chore(deps): lock file maintenance #3458
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
permissions: | |
contents: read | |
checks: write | |
pull-requests: write | |
issues: write | |
packages: write | |
env: | |
CARGO_TERM_COLOR: always | |
# Use docker.io for Docker Hub if empty | |
REGISTRY: ghcr.io | |
# github.repository as <account>/<repo> | |
IMAGE_NAME: ${{ github.repository }} | |
# just a name, but storing it separately as we're nice people | |
DOCKER_IMAGE_ARTIFACT_NAME: Docker image | |
DOCKER_IMAGE_OUTPUT_LOCATION: /tmp | |
DOCKER_IMAGE_TAR_LOCATION: /tmp/docker-image.tar # notice /tmp same as DOCKER_IMAGE_OUTPUT_LOCATION | |
concurrency: | |
# each new commit to a PR runs this workflow | |
# so we need to avoid a long running older one from overwriting the 'pr-<number>-latest' | |
group: "${{ github.workflow }} @ ${{ github.ref_name }}" | |
cancel-in-progress: true | |
jobs: | |
changes: | |
name: Detect changes | |
runs-on: ubuntu-latest | |
outputs: | |
code: ${{ steps.filter.outputs.code }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Check if we actually made changes | |
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: filter | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
filters: .github/file-filters.yml | |
calculate-version: | |
name: Calculate version | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
outputs: | |
version: ${{ steps.version.outputs.nextversion }} | |
if: | | |
(github.event_name == 'pull_request' && needs.changes.outputs.code == 'true') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
- name: Cache dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
env: | |
CACHE_NAME: cargo-cache-dependencies | |
with: | |
path: | | |
~/.cargo | |
./target | |
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-cocogitto | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}- | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}- | |
- name: Set up toolchain | |
shell: bash | |
run: | | |
rm ${HOME}/.cargo/bin/rustfmt | |
rm ${HOME}/.cargo/bin/cargo-fmt | |
rustup update | |
cargo --version | |
- name: Get binstall | |
shell: bash | |
run: | | |
cd /tmp | |
archive="cargo-binstall-x86_64-unknown-linux-musl.tgz" | |
wget "https://github.com/cargo-bins/cargo-binstall/releases/latest/download/${archive}" | |
tar -xvf "./${archive}" | |
rm "./${archive}" | |
mv ./cargo-binstall ~/.cargo/bin/ | |
- name: Install cocogitto to get the next version number | |
shell: bash | |
run: | | |
cargo binstall --no-confirm cocogitto --target x86_64-unknown-linux-musl --pkg-url "{ repo }/releases/download/{ version }/{ name }-{ version }-{ target }.tar.gz" --bin-dir "{ bin }" --pkg-fmt tgz | |
- name: Calculate next version | |
id: version | |
shell: bash | |
run: | | |
# no dry run yet, so fake it until we make it | |
git config --global user.name "fake" | |
git config --global user.email "[email protected]" | |
cog bump --auto | |
VERSION="$(git describe --tags "$(git rev-list --tags --max-count=1)")" | |
VERSION="${VERSION//v/}" | |
echo ::set-output name=nextversion::"$VERSION" | |
cargo-build: | |
name: Cargo build | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
if: | | |
(github.event_name == 'pull_request' && needs.changes.outputs.code == 'true') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Cache dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
env: | |
CACHE_NAME: cargo-cache-dependencies | |
with: | |
path: | | |
~/.cargo | |
./target | |
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-build | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}- | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}- | |
- name: Set up toolchain | |
shell: bash | |
run: | | |
rm ${HOME}/.cargo/bin/rustfmt | |
rm ${HOME}/.cargo/bin/cargo-fmt | |
rustup update | |
cargo --version | |
- name: Build | |
shell: bash | |
run: | | |
cargo build --all-targets --workspace --verbose | |
cargo-fmt: | |
name: Cargo fmt | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
if: | | |
(github.event_name == 'pull_request' && needs.changes.outputs.code == 'true') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Cache dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
env: | |
CACHE_NAME: cargo-cache-dependencies | |
with: | |
path: | | |
~/.cargo | |
./target | |
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-fmt | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}- | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}- | |
- name: Set up toolchain | |
shell: bash | |
run: | | |
rm ${HOME}/.cargo/bin/rustfmt | |
rm ${HOME}/.cargo/bin/cargo-fmt | |
rustup update | |
cargo --version | |
- name: Check formatting | |
shell: bash | |
run: | | |
cargo fmt --all -- --check --verbose | |
cargo-test-and-report: | |
name: Cargo test (and report) | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
if: | | |
(needs.changes.outputs.code == 'true') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Cache dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
env: | |
CACHE_NAME: cargo-cache-dependencies | |
with: | |
path: | | |
~/.cargo | |
./target | |
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-test | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}- | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}- | |
- name: Set up toolchain | |
shell: bash | |
run: | | |
rm ${HOME}/.cargo/bin/rustfmt | |
rm ${HOME}/.cargo/bin/cargo-fmt | |
rustup update | |
cargo --version | |
- name: Install llvm-tools-preview | |
shell: bash | |
run: | | |
rustup component add llvm-tools-preview | |
- name: Get binstall | |
shell: bash | |
run: | | |
archive="cargo-binstall-x86_64-unknown-linux-musl.tgz" | |
wget "https://github.com/ryankurte/cargo-binstall/releases/latest/download/${archive}" | |
tar -xvf "./${archive}" | |
rm "./${archive}" | |
mv ./cargo-binstall ~/.cargo/bin/ | |
- name: Install nextest, custom test runner, with native support for junit | |
shell: bash | |
run: | | |
cargo binstall --no-confirm cargo-nextest; | |
- name: Install grcov | |
shell: bash | |
run: | | |
cargo binstall --no-confirm grcov --pkg-url "{ repo }/releases/download/v{ version }/{ name }-{ target }.tar.bz2" --pkg-fmt tbz2 --bin-dir "{ bin }"; | |
- name: Build with instrumentation support | |
shell: bash | |
env: | |
RUSTFLAGS: "-C instrument-coverage" | |
run: | | |
cargo build --all-targets --workspace --verbose | |
- name: Run nextest | |
shell: bash | |
id: tests | |
env: | |
RUSTFLAGS: "-C instrument-coverage" | |
LLVM_PROFILE_FILE: "profiling/profile-%p-%m.profraw" | |
run: | | |
cargo nextest run --profile ci --no-fail-fast --all-targets --workspace | |
continue-on-error: true | |
- name: Upload test results | |
uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 | |
with: | |
check_name: Test results | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
junit_files: reports/results.xml | |
- name: Run grcov | |
shell: bash | |
run: | | |
grcov $(find profiling -name "profile-*.profraw" -print) --source-dir . --binary-path ./target/debug/ --output-type lcov --branch --ignore-not-existing --llvm --keep-only 'src/**' --keep-only 'tests/**' --output-path ./reports/lcov.info | |
- name: Upload to CodeCov | |
uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
directory: reports | |
fail_ci_if_error: true | |
- name: Setup Code Climate Test Reporter | |
shell: bash | |
run: | | |
# download test reporter as a static binary | |
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter | |
chmod +x ./cc-test-reporter | |
- name: Run Code Climate Test Reporter | |
shell: bash | |
env: | |
CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}} | |
run: | | |
./cc-test-reporter format-coverage reports/lcov.info --input-type lcov --output reports/codeclimate.json | |
./cc-test-reporter upload-coverage --input reports/codeclimate.json | |
- name: Fail if tests failed | |
shell: bash | |
if: steps.tests.outcome != 'success' | |
run: | | |
# the test reporter we use (or any for that matter) | |
# all show a report. But we cannot depend on that report because | |
# we don't know which subsection it belongs in GitHub | |
# so we explicitly fail this one | |
# which will fail All Done | |
exit 1; | |
cargo-clippy-and-report: | |
name: Cargo clippy (and report) | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
if: | | |
(github.event_name == 'pull_request' && needs.changes.outputs.code == 'true') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Cache dependencies | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
env: | |
CACHE_NAME: cargo-cache-dependencies | |
with: | |
path: | | |
~/.cargo | |
./target | |
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-clippy | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}- | |
${{ runner.os }}-build-${{ env.CACHE_NAME }}- | |
- name: Set up toolchain | |
shell: bash | |
run: | | |
rm ${HOME}/.cargo/bin/rustfmt | |
rm ${HOME}/.cargo/bin/cargo-fmt | |
rustup update | |
cargo --version | |
- name: Run Clippy for GitHub Actions report | |
uses: actions-rs/clippy-check@b5b5f21f4797c02da247df37026fcd0a5024aa4d # tag=v1.0.7 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --workspace --all-targets --all-features -- --deny clippy::all --deny clippy::pedantic --deny clippy::cargo | |
name: Clippy report | |
docker-build: | |
name: Build Docker container | |
runs-on: ubuntu-latest | |
needs: | |
- calculate-version | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set the Cargo.toml version before we copy in the data into the Docker container | |
shell: bash | |
run: | | |
./.github/scripts/update-version.sh ${{ needs.calculate-version.outputs.version }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
# TODO validate no changes between github.event.pull_request.head.sha and the actual current sha (representing the hypothetical merge) | |
# Extract metadata (tags, labels) for Docker | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=ref,event=pr,suffix=-latest | |
type=raw,value=pr-${{ github.event.pull_request.base.sha }}-${{ github.event.pull_request.head.sha }} | |
labels: | | |
org.opencontainers.image.version=pr-${{ github.event.number }} | |
org.opencontainers.image.source=${{ github.event.pull_request.html_url }} | |
- name: Log into registry ${{ env.REGISTRY }} | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Lowercase the image name | |
shell: bash | |
run: | | |
echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV} | |
- name: Build Docker image | |
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 | |
with: | |
context: . | |
# this container is THE PR's artifact, and we will re-tag it | |
# once the PR has been accepted | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache | |
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max | |
outputs: type=docker,dest=${{ env.DOCKER_IMAGE_TAR_LOCATION }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
with: | |
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }} | |
path: ${{ env.DOCKER_IMAGE_TAR_LOCATION }} | |
docker-publish: | |
name: Publish Docker container | |
runs-on: ubuntu-latest | |
needs: | |
- cargo-build | |
- cargo-fmt | |
- cargo-test-and-report | |
- cargo-clippy-and-report | |
- docker-build | |
if: ${{ github.repository == 'kuchosauronad0/rust-triangle' && github.event_name == 'pull_request' }} | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
- name: Download artifact | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }} | |
path: ${{ env.DOCKER_IMAGE_OUTPUT_LOCATION }} | |
- name: Log into registry ${{ env.REGISTRY }} | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Load image from artifact | |
shell: bash | |
run: | | |
docker load --input ${{ env.DOCKER_IMAGE_TAR_LOCATION }} | |
- name: Push image with all tags | |
shell: bash | |
run: | | |
docker push ${REGISTRY,,}/${IMAGE_NAME,,} --all-tags | |
all-done: | |
name: All done | |
# this is the job that should be marked as required on GitHub. It's the only one that'll reliably trigger | |
# when any upstream fails: success | |
# when all upstream skips: pass | |
# when all upstream success: success | |
# combination of upstream skip and success: success | |
runs-on: ubuntu-latest | |
needs: | |
- calculate-version | |
- cargo-build | |
- cargo-fmt | |
- cargo-clippy-and-report | |
- cargo-test-and-report | |
- docker-build | |
- docker-publish | |
if: ${{ always() }} | |
steps: | |
- name: Fail! | |
shell: bash | |
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
run: | | |
echo "One / more upstream failed or was cancelled. Failing job..." | |
exit 1 | |
- name: Success! | |
shell: bash | |
run: | | |
echo "Great success!" |