fix(rsky-pds): clone exact PR commit so new workspace members are included #558

Workflow file for this run

	name: Rust CI

	on:
	push:
	branches: [main]
	pull_request:
	paths:
	- '.github/scripts/determine-workspace-members.sh'
	- '.github/scripts/determine-dockerfiles.sh'
	- '.github/workflows/rust.yml'
	- 'rsky/*' # Matches any directory starting with "rsky"
	- 'Cargo.toml' # Base workspace configuration
	- 'Cargo.lock' # Dependency lock file
	- 'rust-toolchain'
	# Add other important base paths as needed
	permissions:
	packages: write
	contents: write
	attestations: write
	id-token: write


	env:
	PDS_EMAIL_FROM_ADDRESS: "noreply@blacksky.app"
	PDS_EMAIL_FROM_NAME: "noreply"
	PDS_MODERATION_EMAIL_FROM_NAME: "noreply"
	PDS_MODERATION_EMAIL_FROM_ADDRESS: "noreply@blacksky.app"
	PDS_HOSTNAME: "rsky.com"
	PDS_SERVICE_DID: "did:web:localho.st"
	PDS_SERVICE_HANDLE_DOMAINS: ".rsky.com"
	PDS_ADMIN_PASS: 3ed1c7b568d3328c44430add531a099f
	PDS_JWT_KEY_K256_PRIVATE_KEY_HEX: 9d5907143471e8f0e8df0f8b9512a8c5377878ee767f18fcf961055ecfc071cd
	# PDS_ADMIN_PASS: ${{ secrets.PDS_ADMIN_PASS }}
	# PDS_JWT_KEY_K256_PRIVATE_KEY_HEX: ${{ secrets.PDS_JWT_KEY_K256_PRIVATE_KEY_HEX }}
	PDS_MAILGUN_API_KEY: ${{ secrets.PDS_MAILGUN_API_KEY }}
	PDS_MAILGUN_DOMAIN: ${{ secrets.PDS_MAILGUN_DOMAIN }}
	#PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${{ secrets.PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX }}
	#PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX: ${{ secrets.PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX }}
	PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: fb478b39dd2ddf84bef135dd60f90381903eefadbb9df4b18a2b9b174ae72582
	PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX: 71cfcf4882a6cff494c3d0affadd3858eb3a5838e7b5e15170e696a590a4fa01
	# Docker build configuration
	REGISTRY: ghcr.io
	ORGANIZATION: blacksky-algorithms

	jobs:
	# First determine which workspace members need to be processed
	determine-workspace-members:
	runs-on: ubuntu-latest
	outputs:
	workspace_members: ${{ steps.set-members.outputs.workspace_members }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Fetch all history to properly check changes

	- name: Make script executable
	run: chmod +x .github/scripts/determine-workspace-members.sh

	- name: Set workspace members
	id: set-members
	env:
	GITHUB_EVENT_NAME: ${{ github.event_name }}
	PR_BASE_SHA: ${{ github.event.pull_request.base.sha \|\| github.event.before }}
	PR_HEAD_SHA: ${{ github.event.pull_request.head.sha \|\| github.sha }}
	run: .github/scripts/determine-workspace-members.sh
	shell: bash

	# Determine which Dockerfiles need to be processed
	determine-dockerfiles:
	runs-on: ubuntu-latest
	outputs:
	dockerfiles: ${{ steps.set-dockerfiles.outputs.dockerfiles }}
	is_fork: ${{ steps.set-dockerfiles.outputs.is_fork }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Fetch all history to properly check changes

	- name: Make script executable
	run: chmod +x .github/scripts/determine-dockerfiles.sh

	- name: Set dockerfiles
	id: set-dockerfiles
	env:
	GITHUB_EVENT_NAME: ${{ github.event_name }}
	PR_BASE_SHA: ${{ github.event.pull_request.base.sha \|\| github.event.before }}
	PR_HEAD_SHA: ${{ github.event.pull_request.head.sha \|\| github.sha }}
	PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }}
	run: .github/scripts/determine-dockerfiles.sh
	shell: bash

	# Parallel check job for each package
	check:
	needs: determine-workspace-members
	runs-on: ubuntu-latest
	if: ${{ needs.determine-workspace-members.outputs.workspace_members != '[]' }}
	strategy:
	fail-fast: false
	matrix:
	package: ${{ fromJson(needs.determine-workspace-members.outputs.workspace_members) }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Rust Cache
	uses: Swatinem/rust-cache@v2
	with:
	shared-key: ${{ matrix.package }}
	- name: Run cargo check for ${{ matrix.package }}
	run: cargo check -p ${{ matrix.package }}

	# Parallel build and test job for each package
	build-and-test:
	needs: [determine-workspace-members, check]
	runs-on: ubuntu-latest
	if: ${{ needs.determine-workspace-members.outputs.workspace_members != '[]' }}
	strategy:
	fail-fast: false
	matrix:
	package: ${{ fromJson(needs.determine-workspace-members.outputs.workspace_members) }}
	steps:
	- name: Show disk usage (before cleanup)
	run: df -h
	- name: Clean up large directories
	run: \|
	sudo rm -rf /usr/local/share/boost \
	/usr/share/dotnet \
	/usr/local/lib/android \
	/opt/ghc
	- name: Show disk usage (after cleanup)
	run: df -h
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Rust Cache
	uses: Swatinem/rust-cache@v2
	with:
	shared-key: ${{ matrix.package }}
	- name: Run cargo build for ${{ matrix.package }}
	run: cargo build --release -p ${{ matrix.package }}
	- name: Run cargo test for ${{ matrix.package }}
	run: cargo test --release -p ${{ matrix.package }}

	# Run formatting check on the entire workspace
	formatting:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Rust Cache
	uses: Swatinem/rust-cache@v2
	- name: Run cargo fmt
	run: cargo fmt -- --check

	# Job to build Docker images for packages with Dockerfiles
	docker-build:
	needs: [determine-dockerfiles, build-and-test]
	runs-on: ubuntu-latest
	if: ${{ needs.determine-dockerfiles.outputs.dockerfiles != '[]' }}
	strategy:
	fail-fast: false
	matrix:
	dockerfile: ${{ fromJson(needs.determine-dockerfiles.outputs.dockerfiles) }}
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	# Set up Docker Buildx
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.10.0
	with:
	buildkitd-flags: --debug

	# Create a cache directory for Docker builds
	- name: Set up cache for Docker builds
	uses: actions/cache@v3
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ matrix.dockerfile }}-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-${{ matrix.dockerfile }}-

	# Log in to GitHub Container Registry if not a fork
	- name: Login to GitHub Container Registry
	if: ${{ needs.determine-dockerfiles.outputs.is_fork == 'false' }}
	uses: docker/login-action@v3.4.0
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v5.7.0
	with:
	images: ${{ env.REGISTRY }}/${{ env.ORGANIZATION }}/${{ matrix.dockerfile }}
	tags: \|
	# Always add the git commit SHA
	type=sha,format=long
	# Add 'main' tag if this is on the main branch
	type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }}

	# Build the Docker image (no push if from fork)
	- name: Build Docker image
	id: build
	if: ${{ needs.determine-dockerfiles.outputs.is_fork == 'true' }}
	uses: docker/build-push-action@v6.17.0
	with:
	context: .
	file: ${{ matrix.dockerfile }}/Dockerfile
	push: false
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	build-args: COMMIT_SHA=${{ github.event.pull_request.head.sha \|\| github.sha }}
	# Disable cache for forks to avoid permission issues
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: ""
	load: true

	# Build and push the Docker image (only if not from fork)
	- name: Build and push Docker image
	id: build-push
	if: ${{ needs.determine-dockerfiles.outputs.is_fork == 'false' }}
	uses: docker/build-push-action@v6.17.0
	with:
	context: .
	file: ${{ matrix.dockerfile }}/Dockerfile
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	build-args: COMMIT_SHA=${{ github.event.pull_request.head.sha \|\| github.sha }}
	sbom: true
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max

	# Move cache to avoid unbounded cache growth
	- name: Move cache
	if: ${{ needs.determine-dockerfiles.outputs.is_fork == 'false' }}
	run: \|
	rm -rf /tmp/.buildx-cache
	mv /tmp/.buildx-cache-new /tmp/.buildx-cache

	# Generate artifact attestation if not a fork
	- name: Generate artifact attestation
	if: ${{ needs.determine-dockerfiles.outputs.is_fork == 'false' }}
	uses: actions/attest-build-provenance@v2
	with:
	subject-name: ${{ env.REGISTRY }}/${{ env.ORGANIZATION }}/${{ matrix.dockerfile }}
	subject-digest: ${{ steps.build-push.outputs.digest }}
	push-to-registry: true

	# Optional: Add a final job that depends on all tests to signal success
	ci-success:
	runs-on: ubuntu-latest
	needs: [check, build-and-test, formatting, determine-dockerfiles]
	if: always()
	steps:
	- name: Check if docker-build should run
	id: should-docker-build
	run: \|
	DOCKERFILES='${{ needs.determine-dockerfiles.outputs.dockerfiles }}'
	if [[ "$DOCKERFILES" == "[]" ]]; then
	echo "docker_build_needed=false" >> $GITHUB_OUTPUT
	else
	echo "docker_build_needed=true" >> $GITHUB_OUTPUT
	fi

	- name: CI Success (no docker build needed)
	if: \|
	steps.should-docker-build.outputs.docker_build_needed == 'false' &&
	(!contains(needs.check.result, 'failure') \|\| needs.check.result == 'skipped') &&
	(!contains(needs.check.result, 'cancelled') \|\| needs.check.result == 'skipped') &&
	(!contains(needs.build-and-test.result, 'failure') \|\| needs.build-and-test.result == 'skipped') &&
	(!contains(needs.build-and-test.result, 'cancelled') \|\| needs.build-and-test.result == 'skipped') &&
	!contains(needs.formatting.result, 'failure') &&
	!contains(needs.formatting.result, 'cancelled')
	run: echo "All CI jobs passed! (Docker build not needed)"

	- name: CI Success (with docker build)
	if: \|
	steps.should-docker-build.outputs.docker_build_needed == 'true' &&
	(!contains(needs.check.result, 'failure') \|\| needs.check.result == 'skipped') &&
	(!contains(needs.check.result, 'cancelled') \|\| needs.check.result == 'skipped') &&
	(!contains(needs.build-and-test.result, 'failure') \|\| needs.build-and-test.result == 'skipped') &&
	(!contains(needs.build-and-test.result, 'cancelled') \|\| needs.build-and-test.result == 'skipped') &&
	!contains(needs.formatting.result, 'failure') &&
	!contains(needs.formatting.result, 'cancelled') &&
	(!contains(needs.docker-build.result, 'failure') \|\| needs.docker-build.result == 'skipped') &&
	(!contains(needs.docker-build.result, 'cancelled') \|\| needs.docker-build.result == 'skipped')
	run: echo "All CI jobs passed! (Including Docker build)"

	- name: CI Failed
	if: \|
	(contains(needs.check.result, 'failure') && needs.check.result != 'skipped') \|\|
	(contains(needs.check.result, 'cancelled') && needs.check.result != 'skipped') \|\|
	(contains(needs.build-and-test.result, 'failure') && needs.build-and-test.result != 'skipped') \|\|
	(contains(needs.build-and-test.result, 'cancelled') && needs.build-and-test.result != 'skipped') \|\|
	contains(needs.formatting.result, 'failure') \|\|
	contains(needs.formatting.result, 'cancelled') \|\|
	(steps.should-docker-build.outputs.docker_build_needed == 'true' &&
	((contains(needs.docker-build.result, 'failure') && needs.docker-build.result != 'skipped') \|\|
	(contains(needs.docker-build.result, 'cancelled') && needs.docker-build.result != 'skipped')))
	run: \|
	echo "Some CI jobs failed!"
	exit 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(rsky-pds): clone exact PR commit so new workspace members are included #558

Workflow file

fix(rsky-pds): clone exact PR commit so new workspace members are included #558

Uh oh!

Workflow file for this run