up-to-date branch
if: ${{ github.event_name == 'merge_group' }}
id: expedite
run: |
N="$(expr "${{ github.ref }}" : '.*-\([0-9]\+\)-[^-]*$')"
BASE_SHA="$(gh api /repos/${{ github.repository }}/pulls/"$N" | jq -r '.base.sha')"
if git diff --quiet ${{ github.event.merge_group.base_sha }} "$BASE_SHA"; then
echo "value=1" >> "$GITHUB_OUTPUT"
fi
env:
GH_TOKEN: ${{ github.token }}
test:
needs: [maybe-expedite]
if: ${{ ! needs.maybe-expedite.outputs.value }}
strategy:
fail-fast: ${{ github.event_name == 'merge_group' }}
matrix:
environment: [ubuntu-latest, macos-latest, windows-latest]
test: [without-token, with-token-0, with-token-1]
runs-on: ${{ matrix.environment }}
defaults:
run:
shell: bash
env:
RUST_BACKTRACE: 1
GROUP_RUNNER: target.'cfg(all())'.runner = 'group-runner'
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cache/cargo-unmaintained/
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
key: ${{ runner.os }}-cargo-${{ hashFiles('.github/workflows/ci.yml', 'tests/ci.rs') }}
- uses: taiki-e/install-action@v2
with:
tool: cargo-audit, cargo-hack, cargo-sort, cargo-udeps
- name: Install tools
run: |
rustup update --no-self-update
rustup install nightly --no-self-update
rustup component add rustfmt --toolchain nightly
export CARGO_TARGET_DIR="$(mktemp -d)"
cargo install cargo-dylint --git=https://github.com/trailofbits/dylint --no-default-features --features=cargo-cli || true
cargo install dylint-link || true
cargo install cargo-license || true
cargo install group-runner || true
- name: Enable verbose logging
if: ${{ runner.debug == 1 }}
run: echo 'VERBOSE=1' >> "$GITHUB_ENV"
- name: Build
run: cargo test --no-run
- name: Test
run: |
case '${{ matrix.test }}' in
without-token)
cargo test --config "$GROUP_RUNNER" -- --nocapture
;;
with-token-0)
export GITHUB_TOKEN='${{ github.token }}'
cargo test --config "$GROUP_RUNNER" --features=ei \
--test dogfood \
--test rustsec_advisories \
-- --nocapture
;;
with-token-1)
export GITHUB_TOKEN='${{ github.token }}'
cargo test --config "$GROUP_RUNNER" --features=ei \
--test rustsec_issues \
--test save_token \
--test snapbox \
-- --nocapture
;;
*)
exit 1
;;
esac
env:
GIT_LFS_SKIP_SMUDGE: 1
all-checks:
needs: [test]
# smoelius: From "Defining prerequisite jobs"
# (https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow#defining-prerequisite-jobs):
# > If you would like a job to run even if a job it is dependent on did not succeed, use the
# > `always()` conditional expression in `jobs.<job_id>.if`.
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Check results
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1