-
Notifications
You must be signed in to change notification settings - Fork 68
186 lines (168 loc) · 7.77 KB
/
rust-ci.yaml
File metadata and controls
186 lines (168 loc) · 7.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
# This is mostly copied from the rust-analyzer repo
# https://github.com/rust-lang/rust-analyzer/blob/12e7aa3132217cc6a6c1151d468be35d7b365999/.github/workflows/ci.yaml
name: Rust CI
on:
pull_request:
types: [opened, reopened, synchronize, labeled]
pull_request_target:
types: [opened, reopened, synchronize, labeled]
push:
branches:
- main
schedule:
# three times a day to run the integration tests that take a long time
- cron: '33 3,10,15 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
CI: 1
RUST_BACKTRACE: short
RUSTFLAGS: "-D warnings -W unreachable-pub -W bare-trait-objects"
RUSTUP_MAX_RETRIES: 10
RUST_CHANNEL: '1.87.0'
jobs:
rust-ci:
name: Rust CI
# Run for all events, but apply different logic based on the event type
if: |
github.event_name == 'pull_request' ||
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository)
timeout-minutes: 20
runs-on: ${{ matrix.os }}
# Apply environment protection only for external PRs and sensitive events
environment: ${{
(github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository)
|| github.event_name == 'push'
|| github.event_name == 'schedule'
&& 'ci-with-secrets' || '' }}
defaults:
run:
working-directory: ./
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-24.04-arm, macos-13, macos-latest]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
# For pull_request_target, checkout the PR head
ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
# Docker services - only for tests that need secrets (internal/external PRs with secrets, push, schedule)
- name: Stand up docker services
if: |
(matrix.os == 'ubuntu-latest' || matrix.os == 'ubuntu-24.04-arm') &&
(
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository)
)
run: docker compose up -d
- name: Wait for containers to be ready
if: |
(matrix.os == 'ubuntu-latest' || matrix.os == 'ubuntu-24.04-arm') &&
(
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository)
)
run: |
for _ in {1..10}; do
if curl --silent --fail http://minio:9000/minio/health/live; then
break
fi
sleep 3
done
docker compose exec -T minio mc alias set minio http://minio:9000 minio123 minio123
for _ in {1..20}; do
if curl --silent --fail "http://azurite:10000/devstoreaccount1/testcontainer?sv=2023-01-03&ss=btqf&srt=sco&spr=https%2Chttp&st=2025-01-06T14%3A53%3A30Z&se=2035-01-07T14%3A53%3A00Z&sp=rwdftlacup&sig=jclETGilOzONYp4Y0iK9SpVRLGyehaS5lg5booJ9VYA%3D&restype=container"; then
break
fi
sleep 3
done
# Common setup steps for all scenarios
- name: Install Just
if: matrix.os == 'ubuntu-latest' || matrix.os == 'ubuntu-24.04-arm'
run: sudo snap install --edge --classic just
- name: Install Rust toolchain
run: |
rustup update --no-self-update ${{ env.RUST_CHANNEL }}
rustup component add --toolchain ${{ env.RUST_CHANNEL }} rustfmt rust-src clippy
rustup default ${{ env.RUST_CHANNEL }}
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2
with:
key: ${{ env.RUST_CHANNEL }}
- name: Install cargo-deny
if: matrix.os == 'ubuntu-latest' || matrix.os == 'ubuntu-24.04-arm'
run: cargo install --locked cargo-deny
# Basic checks that run for all pull requests (including external)
- name: Check formatting
if: matrix.os == 'ubuntu-latest' && github.event_name == 'pull_request'
run: cargo fmt --all -- --check
- name: Clippy
if: matrix.os == 'ubuntu-latest' && github.event_name == 'pull_request'
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Cargo deny
if: matrix.os == 'ubuntu-latest' && github.event_name == 'pull_request'
run: cargo deny check
# Full checks with secrets - for internal PRs, external PRs (with approval), push, and schedule
- name: Check (with secrets)
if: |
(matrix.os == 'ubuntu-latest' || matrix.os == 'ubuntu-24.04-arm') &&
(
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository)
)
env:
R2_BUCKET: ${{ secrets.R2_BUCKET }}
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
AWS_BUCKET: ${{ secrets.AWS_BUCKET }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TIGRIS_BUCKET: ${{ secrets.TIGRIS_BUCKET }}
TIGRIS_REGION: ${{ secrets.TIGRIS_REGION }}
TIGRIS_ACCESS_KEY_ID: ${{ secrets.TIGRIS_ACCESS_KEY_ID }}
TIGRIS_SECRET_ACCESS_KEY: ${{ secrets.TIGRIS_SECRET_ACCESS_KEY }}
run: just pre-commit
# Unit tests for non-Ubuntu platforms that need secrets
- name: Run unit tests only
if: |
(matrix.os != 'ubuntu-latest' && matrix.os != 'ubuntu-24.04-arm') &&
(
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
github.event_name == 'push' ||
github.event_name == 'schedule' ||
(github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository)
)
run: cargo test --lib
# Expensive integration tests - only on schedule
- name: Run integration tests against object stores
if: github.event_name == 'schedule'
env:
R2_BUCKET: ${{ secrets.R2_BUCKET }}
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
AWS_BUCKET: ${{ secrets.AWS_BUCKET }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TIGRIS_BUCKET: ${{ secrets.TIGRIS_BUCKET }}
TIGRIS_REGION: ${{ secrets.TIGRIS_REGION }}
TIGRIS_ACCESS_KEY_ID: ${{ secrets.TIGRIS_ACCESS_KEY_ID }}
TIGRIS_SECRET_ACCESS_KEY: ${{ secrets.TIGRIS_SECRET_ACCESS_KEY }}
run: cargo test --all --all-targets -- --ignored