Update Rust crate aws-ip-ranges to v0.1495.0 (#12197) #26739
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| pull_request: | |
| permissions: {} | |
| concurrency: | |
| group: ci-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| # renovate: datasource=crate depName=cargo-deny versioning=semver | |
| CARGO_DENY_VERSION: 0.18.5 | |
| # renovate: datasource=github-releases depName=cargo-insta lookupName=mitsuhiko/insta versioning=semver | |
| CARGO_INSTA_VERSION: 1.43.2 | |
| # renovate: datasource=crate depName=cargo-machete versioning=semver | |
| CARGO_MACHETE_VERSION: 0.9.1 | |
| # renovate: datasource=github-releases depName=shssoichiro/oxipng versioning=semver | |
| OXIPNG_VERSION: 9.1.5 | |
| # renovate: datasource=npm depName=pnpm | |
| PNPM_VERSION: 10.19.0 | |
| # renovate: datasource=github-releases depName=typst/typst versioning=semver | |
| TYPST_VERSION: 0.13.1 | |
| # renovate: datasource=pypi depName=zizmor | |
| ZIZMOR_VERSION: 1.16.0 | |
| jobs: | |
| changed-files: | |
| name: Changed Files | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| # This is needed to get the commit history for the changed-files action | |
| # (see https://github.com/tj-actions/changed-files/blob/v46.0.5/README.md#usage-) | |
| fetch-depth: 0 | |
| - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 | |
| id: changed-files-non-js | |
| with: | |
| files_ignore: | | |
| app/** | |
| e2e/** | |
| packages/** | |
| public/** | |
| tests/** | |
| eslint.config.mjs | |
| .template-lintrc.js | |
| ember-cli-build.js | |
| package.json | |
| pnpm-lock.yaml | |
| testem.js | |
| - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 | |
| id: changed-files-non-rust | |
| with: | |
| files_ignore: | | |
| crates/** | |
| migrations/** | |
| src/** | |
| build.rs | |
| Cargo.lock | |
| Cargo.toml | |
| rust-toolchain.toml | |
| - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 | |
| id: changed-files-rust-lockfile | |
| with: | |
| files: Cargo.lock | |
| - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 | |
| id: changed-files-ci | |
| with: | |
| files: .github/workflows/** | |
| outputs: | |
| non-js: ${{ steps.changed-files-non-js.outputs.any_modified }} | |
| non-rust: ${{ steps.changed-files-non-rust.outputs.any_modified }} | |
| rust-lockfile: ${{ steps.changed-files-rust-lockfile.outputs.any_modified }} | |
| ci: ${{ steps.changed-files-ci.outputs.any_modified }} | |
| percy-nonce: | |
| name: Frontend / Percy Nonce | |
| runs-on: ubuntu-latest | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| # persist job results to other jobs in the workflow | |
| outputs: | |
| nonce: ${{ steps.percy-nonce.outputs.nonce }} | |
| steps: | |
| # persist step results to other steps in the job | |
| - id: percy-nonce | |
| # adding a timestamp makes the nonce more unique for re-runs | |
| run: echo "nonce=${{ github.run_id }}-$(date +%s)" >> $GITHUB_OUTPUT | |
| backend-lint: | |
| name: Backend / Lint | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-js == 'true' | |
| env: | |
| RUSTFLAGS: "-D warnings" | |
| RUSTDOCFLAGS: "-D warnings" | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - run: rustup component add rustfmt | |
| - run: rustup component add clippy | |
| - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - run: cargo fmt --check --all | |
| - run: cargo clippy --all-targets --all-features --workspace | |
| - run: cargo doc --no-deps --document-private-items | |
| backend-deps: | |
| name: Backend / dependencies | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: github.event_name != 'pull_request' || needs.changed-files.outputs.rust-lockfile == 'true' | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - run: cargo install cargo-deny --vers ${CARGO_DENY_VERSION} | |
| - run: cargo deny check | |
| - run: cargo install cargo-machete --vers ${CARGO_MACHETE_VERSION} | |
| - run: cargo machete | |
| backend-test: | |
| name: Backend / Test | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-js == 'true' | |
| env: | |
| RUST_BACKTRACE: 1 | |
| TEST_DATABASE_URL: postgres://postgres:postgres@localhost/postgres | |
| RUSTFLAGS: "-D warnings -Cinstrument-coverage" | |
| MALLOC_CONF: "background_thread:true,abort_conf:true,abort:true,junk:true" | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| # Remove the Android SDK to free up space | |
| - run: sudo rm -rf /usr/local/lib/android | |
| - name: Install Typst | |
| run: | | |
| wget -q "https://github.com/typst/typst/releases/download/v${TYPST_VERSION}/typst-x86_64-unknown-linux-musl.tar.xz" | |
| tar -xf "typst-x86_64-unknown-linux-musl.tar.xz" | |
| sudo mv "typst-x86_64-unknown-linux-musl/typst" /usr/local/bin/ | |
| rm -rf "typst-x86_64-unknown-linux-musl" "typst-x86_64-unknown-linux-musl.tar.xz" | |
| typst --version | |
| - name: Install oxipng | |
| run: | | |
| wget -q "https://github.com/shssoichiro/oxipng/releases/download/v${OXIPNG_VERSION}/oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz" | |
| tar -xf "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz" | |
| sudo mv "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl/oxipng" /usr/local/bin/ | |
| rm -rf "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl" "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz" | |
| oxipng --version | |
| - name: Download Fira Sans font | |
| run: | | |
| wget -q "https://github.com/mozilla/Fira/archive/4.202.zip" | |
| unzip -q "4.202.zip" | |
| - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - name: Install cargo-insta | |
| run: curl -LsSf https://github.com/mitsuhiko/insta/releases/download/${CARGO_INSTA_VERSION}/cargo-insta-installer.sh | sh | |
| - run: sudo systemctl start postgresql.service | |
| - run: sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'" | |
| - run: cargo fetch --locked | |
| - run: cargo build --tests --workspace | |
| - run: cargo insta test --require-full-match --unreferenced=reject --workspace | |
| env: | |
| # Set the path to the Fira Sans font for Typst. | |
| TYPST_FONT_PATH: ${{ github.workspace }}/Fira-4.202/otf | |
| frontend-lint: | |
| name: Frontend / Lint | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - run: pnpm lint:hbs | |
| - run: pnpm lint:js | |
| - run: pnpm lint:deps | |
| - run: pnpm prettier:check | |
| frontend-test: | |
| name: Frontend / Test | |
| runs-on: ubuntu-24.04 | |
| needs: [changed-files, percy-nonce] | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| env: | |
| JOBS: 1 # See https://git.io/vdao3 for details. | |
| # Percy secrets are included here to enable Percy's GitHub integration | |
| # on community-submitted PRs | |
| PERCY_TOKEN: web_0a783d8086b6f996809f3e751d032dd6d156782082bcd1423b9b860113c75054 | |
| PERCY_PARALLEL_NONCE: ${{ needs.percy-nonce.outputs.nonce }} | |
| PERCY_PARALLEL_TOTAL: 2 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - if: github.repository == 'rust-lang/crates.io' | |
| run: pnpm percy exec --parallel -- pnpm test | |
| - if: github.repository != 'rust-lang/crates.io' | |
| run: pnpm test | |
| msw-test: | |
| name: Frontend / Test (@crates-io/msw) | |
| runs-on: ubuntu-24.04 | |
| needs: [changed-files] | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - run: pnpm --filter "@crates-io/msw" test | |
| e2e-test: | |
| name: Frontend / Test (playwright) | |
| runs-on: ubuntu-24.04 | |
| needs: [changed-files, percy-nonce] | |
| timeout-minutes: 60 | |
| if: needs.changed-files.outputs.non-rust == 'true' | |
| env: | |
| JOBS: 1 # See https://git.io/vdao3 for details. | |
| # Percy secrets are included here to enable Percy's GitHub integration | |
| # on community-submitted PRs | |
| PERCY_TOKEN: web_0a783d8086b6f996809f3e751d032dd6d156782082bcd1423b9b860113c75054 | |
| PERCY_PARALLEL_NONCE: ${{ needs.percy-nonce.outputs.nonce }} | |
| PERCY_PARALLEL_TOTAL: 2 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| cache: pnpm | |
| node-version-file: package.json | |
| - run: pnpm install | |
| - run: pnpm playwright install chromium | |
| - if: github.repository == 'rust-lang/crates.io' | |
| run: pnpm percy exec --parallel -- pnpm e2e | |
| - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: playwright-report | |
| path: playwright-report/ | |
| retention-days: 14 | |
| zizmor: | |
| name: CI / Lint | |
| runs-on: ubuntu-24.04 | |
| needs: changed-files | |
| if: needs.changed-files.outputs.ci == 'true' | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1 | |
| - run: uvx zizmor@${ZIZMOR_VERSION} --format=sarif . > results.sarif | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0 | |
| with: | |
| sarif_file: results.sarif | |
| category: zizmor |