CI / PR 13 #112
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| run-name: CI / ${{ github.event_name == 'pull_request' && format('PR {0}', github.event.pull_request.number) || github.ref_name }} | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| PREK_VERSION: 0.3.10 | |
| CARGO_HACK_VERSION: 0.6.44 | |
| RUST_CACHE_SAVE_IF: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
| jobs: | |
| scope: | |
| name: Determine changed surfaces | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| outputs: | |
| repo: ${{ steps.scope.outputs.repo }} | |
| rust: ${{ steps.scope.outputs.rust }} | |
| examples: ${{ steps.scope.outputs.examples }} | |
| package: ${{ steps.scope.outputs.package }} | |
| assets: ${{ steps.scope.outputs.assets }} | |
| ci: ${{ steps.scope.outputs.ci }} | |
| docs: ${{ steps.scope.outputs.docs }} | |
| docs_only: ${{ steps.scope.outputs.docs_only }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Classify changed paths | |
| id: scope | |
| env: | |
| BASE_SHA: ${{ github.event.pull_request.base.sha || github.event.before }} | |
| HEAD_SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: scripts/ci-scope.sh "$BASE_SHA" "$HEAD_SHA" | |
| repo-hygiene: | |
| name: Repository hygiene | |
| needs: scope | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| components: rustfmt | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| tools: prek@${{ env.PREK_VERSION }} | |
| - name: Validate repository hygiene | |
| run: scripts/validate.sh repo | |
| - name: Verify asset inputs | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.assets == 'true' || needs.scope.outputs.package == 'true' || needs.scope.outputs.ci == 'true' }} | |
| run: scripts/validate.sh artifacts | |
| workflow-lint: | |
| name: Workflow lint | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.ci == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Lint GitHub Actions workflows | |
| uses: raven-actions/actionlint@205b530c5d9fa8f44ae9ed59f341a0db994aa6f8 | |
| - name: Audit GitHub Actions workflows | |
| uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e | |
| with: | |
| advanced-security: false | |
| config: .github/zizmor.yml | |
| inputs: .github/workflows .github/actions | |
| min-severity: medium | |
| persona: auditor | |
| version: 1.24.1 | |
| rust-lint: | |
| name: Rust lint | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.rust == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| components: clippy | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Validate lint gates | |
| run: scripts/validate.sh lint | |
| rust-tests: | |
| name: Rust tests | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.rust == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 90 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Validate test gates | |
| run: scripts/validate.sh test | |
| runtime-targets: | |
| name: Select runtime AOT targets | |
| needs: scope | |
| if: ${{ needs.scope.outputs.rust == 'true' && needs.scope.outputs.assets != 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| outputs: | |
| matrix: ${{ steps.targets.outputs.matrix }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Build target matrix | |
| id: targets | |
| run: cargo run --quiet -p xtask -- assets ci-matrix --github-output >> "$GITHUB_OUTPUT" | |
| runtime-aot-tests: | |
| name: Runtime AOT smoke / ${{ matrix.target }} | |
| needs: | |
| - scope | |
| - runtime-targets | |
| if: ${{ needs.scope.outputs.rust == 'true' && needs.scope.outputs.assets != 'true' }} | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 180 | |
| permissions: | |
| contents: read | |
| actions: read | |
| defaults: | |
| run: | |
| shell: bash | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.runtime-targets.outputs.matrix) }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Download compatible runtime artifacts | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AOT_TARGET: ${{ matrix.target }} | |
| run: | | |
| cargo run -p xtask -- assets download \ | |
| --latest-compatible \ | |
| --target-triple "$AOT_TARGET" | |
| - name: Check target AOT crate | |
| env: | |
| AOT_PACKAGE: ${{ matrix.package }} | |
| run: cargo check -p "$AOT_PACKAGE" --locked | |
| - name: Run runtime tests against target AOT | |
| run: scripts/validate.sh runtime-smoke | |
| asset-status: | |
| name: Wait for same-SHA Assets | |
| needs: scope | |
| if: ${{ needs.scope.outputs.assets == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 360 | |
| permissions: | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Wait for successful same-SHA Assets workflow | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| ASSET_SHA: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| args=() | |
| while IFS= read -r artifact; do | |
| args+=(--artifact "$artifact") | |
| done < <(cargo run --quiet -p xtask -- assets ci-artifacts) | |
| bash .github/scripts/require-workflow-success.sh Assets "$ASSET_SHA" 21000 "${args[@]}" | |
| examples: | |
| name: Examples | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.examples == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Install Tauri Linux dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libayatana-appindicator3-dev \ | |
| libssl-dev \ | |
| libwebkit2gtk-4.1-dev \ | |
| librsvg2-dev \ | |
| patchelf \ | |
| pkg-config | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| cache-workspaces: | | |
| . -> target | |
| examples/tauri-sqlx-vanilla/src-tauri -> target | |
| - name: Install Node.js | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| cache-dependency-path: examples/tauri-sqlx-vanilla/package-lock.json | |
| - name: Validate examples | |
| run: scripts/validate.sh examples | |
| package: | |
| name: Package checks | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.package == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Validate package checks | |
| run: scripts/validate.sh package | |
| feature-powerset: | |
| name: Feature powerset | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.rust == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| tools: cargo-hack@${{ env.CARGO_HACK_VERSION }} | |
| - name: Check feature combinations | |
| run: scripts/validate.sh feature-powerset | |
| semver: | |
| name: Public API compatibility | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.package == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Set up Rust tooling | |
| uses: ./.github/actions/setup-rust-tools | |
| with: | |
| cache-save-if: ${{ env.RUST_CACHE_SAVE_IF }} | |
| - name: Check semver compatibility | |
| uses: obi1kenobi/cargo-semver-checks-action@6b69fcf40e9b5fb17adeb57e4b6ecd020649a239 | |
| supply-chain: | |
| name: Supply chain | |
| needs: scope | |
| if: ${{ github.event_name == 'push' || needs.scope.outputs.rust == 'true' || needs.scope.outputs.ci == 'true' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| with: | |
| persist-credentials: false | |
| - name: Check dependency policy | |
| uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb | |
| required: | |
| name: Required checks | |
| if: always() | |
| needs: | |
| - scope | |
| - repo-hygiene | |
| - workflow-lint | |
| - rust-lint | |
| - rust-tests | |
| - runtime-targets | |
| - runtime-aot-tests | |
| - asset-status | |
| - examples | |
| - package | |
| - feature-powerset | |
| - semver | |
| - supply-chain | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Fail if any required job failed | |
| if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
| run: exit 1 | |
| - name: All required jobs passed | |
| run: echo "All required CI jobs passed or were intentionally skipped." |