ilyagr.bsky.social / jj
just playing with tangled
fork atom
jj / .github / workflows / ci.yml
at ig/vimdiffwarn 324 lines 10 kB view raw
dependabot[bot] github: bump taiki-e/install-action in the github-dependencies group
00eae152
1name: ci 2 3on: 4 pull_request: 5 merge_group: 6 7concurrency: 8 group: >- 9 ${{ github.workflow }}-${{ 10 github.event.pull_request.number 11 || github.event.merge_group.head_ref 12 }} 13 cancel-in-progress: true 14 15permissions: {} 16 17jobs: 18 test: 19 strategy: 20 fail-fast: ${{ github.event_name == 'merge_group' }} 21 matrix: 22 build: [linux-x86_64-gnu, 'linux-x86_64-gnu, no git2', linux-aarch64-gnu, macos-x86_64, macos-aarch64, windows-x86_64] 23 include: 24 - build: linux-x86_64-gnu 25 os: ubuntu-24.04 26 cargo_flags: "--all-features" 27 - build: 'linux-x86_64-gnu, no git2' 28 os: ubuntu-24.04 29 cargo_flags: "--no-default-features --features git" 30 # Ensure we don’t link to `libgit2`. 31 LIBGIT2_NO_VENDOR: 1 32 - build: linux-aarch64-gnu 33 os: ubuntu-24.04-arm 34 cargo_flags: "--all-features" 35 - build: macos-x86_64 36 os: macos-13 37 cargo_flags: "" 38 - build: macos-aarch64 39 os: macos-14 40 cargo_flags: "" 41 - build: windows-x86_64 42 os: windows-2022 43 cargo_flags: "" 44 runs-on: ${{ matrix.os }} 45 46 # TODO FIXME (aseipp): keep the timeout limit to ~20 minutes. this is long 47 # enough to give us runway for the future, but also once we hit it, we're at 48 # the "builds are taking too long" stage and we should start looking at ways 49 # to optimize the CI, or the CI is flaking out on some weird spiked machine 50 # 51 # at the same time, this avoids some issues where some flaky, bugged tests 52 # seem to be causing multi-hour runs on Windows (GPG signing issues), which 53 # is a problem we should fix. in the mean time, this will make these flakes 54 # less harmful, as it won't cause builds to spin for multiple hours, requiring 55 # manual cancellation. 56 timeout-minutes: 20 57 58 steps: 59 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 60 with: 61 persist-credentials: false 62 - name: Set up Windows Builders 63 if: startswith(matrix.os, 'windows') 64 uses: ./.github/actions/setup-windows 65 - name: Install Rust 66 uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 67 with: 68 toolchain: 1.84 69 - uses: taiki-e/install-action@575f713d0233afba556737a7b85080563be14186 70 with: 71 tool: nextest,taplo-cli 72 - name: Install mold 73 uses: rui314/setup-mold@f80524ca6eeaa76759b57fb78ddce5d87a20c720 74 with: 75 make-default: false 76 - name: Build 77 run: >- 78 cargo build 79 --config .cargo/config-ci.toml 80 --workspace 81 --all-targets 82 --verbose 83 ${{ matrix.cargo_flags }} 84 env: 85 LIBGIT2_NO_VENDOR: ${{ matrix.LIBGIT2_NO_VENDOR || '0' }} 86 - name: Test 87 run: >- 88 cargo nextest run 89 --config .cargo/config-ci.toml 90 --workspace 91 --all-targets 92 --verbose 93 --profile ci 94 ${{ matrix.cargo_flags }} 95 env: 96 RUST_BACKTRACE: 1 97 CARGO_TERM_COLOR: always 98 LIBGIT2_NO_VENDOR: ${{ matrix.LIBGIT2_NO_VENDOR || '0' }} 99 100 no-git: 101 name: build (no git) 102 runs-on: ubuntu-24.04 103 steps: 104 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 105 with: 106 persist-credentials: false 107 - name: Install Rust 108 uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 109 with: 110 toolchain: 1.84 111 - name: Build 112 run: cargo build -p jj-cli --no-default-features --verbose 113 114 build-nix: 115 name: nix flake 116 strategy: 117 fail-fast: ${{ github.event_name == 'merge_group' }} 118 matrix: 119 os: [ubuntu-24.04, ubuntu-24.04-arm, macos-14] 120 runs-on: ${{ matrix.os }} 121 timeout-minutes: 15 122 123 steps: 124 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 125 with: 126 fetch-depth: 0 127 persist-credentials: false 128 - uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d 129 - run: nix flake check -L --show-trace 130 131 check-protos: 132 name: check (protos) 133 runs-on: ubuntu-24.04 134 steps: 135 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 136 with: 137 persist-credentials: false 138 - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 139 with: 140 toolchain: stable 141 - run: sudo apt update && sudo apt-get -y install protobuf-compiler 142 - name: Generate Rust code from .proto files 143 run: cargo run -p gen-protos 144 - name: Check for uncommitted changes 145 run: git diff --exit-code 146 147 check-rustfmt: 148 name: check (rustfmt) 149 runs-on: ubuntu-24.04 150 steps: 151 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 152 with: 153 persist-credentials: false 154 - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 155 with: 156 toolchain: nightly 157 components: rustfmt 158 - run: cargo +nightly fmt --all -- --check 159 160 check-clippy: 161 name: check (clippy) 162 permissions: 163 checks: write 164 runs-on: ubuntu-24.04 165 steps: 166 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 167 with: 168 persist-credentials: false 169 - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 170 with: 171 toolchain: stable 172 components: clippy 173 - run: cargo +stable clippy --all-features --workspace --all-targets -- -D warnings 174 175 check-cargo-deny: 176 runs-on: ubuntu-24.04 177 strategy: 178 matrix: 179 checks: 180 - advisories 181 - bans 182 - licenses 183 - sources 184 185 # Prevent sudden announcement of a new advisory from failing ci: 186 continue-on-error: ${{ matrix.checks == 'advisories' }} 187 188 name: check (cargo-deny, ${{ matrix.checks }}) 189 steps: 190 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 191 with: 192 persist-credentials: false 193 - uses: EmbarkStudios/cargo-deny-action@34899fc7ba81ca6268d5947a7a16b4649013fea1 194 with: 195 command: check ${{ matrix.checks }} 196 197 check-codespell: 198 name: check (codespell) 199 runs-on: ubuntu-24.04 200 steps: 201 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 202 with: 203 persist-credentials: false 204 - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 205 with: 206 python-version: 3.11 207 - name: Install uv 208 uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 209 with: 210 # If you bump the version, also update docs/contributing.md 211 # and all other workflows that install uv 212 version: "0.5.1" 213 - name: Run Codespell 214 run: uv run -- codespell && echo Codespell exited successfully 215 216 check-doctests: 217 name: check (doctests) 218 runs-on: ubuntu-24.04 219 steps: 220 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 221 with: 222 persist-credentials: false 223 - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 224 with: 225 toolchain: 1.84 226 # NOTE: We need to run `cargo test --doc` separately from normal tests: 227 # - `cargo build --all-targets` specifies: "Build all targets" 228 # - `cargo test --all-targets` specifies: "Test all targets (does not include doctests)" 229 - name: Run doctests 230 run: cargo test --workspace --doc 231 env: 232 RUST_BACKTRACE: 1 233 - name: Check `cargo doc` for lint issues 234 env: 235 RUSTDOCFLAGS: "--deny warnings" 236 run: cargo doc --workspace --no-deps 237 238 check-mkdocs: 239 name: check (mkdocs) 240 runs-on: ubuntu-24.04 241 steps: 242 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 243 with: 244 persist-credentials: false 245 - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 246 with: 247 python-version: 3.11 248 - name: Install uv 249 uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 250 with: 251 # If you bump the version, also update docs/contributing.md 252 # and all other workflows that install uv 253 version: "0.5.1" 254 - name: Check that `mkdocs` can build the docs 255 run: uv run -- mkdocs build --strict 256 257 # An optional job to alert us when uv updates break the build 258 check-mkdocs-latest: 259 name: check (latest mkdocs, optional) 260 runs-on: ubuntu-24.04 261 steps: 262 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 263 with: 264 persist-credentials: false 265 - name: Install uv 266 uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 267 # 'only-managed' means that uv will always download Python, even 268 # if the runner happens to provide a compatible version 269 - name: Check that `mkdocs` can build the docs 270 run: uv run --python-preference=only-managed -- mkdocs build --strict 271 272 check-zizmor: 273 name: check (zizmor) 274 runs-on: ubuntu-latest 275 permissions: 276 security-events: write 277 contents: read 278 steps: 279 - name: Checkout repository 280 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 281 with: 282 persist-credentials: false 283 284 - name: Install the latest version of uv 285 uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 286 287 - name: Run zizmor 288 run: uvx zizmor --format sarif . > results.sarif 289 env: 290 GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 291 292 - name: Upload SARIF file 293 uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 294 with: 295 sarif_file: results.sarif 296 category: zizmor 297 298 # Block the merge if required checks fail, but only in the merge 299 # queue. See also `required-checks-hack.yml`. 300 required-checks: 301 name: required checks (merge queue) 302 if: ${{ always() && github.event_name == 'merge_group' }} 303 needs: 304 - test 305 - no-git 306 - build-nix 307 - check-protos 308 - check-rustfmt 309 - check-clippy 310 - check-cargo-deny 311 - check-codespell 312 - check-doctests 313 - check-mkdocs 314 # - check-mkdocs-latest 315 # - check-zizmor 316 runs-on: ubuntu-latest 317 steps: 318 - name: Block merge if required checks fail 319 if: >- 320 ${{ 321 contains(needs.*.result, 'failure') 322 || contains(needs.*.result, 'cancelled') 323 }} 324 run: exit 1