chore(deps): Update Rust crate chrono to v0.4.45 #2523
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| merge_group: | |
| workflow_call: | |
| inputs: | |
| environment: | |
| description: The GitHub environment to use | |
| type: string | |
| default: dev | |
| skip-tests: | |
| description: Whether to skip tests | |
| type: boolean | |
| default: false | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| build: | |
| environment: | |
| # Only deploy when calling this workflow via pushes to main or releases | |
| # Otherwise, pull requests will be cluttered with deployment messages | |
| deployment: ${{ github.event_name == 'workflow_call' }} | |
| name: ${{ inputs.environment || 'dev' }} | |
| name: Build (${{ matrix.os }}) | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| permissions: | |
| id-token: write # Required to authenticate with Azure via OIDC | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: [ubuntu-latest, ubuntu-24.04-arm, macos-latest, windows-latest] | |
| defaults: | |
| run: | |
| # Use native shells unless bash is necessary. | |
| # Prefer PowerShell 5 on Windows since this is the default version. | |
| shell: ${{ startsWith(matrix.os, 'windows-') && 'powershell' || 'bash' }} | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Configure git for private repos | |
| env: | |
| REPO_TOKEN: ${{ secrets.PRIVATE_REPO_TOKEN }} | |
| run: | | |
| git config --global url."https://x-access-token:${REPO_TOKEN}@github.com/".insteadOf "https://github.com/" | |
| git config --global --add url."https://x-access-token:${REPO_TOKEN}@github.com/".insteadOf "ssh://git@github.com/" | |
| mkdir -p ~/.cargo && echo -e '[net]\ngit-fetch-with-cli = true' >> ~/.cargo/config.toml | |
| shell: bash | |
| - name: Hash SENTRY_DSN for cache key | |
| id: dsn-hash | |
| run: echo "hash=$(echo -n "$SENTRY_DSN" | shasum -a 256 | cut -c1-16)" >> "$GITHUB_OUTPUT" | |
| shell: bash | |
| - name: Cache Cargo registry and build | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| # Include a hash of SENTRY_DSN so cached artifacts are invalidated | |
| # when the DSN changes (build.rs embeds it at compile time). | |
| key: cargo-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-dsn-${{ steps.dsn-hash.outputs.hash }} | |
| - name: Set up ana with pixi | |
| uses: ./.github/actions/setup-ana | |
| with: | |
| ana-version: v0.1.6 | |
| tools: pixi | |
| - name: Run unit tests | |
| if: ${{ !inputs.skip-tests }} | |
| env: | |
| RUST_BACKTRACE: 1 | |
| run: pixi run test-release | |
| - name: Pre-compile shim for signing (Windows) | |
| if: ${{ runner.os == 'Windows' }} | |
| run: pixi run build-shim | |
| - name: Sign shim (Windows) | |
| if: ${{ runner.os == 'Windows' }} | |
| id: sign-shim | |
| uses: ./.github/actions/sign-windows | |
| with: | |
| binary-path: target/shim/shim.exe | |
| vault-approle-path: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_PATH }} | |
| # Created by CORE-10231 | |
| vault-cf-client-id: ${{ secrets.CF_ANACONDA_CLI_CLIENT_ID }} | |
| vault-cf-client-secret: ${{ secrets.CF_ANACONDA_CLI_CLIENT_SECRET }} | |
| vault-role-id: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_ROLE_ID }} | |
| vault-secret-id: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_SECRET_ID }} | |
| vault-mount: ${{ inputs.environment || 'dev' }} | |
| vault-url: ${{ secrets.EXT_VAULT_ADDR }} | |
| - name: Build release binary | |
| env: | |
| WINDOWS_SHIM_PATH: ${{ runner.os == 'Windows' && 'target/shim/shim.exe' || '' }} | |
| run: pixi run build-release | |
| - name: Sign binary (Windows) | |
| if: ${{ runner.os == 'Windows' }} | |
| id: sign-windows | |
| uses: ./.github/actions/sign-windows | |
| with: | |
| binary-path: target/release/ana.exe | |
| vault-approle-path: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_PATH }} | |
| # Created by CORE-10231 | |
| vault-cf-client-id: ${{ secrets.CF_ANACONDA_CLI_CLIENT_ID }} | |
| vault-cf-client-secret: ${{ secrets.CF_ANACONDA_CLI_CLIENT_SECRET }} | |
| vault-role-id: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_ROLE_ID }} | |
| vault-secret-id: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_SECRET_ID }} | |
| vault-mount: ${{ inputs.environment || 'dev' }} | |
| vault-url: ${{ secrets.EXT_VAULT_ADDR }} | |
| - name: Sign and notarize binary (macOS) | |
| if: ${{ runner.os == 'macOS' }} | |
| id: sign-notarize-macos | |
| uses: ./.github/actions/sign-notarize-macos | |
| with: | |
| binary-path: target/release/ana | |
| vault-approle-path: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_PATH }} | |
| # Created by CORE-10231 | |
| vault-cf-client-id: ${{ secrets.CF_ANACONDA_CLI_CLIENT_ID }} | |
| vault-cf-client-secret: ${{ secrets.CF_ANACONDA_CLI_CLIENT_SECRET }} | |
| vault-role-id: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_ROLE_ID }} | |
| vault-secret-id: ${{ secrets.VAULT_ANACONDA_CLI_APPROLE_SECRET_ID }} | |
| vault-mount: ${{ inputs.environment || 'dev' }} | |
| vault-url: ${{ secrets.EXT_VAULT_ADDR }} | |
| - name: Run integration tests | |
| if: ${{ !inputs.skip-tests }} | |
| env: | |
| ANA_SENTRY_ENVIRONMENT: integration-test | |
| # Disable Sentry for pre-merge builds (PRs, merge queue) to avoid polluting error tracking | |
| ANA_SENTRY_DISABLED: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} | |
| # API key for tests requiring real authentication (pixi, uv, pip feature tests) | |
| ANA_TEST_API_KEY: ${{ secrets.ANA_TEST_API_KEY }} | |
| CERTIFICATE_TRUSTED: ${{ inputs.environment == 'prod' }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MACOS_CERTIFICATE_FINGERPRINT: ${{ steps.sign-notarize-macos.outputs.fingerprint }} | |
| MACOS_DEVELOPER_ID: ${{ steps.sign-notarize-macos.outputs.developer-id }} | |
| WINDOWS_CERTIFICATE_FINGERPRINT: ${{ steps.sign-windows.outputs.fingerprint }} | |
| run: pixi run test-integration | |
| - name: Build conda package | |
| run: pixi run build-conda | |
| - name: Upload conda package | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: conda-package-${{ matrix.os }} | |
| path: output/ | |
| retention-days: 7 | |
| - name: Upload binary | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: binary-${{ matrix.os }} | |
| path: target/release/ana${{ matrix.os == 'windows-latest' && '.exe' || '' }} | |
| retention-days: 7 | |
| check: | |
| name: Check | |
| if: always() | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Decide whether all jobs succeeded | |
| uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 | |
| with: | |
| jobs: ${{ toJSON(needs) }} |