chore: pin GitHub Actions to commit SHAs #2321
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| env: | |
| # When getting Rust dependencies, retry on network error: | |
| CARGO_NET_RETRY: 10 | |
| # Use the local .curlrc | |
| CURL_HOME: . | |
| # Disable incremental compilation | |
| CARGO_INCREMENTAL: 0 | |
| # These variables should be shared with WSL | |
| WSLENV: CARGO_INCREMENTAL:CURL_HOME/p:CARGO_NET_RETRY:GITHUB_ENV/p:GITHUB_OUTPUT/p | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| src: ${{ steps.filter.outputs.src }} | |
| permissions: | |
| pull-requests: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 | |
| id: filter | |
| with: | |
| # With 'every', a changed file is matched only when it satisfies | |
| # ALL rules: the positive pattern AND every negated pattern. | |
| predicate-quantifier: 'every' | |
| filters: | | |
| src: | |
| - '**' | |
| - '!**.md' | |
| - '!docs/**' | |
| - '!docs-site/**' | |
| - '!npm/**' | |
| discover: | |
| needs: changes | |
| if: needs.changes.outputs.src == 'true' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - id: set-matrix | |
| run: echo "matrix=$(python3 .github/scripts/test-matrix.py)" >> $GITHUB_OUTPUT | |
| unit-tests: | |
| name: Unit tests on ${{ matrix.os }} | |
| needs: changes | |
| if: needs.changes.outputs.src == 'true' | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| # Make the os matrix match .github/scripts/test-matrix.py so that | |
| # we optimize caching | |
| os: [ubuntu-22.04, macos-15, windows-2025] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup image (Linux) | |
| if: ${{ contains(matrix.os, 'ubuntu') }} | |
| run: ./.github/scripts/provision-linux-build.sh | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4 | |
| with: | |
| cache-shared-key: ${{ runner.os }}-test | |
| - uses: t1m0thyj/unlock-keyring@e481cdc8833d4417a58f40734e8f197183317047 | |
| if: ${{ contains(matrix.os, 'ubuntu') }} | |
| - name: Run unit tests | |
| run: cargo test --workspace --lib --bins | |
| test: | |
| name: ${{ matrix.test }} on ${{ matrix.os }} | |
| # Wait until unit tests have run so we can reuse the cache | |
| needs: [discover, unit-tests] | |
| # Check discover's result (not changes.outputs.src) because this job | |
| # needs discover's matrix output, which is only available when it ran. | |
| if: needs.discover.result == 'success' | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{fromJson(needs.discover.outputs.matrix)}} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4 | |
| with: | |
| cache-shared-key: ${{ runner.os }}-test | |
| - name: Setup image (Linux) | |
| if: ${{ contains(matrix.os, 'ubuntu') }} | |
| run: ./.github/scripts/provision-linux-build.sh && ./.github/scripts/provision-linux-test.sh | |
| - name: Setup image (macOS) | |
| if: ${{ contains(matrix.os, 'macos') }} | |
| run: ./.github/scripts/provision-macos-test.sh | |
| - name: Setup image (Windows) | |
| if: ${{ contains(matrix.os, 'windows') }} | |
| run: .github/scripts/provision-windows-test.ps1 | |
| shell: pwsh | |
| - name: Setup WSL2 (Windows) | |
| if: ${{ contains(matrix.os, 'windows') }} | |
| uses: Vampire/setup-wsl@6a8db447be7ed35f2f499c02c6e60ff77ef11278 # v6.0.0 | |
| with: | |
| distribution: Ubuntu-22.04 | |
| - name: Setup Docker in WSL2 (Windows) | |
| if: ${{ contains(matrix.os, 'windows') }} | |
| run: .github/scripts/init-docker.sh | |
| shell: wsl-bash_Ubuntu-22.04 {0} | |
| - uses: t1m0thyj/unlock-keyring@e481cdc8833d4417a58f40734e8f197183317047 | |
| if: ${{ contains(matrix.os, 'ubuntu') }} | |
| - name: Install mops | |
| uses: dfinity/setup-mops@3e94e453352269b34137b5ce49f09a8df81bed7d # v1.4.1 | |
| - name: Verify mops installation | |
| run: | | |
| which mops | |
| mops --version | |
| - name: Install ic-wasm | |
| run: curl --proto '=https' --tlsv1.2 -LsSf https://github.com/dfinity/ic-wasm/releases/download/0.9.10/ic-wasm-installer.sh | sh | |
| - name: Verify ic-wasm installation | |
| run: | | |
| which ic-wasm | |
| ic-wasm --version | |
| - name: Install wasm-tools | |
| uses: taiki-e/install-action@e9e8e031bcd90cdbe8ac6bb1d376f8596e587fbf # v2.70.2 | |
| with: | |
| tool: wasm-tools | |
| - name: Verify wasm-tools installation | |
| run: | | |
| which wasm-tools | |
| wasm-tools --version | |
| - name: Run ${{ matrix.test }} | |
| # the macos runners do not support Docker | |
| run: cargo test --test ${{ matrix.test }} -- ${{ contains(matrix.os, 'macos') && '--skip :docker:' || '' }} | |
| env: | |
| ICP_CLI_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| aggregate: | |
| name: test:required | |
| if: always() && needs.changes.outputs.src == 'true' | |
| runs-on: ubuntu-latest | |
| needs: [changes, unit-tests, test] | |
| steps: | |
| - name: check unit-tests result | |
| if: ${{ needs.unit-tests.result != 'success' }} | |
| run: exit 1 | |
| - name: check test result | |
| if: ${{ needs.test.result != 'success' }} | |
| run: exit 1 |