-
Notifications
You must be signed in to change notification settings - Fork 2
222 lines (204 loc) · 8.23 KB
/
dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# The primary point of this workflow is to ensure that the developer experience is good.
# We take a very vanilla ubuntu image, install all necessary dependencies via "normal" means,
# and then run the build and test steps as described in the README.md file.
# The artifacts produced by these builds are not intended to be used for anything other than
# ensuring that the developer experience is good.
# Production artifacts are produced in a sterile environment (in another CI workflow).
name: "dev.yml"
on:
pull_request: { }
push:
branches:
- "main"
merge_group:
types: [ "checks_requested" ]
workflow_dispatch:
inputs:
debug_enabled:
type: "boolean"
description: "Run with tmate enabled"
required: false
default: false
debug_just:
type: "boolean"
description: "enable to see debug statements from just recipes"
required: false
default: false
concurrency:
group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after }}"
cancel-in-progress: true
permissions:
contents: "read"
packages: "write"
id-token: "write"
jobs:
check_changes:
name: "Deduce required tests from code changes"
permissions:
contents: "read"
pull-requests: "read"
runs-on: "ubuntu-latest"
outputs:
devfiles: "${{ steps.changes.outputs.devfiles }}"
steps:
- name: "Checkout"
if: "${{ !github.event.pull_request }}"
uses: "actions/checkout@v4"
with:
persist-credentials: "false"
fetch-depth: "0"
- name: "Check code changes"
uses: "dorny/paths-filter@v3"
id: "changes"
with:
filters: |
devfiles:
- '!(README.md|LICENSE|design-docs/**|.gitignore|.github/**)'
- '.github/workflows/dev.yml'
build:
needs: [ check_changes ]
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}"
permissions:
issues: "write"
pull-requests: "write"
contents: "write"
id-token: "write"
strategy:
fail-fast: false
matrix:
rust:
- # failures on stable block release
version: "stable"
optional: false
- # failures on beta block release
version: "beta"
optional: false
- # failures on the nightly channel are a clear "yellow" flag
version: "nightly"
optional: true
debug_just:
- "${{inputs.debug_just || false}}"
outputs:
result: "${{ matrix.rust.optional || steps.gnu_dev_test.conclusion == 'success' && steps.musl_dev_test.conclusion == 'success' && steps.gnu_release_test.conclusion == 'success' && steps.musl_release_test.conclusion == 'success' }}"
name: "Developer build"
runs-on: "lab"
timeout-minutes: 45
steps:
- name: "login to ghcr.io"
uses: "docker/login-action@v3"
with:
registry: "ghcr.io"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "install rust"
uses: "dtolnay/rust-toolchain@master"
with:
toolchain: "${{ matrix.rust.version }}"
targets: "x86_64-unknown-linux-gnu,x86_64-unknown-linux-musl"
components: "rustfmt,clippy"
- name: "Checkout"
uses: "actions/checkout@v4"
with:
persist-credentials: "false"
fetch-depth: "0"
- name: "install just"
run: |
cargo install just
- name: "install cargo-deny"
run: |
cargo install cargo-deny
- run: |
just debug="${{matrix.debug_just}}" cargo deny check
- name: refresh-compile-env
run: |
just --yes debug="${{matrix.debug_just}}" refresh-compile-env
- run: |
just --yes debug="${{matrix.debug_just}}" fake-nix
- id: "gnu_dev_test"
name: "test gnu dev"
run: |
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=dev target=x86_64-unknown-linux-gnu \
cargo test
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=dev target=x86_64-unknown-linux-gnu \
cargo doc
continue-on-error: ${{ matrix.rust.optional }}
- id: "musl_dev_test"
name: "test musl dev"
run: |
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=dev target=x86_64-unknown-linux-musl \
cargo test
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=dev target=x86_64-unknown-linux-musl \
cargo doc
continue-on-error: ${{ matrix.rust.optional }}
- id: "gnu_release_test"
name: "test gnu release"
run: |
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=release target=x86_64-unknown-linux-gnu \
cargo test
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=release target=x86_64-unknown-linux-gnu \
cargo doc
continue-on-error: ${{ matrix.rust.optional }}
- id: "musl_release_test"
name: "test musl release"
run: |
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=release target=x86_64-unknown-linux-musl \
cargo test
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} profile=release target=x86_64-unknown-linux-musl \
cargo doc
continue-on-error: ${{ matrix.rust.optional }}
- id: "clippy"
name: "run clippy"
run: |
just debug="${{matrix.debug_just}}" rust=${{matrix.rust.version}} cargo clippy
continue-on-error: ${{ matrix.rust.optional }}
- id: "build_each_commit"
name: "build each commit"
run: |
# Run a simple build for each separate commit (for "pull_request")
# or for the HEAD of the branch (other events).
set -eu -o pipefail
COMMITS=${{ github.sha }}
if [[ "${{ github.event_name == 'pull_request' }}" == "true" ]]; then
# Get all commits from Pull Request, in chronological order
COMMITS=$(git rev-list --reverse ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }})
fi
for commit in $COMMITS ; do
git checkout $commit || exit 1
printf "::group::Build commit %s\n" "$(git log --oneline --no-decorate -n 1)"
(just debug="${{matrix.debug_just}}" cargo +${{matrix.rust.version}} build --locked --profile=dev --target=x86_64-unknown-linux-gnu) || exit 1
printf "::endgroup::\n"
done
printf "::notice::HEAD remains at %s\n" "$(git log --oneline --no-decorate -n 1)"
continue-on-error: ${{ matrix.rust.optional }}
- name: "Note failure of optional steps"
uses: "actions/github-script@v7"
if: ${{ matrix.rust.optional && (steps.gnu_dev_test.outcome != 'success' || steps.musl_dev_test.outcome != 'success' || steps.gnu_release_test.outcome != 'success' || steps.musl_release_test.outcome != 'success' || steps.clippy.outcome != 'success') }}
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
script: |
let body = "### :warning: One or more optional CI steps have failed!\n\n";
body += "_[click here to lament thy folly](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})_"
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
});
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
timeout-minutes: 60
with:
limit-access-to-actor: true
summary:
name: "Summary"
runs-on: "ubuntu-latest"
needs:
- build
if: ${{ always() && needs.build.result != 'skipped' }}
steps:
- name: "Flag any build matrix failures"
if: ${{ needs.build.outputs.result != 'true' }}
run: |
>&2 echo "A critical step failed!"
exit 1