Skip to content
sterile.yml

sterile.yml #597

Sign in to view logs

sterile.yml

sterile.yml #597

Workflow file for this run

.github/workflows/sterile.yml at 00990a1
# This is a sterile build and test workflow that uses the `compile-env`
# container image to build and test the project in a sterile environment.
# Artifacts produced by this workflow are intended to be used for production.
name: "sterile.yml"
on:
pull_request: {}
push:
branches:
- "main"
merge_group:
types: ["checks_requested"]
workflow_dispatch:
inputs:
debug_enabled:
type: "boolean"
description: "Run with tmate enabled"
required: false
default: false
debug_just:
type: "boolean"
description: "enable to see debug statements from just recipes"
required: false
default: false
concurrency:
group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after }}"
cancel-in-progress: true
jobs:
check_changes:
name: "Deduce required tests from code changes"
runs-on: "ubuntu-latest"
outputs:
devfiles: "${{ steps.changes.outputs.devfiles }}"
steps:
- name: "Checkout"
if: "${{ !github.event.pull_request }}"
uses: "actions/checkout@v4"
with:
persist-credentials: "false"
fetch-depth: "0"
- name: "Check code changes"
uses: "dorny/paths-filter@v3"
id: "changes"
with:
filters: |
devfiles:
- '!(README.md|LICENSE|design-docs/**|.gitignore|.github/**)'
- '.github/workflows/sterile.yml'
test:
needs: [ check_changes ]
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}"
permissions:
contents: "read"
packages: "read"
id-token: "write"
runs-on: "lab"
strategy:
fail-fast: false
matrix:
rust:
- "stable"
name: "Sterile test run"
steps:
- name: "login to ghcr.io"
uses: "docker/login-action@v3"
with:
registry: "ghcr.io"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "install rust"
uses: "dtolnay/rust-toolchain@master"
with:
toolchain: "${{ matrix.rust }}"
targets: "x86_64-unknown-linux-gnu"
- name: "install just"
run: |
cargo install just
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "dev/gnu sterile test"
if: ${{ always() }}
run: |
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu \
sterile cargo test
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu \
sterile cargo doc
- name: "release/gnu sterile test"
if: ${{ always() }}
run: |
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu \
sterile cargo test
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu \
sterile cargo doc
- name: "dev/musl sterile test"
if: ${{ always() }}
run: |
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-musl \
sterile cargo test
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-musl \
sterile cargo doc
- name: "release/musl sterile test"
if: ${{ always() }}
run: |
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl \
sterile cargo test
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl \
sterile cargo doc
- name: "run clippy"
if: ${{ always() }}
run: |
just debug="${{inputs.debug_just}}" rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu \
sterile cargo clippy
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
timeout-minutes: 60
with:
limit-access-to-actor: true
push:
needs: [ check_changes ]
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}"
permissions:
contents: "read"
packages: "write"
id-token: "write"
runs-on: "lab"
strategy:
fail-fast: false
matrix:
rust:
- "stable"
debug_just:
- "${{inputs.debug_just || false}}"
name: "Push containers"
steps:
- name: "login to ghcr.io"
uses: "docker/login-action@v3"
with:
registry: "ghcr.io"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "install rust"
uses: "dtolnay/rust-toolchain@master"
with:
toolchain: "${{ matrix.rust }}"
targets: "x86_64-unknown-linux-gnu"
- name: "install just"
run: |
cargo install just
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "install rust"
uses: "dtolnay/rust-toolchain@master"
with:
toolchain: "${{ matrix.rust }}"
targets: "x86_64-unknown-linux-gnu"
- run: |
cargo install cargo-deny
- run: |
just debug="${{matrix.debug_just}}" cargo deny check
- run: |
just debug="${{matrix.debug_just}}" rust="${{matrix.rust}}" profile=debug target=x86_64-unknown-linux-gnu \
push-container
- run: |
just debug="${{matrix.debug_just}}" rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu \
push-container
- run: |
just debug="${{matrix.debug_just}}" rust="${{matrix.rust}}" profile=debug target=x86_64-unknown-linux-musl \
push-container
- run: |
just debug="${{matrix.debug_just}}" rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl \
push-container
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
timeout-minutes: 60
with:
limit-access-to-actor: true
summary:
name: "Summary"
runs-on: "ubuntu-latest"
needs:
- test
- push
if: ${{ always() && needs.test.result != 'skipped' && needs.push.result != 'skipped' }}
steps:
- name: "Flag any test failures"
if: ${{ needs.test.result != 'success' }}
run: |
>&2 echo "One or more required tests failed"
exit 1
- name: "Flag any push failures"
if: ${{ needs.push.result != 'success' }}
run: |
>&2 echo "One or more required pushes failed"
exit 1