CI #384
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
merge_group: | |
pull_request: | |
schedule: | |
- cron: "0 3 * * 6" # 6 = Saturday | |
workflow_dispatch: | |
concurrency: | |
group: ci-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
maybe-expedite: | |
outputs: | |
value: ${{ steps.expedite.outputs.value }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Log github refs | |
run: | | |
echo '```' >> "$GITHUB_STEP_SUMMARY" | |
echo 'github.ref: ${{ github.ref }}' >> "$GITHUB_STEP_SUMMARY" | |
echo 'github.sha: ${{ github.sha }}' >> "$GITHUB_STEP_SUMMARY" | |
echo '```' >> "$GITHUB_STEP_SUMMARY" | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Check if merging an up-to-date branch | |
if: ${{ github.event_name == 'merge_group' }} | |
id: expedite | |
run: | | |
N="$(expr "${{ github.ref }}" : '.*-\([0-9]\+\)-[^-]*$')" | |
BASE_SHA="$(gh api /repos/${{ github.repository }}/pulls/"$N" | jq -r '.base.sha')" | |
if git diff --quiet ${{ github.event.merge_group.base_sha }} "$BASE_SHA"; then | |
echo "value=1" >> "$GITHUB_OUTPUT" | |
fi | |
env: | |
GH_TOKEN: ${{ github.token }} | |
test: | |
needs: [maybe-expedite] | |
if: ${{ ! needs.maybe-expedite.outputs.value }} | |
strategy: | |
fail-fast: ${{ github.event_name == 'merge_group' }} | |
matrix: | |
environment: [ubuntu-latest, ubuntu-24.04, macos-latest] | |
runs-on: ${{ matrix.environment }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- name: Install tools | |
run: | | |
rustup install nightly | |
rustup +nightly component add clippy | |
cargo install cargo-dylint dylint-link || true | |
cargo install group-runner || true | |
- name: Install Bubblewrap | |
if: ${{ runner.os == 'Linux' }} | |
run: sudo apt install bubblewrap | |
- name: Install Bubblewrap profile on Ubuntu | |
if: ${{ runner.os == 'Linux' }} | |
run: | | |
sudo apt install apparmor-profiles | |
sudo cp /usr/share/apparmor/extra-profiles/bwrap-userns-restrict /etc/apparmor.d || true | |
sudo systemctl reload apparmor | |
# smoelius: Go is needed for the `aws-lc-fips-sys` third-party test. | |
- name: Install Go on macOS | |
if: ${{ matrix.environment == 'macos-latest' }} | |
run: brew install go | |
- name: Build | |
run: cargo test --no-run | |
- name: Test | |
run: cargo test --config "target.'cfg(all())'.runner = 'group-runner'" | |
all-checks: | |
needs: [test] | |
# smoelius: From "Defining prerequisite jobs" | |
# (https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow#defining-prerequisite-jobs): | |
# > If you would like a job to run even if a job it is dependent on did not succeed, use the | |
# > `always()` conditional expression in `jobs.<job_id>.if`. | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check results | |
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
run: exit 1 |