chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 (#83) #184
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build-test-lint: | |
| name: Build/Test/Lint (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Normalize line endings on Windows | |
| if: runner.os == 'Windows' | |
| shell: bash | |
| run: | | |
| git config --local core.autocrlf false | |
| git config --local core.eol lf | |
| git reset --hard HEAD | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # pinned action commit | |
| with: | |
| toolchain: 1.93.1 | |
| components: clippy | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| workspaces: "shim -> target" | |
| - name: Set up protoc | |
| uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 | |
| with: | |
| version: "31.x" | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Verify protoc | |
| run: protoc --version | |
| - name: Build Rust shim (debug) | |
| working-directory: shim | |
| run: cargo build --locked | |
| - name: Run Go tests | |
| shell: pwsh | |
| run: | | |
| $libName = switch ("${{ runner.os }}") { | |
| "Linux" { "libchroma_shim.so" } | |
| "macOS" { "libchroma_shim.dylib" } | |
| "Windows" { "chroma_shim.dll" } | |
| default { throw "Unsupported OS: ${{ runner.os }}" } | |
| } | |
| $env:CHROMA_LIB_PATH = [System.IO.Path]::GetFullPath((Join-Path $env:GITHUB_WORKSPACE "shim/target/debug/$libName")) | |
| Write-Host "CHROMA_LIB_PATH=$env:CHROMA_LIB_PATH" | |
| go test -v ./... | |
| - name: Run Go lint | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: latest | |
| args: --timeout=30m ./... | |
| - name: Run Rust lint | |
| working-directory: shim | |
| run: cargo clippy --locked -- -D warnings | |
| java-jna: | |
| name: Java JNA Smoke (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Normalize line endings on Windows | |
| if: runner.os == 'Windows' | |
| shell: bash | |
| run: | | |
| git config --local core.autocrlf false | |
| git config --local core.eol lf | |
| git reset --hard HEAD | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # pinned action commit | |
| with: | |
| toolchain: 1.93.1 | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| workspaces: "shim -> target" | |
| - name: Set up protoc | |
| uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 | |
| with: | |
| version: "31.x" | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Verify protoc | |
| run: protoc --version | |
| - name: Set up Java 17 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: temurin | |
| java-version: "17" | |
| - name: Set up Gradle | |
| uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1 | |
| - name: Build Rust shim (debug) | |
| working-directory: shim | |
| run: cargo build --locked | |
| - name: Run Java JNA smoke tests | |
| shell: pwsh | |
| run: | | |
| $libName = switch ("${{ runner.os }}") { | |
| "Linux" { "libchroma_shim.so" } | |
| "macOS" { "libchroma_shim.dylib" } | |
| "Windows" { "chroma_shim.dll" } | |
| default { throw "Unsupported OS: ${{ runner.os }}" } | |
| } | |
| $env:CHROMA_LIB_PATH = [System.IO.Path]::GetFullPath((Join-Path $env:GITHUB_WORKSPACE "shim/target/debug/$libName")) | |
| Write-Host "CHROMA_LIB_PATH=$env:CHROMA_LIB_PATH" | |
| Push-Location "$env:GITHUB_WORKSPACE/java" | |
| try { | |
| gradle --no-daemon :jna:test | |
| } finally { | |
| Pop-Location | |
| } | |
| java-panama: | |
| name: Java Panama Smoke (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-latest | |
| - windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Normalize line endings on Windows | |
| if: runner.os == 'Windows' | |
| shell: bash | |
| run: | | |
| git config --local core.autocrlf false | |
| git config --local core.eol lf | |
| git reset --hard HEAD | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # pinned action commit | |
| with: | |
| toolchain: 1.93.1 | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| workspaces: "shim -> target" | |
| - name: Set up protoc | |
| uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # v3.0.0 | |
| with: | |
| version: "31.x" | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Verify protoc | |
| run: protoc --version | |
| - name: Set up Java 22 | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 | |
| with: | |
| distribution: temurin | |
| java-version: "22" | |
| - name: Set up Gradle | |
| uses: gradle/actions/setup-gradle@39e147cb9de83bb9910b8ef8bd7fff0ee20fcd6f # v6.0.1 | |
| - name: Build Rust shim (debug) | |
| working-directory: shim | |
| run: cargo build --locked | |
| - name: Run Java Panama smoke tests | |
| shell: pwsh | |
| run: | | |
| $libName = switch ("${{ runner.os }}") { | |
| "Linux" { "libchroma_shim.so" } | |
| "macOS" { "libchroma_shim.dylib" } | |
| "Windows" { "chroma_shim.dll" } | |
| default { throw "Unsupported OS: ${{ runner.os }}" } | |
| } | |
| $env:CHROMA_LIB_PATH = [System.IO.Path]::GetFullPath((Join-Path $env:GITHUB_WORKSPACE "shim/target/debug/$libName")) | |
| Write-Host "CHROMA_LIB_PATH=$env:CHROMA_LIB_PATH" | |
| Push-Location "$env:GITHUB_WORKSPACE/java" | |
| try { | |
| $maxAttempts = if ("${{ runner.os }}" -eq "Windows") { 3 } else { 1 } | |
| $attempt = 1 | |
| while ($true) { | |
| Write-Host "Running Panama smoke tests (attempt $attempt/$maxAttempts)" | |
| gradle --no-daemon :panama:test | |
| if ($LASTEXITCODE -eq 0) { | |
| break | |
| } | |
| if ($attempt -ge $maxAttempts) { | |
| throw "Panama smoke tests failed after $attempt attempts (exit code $LASTEXITCODE)." | |
| } | |
| Write-Warning "Panama smoke tests failed with exit code $LASTEXITCODE; retrying in 10 seconds." | |
| gradle --stop | Out-Null | |
| Start-Sleep -Seconds 10 | |
| $attempt++ | |
| } | |
| } finally { | |
| Pop-Location | |
| } | |
| - name: Dump Panama crash diagnostics (Windows) | |
| if: failure() && runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| $panamaDir = Join-Path $env:GITHUB_WORKSPACE "java/panama" | |
| $hsErrLogs = Get-ChildItem -Path $panamaDir -Filter "hs_err_pid*.log" -ErrorAction SilentlyContinue | Sort-Object LastWriteTime -Descending | |
| $hsErrDumps = Get-ChildItem -Path $panamaDir -Filter "hs_err_pid*.mdmp" -ErrorAction SilentlyContinue | Sort-Object LastWriteTime -Descending | |
| if ($hsErrLogs.Count -eq 0) { | |
| Write-Host "No hs_err logs found in $panamaDir" | |
| } else { | |
| foreach ($log in $hsErrLogs) { | |
| Write-Host "==== hs_err log: $($log.FullName) ====" | |
| Get-Content $log.FullName -TotalCount 400 | |
| } | |
| } | |
| if ($hsErrDumps.Count -eq 0) { | |
| Write-Host "No mdmp files found in $panamaDir" | |
| } else { | |
| foreach ($dump in $hsErrDumps) { | |
| Write-Host "Found mdmp: $($dump.FullName)" | |
| } | |
| } | |
| $testResultsDir = Join-Path $panamaDir "build/test-results/test" | |
| if (Test-Path $testResultsDir) { | |
| Write-Host "==== test result files in $testResultsDir ====" | |
| Get-ChildItem -Path $testResultsDir -Recurse | Select-Object FullName, Length | |
| } else { | |
| Write-Host "No test results directory found at $testResultsDir" | |
| } | |
| - name: Upload Panama crash artifacts (Windows) | |
| if: failure() && runner.os == 'Windows' | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: panama-windows-crash-artifacts | |
| path: | | |
| java/panama/hs_err_pid*.log | |
| java/panama/hs_err_pid*.mdmp | |
| java/panama/build/test-results/test/** | |
| java/panama/build/reports/tests/test/** | |
| if-no-files-found: warn | |
| api-compat: | |
| name: API Compatibility Check | |
| if: github.event_name == 'pull_request' && github.base_ref == 'main' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: stable | |
| cache: true | |
| - name: Run API compatibility check | |
| run: | | |
| go install golang.org/x/exp/cmd/apidiff@latest | |
| LATEST_TAG=$(git tag -l 'v*' --sort=-v:refname | head -1) | |
| if [ -z "$LATEST_TAG" ]; then | |
| echo "No release tags found -- skipping apidiff" | |
| exit 0 | |
| fi | |
| echo "Comparing against: $LATEST_TAG" | |
| OLD_DIR=$(go mod download -json "github.com/amikos-tech/chroma-go-local@${LATEST_TAG}" | jq -r .Dir) | |
| cd "$OLD_DIR" && apidiff -w /tmp/old.txt github.com/amikos-tech/chroma-go-local | |
| cd "$GITHUB_WORKSPACE" && apidiff -w /tmp/new.txt github.com/amikos-tech/chroma-go-local | |
| echo "## API Diff (vs $LATEST_TAG)" >> "$GITHUB_STEP_SUMMARY" | |
| if apidiff -incompatible /tmp/old.txt /tmp/new.txt > /tmp/diff.txt 2>&1; then | |
| echo "No incompatible changes detected." >> "$GITHUB_STEP_SUMMARY" | |
| else | |
| echo '```' >> "$GITHUB_STEP_SUMMARY" | |
| cat /tmp/diff.txt >> "$GITHUB_STEP_SUMMARY" | |
| echo '```' >> "$GITHUB_STEP_SUMMARY" | |
| echo "::warning::API changes detected vs $LATEST_TAG - review step summary" | |
| fi | |
| exit 0 |