Skip to content
CI

Make justfile the canonical source of truth for CI #660

Sign in to view logs

Make justfile the canonical source of truth for CI

Make justfile the canonical source of truth for CI #660

Workflow file for this run

.github/workflows/ci.yml at 2951912
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
lint:
name: lint
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install stable --profile minimal -c rustfmt -c clippy
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- uses: ./.github/actions/install-tools
with:
tools: just
- name: Check lint
run: just check-lint
- name: Check Zizmor
run: |
pipx install zizmor==1.23.1
zizmor --format plain .github/
- name: Check `cargo package`
# creates a .crate for distribution and verifies it can build in isolation
# see https://doc.rust-lang.org/cargo/commands/cargo-package.html
run: cargo package --workspace
test:
name: test (${{ matrix.rust }})
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
rust: ["1.86", stable]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install ${{ matrix.rust }} --profile minimal && rustup default ${{ matrix.rust }}
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- uses: ./.github/actions/install-tools
with:
tools: just uv
- name: Run tests
run: just check-tests
test-all-features:
name: test-all-features (${{ matrix.rust }})
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
rust: ["1.86", stable]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install ${{ matrix.rust }} --profile minimal && rustup default ${{ matrix.rust }}
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- uses: ./.github/actions/install-tools
with:
tools: just uv
- name: Run tests with all features
run: just check-tests-all-features
docs:
name: docs
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install nightly --profile minimal && rustup default nightly
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- uses: ./.github/actions/install-tools
with:
tools: just
- name: Install cargo-docs-rs
run: cargo install --locked cargo-docs-rs
- name: Check docs
run: just check-docs
# test with the minimal versions of all our dependencies
test-minimal-versions:
name: test-minimal-versions
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install nightly --profile minimal && rustup default nightly
- uses: Swatinem/rust-cache@ad397744b0d591a723ab90405b7247fac0e6b8db # v2
- uses: ./.github/actions/install-tools
with:
tools: just uv
- name: Generate lockfile
run: cargo generate-lockfile -Z minimal-versions
- name: Run tests
run: just check-tests-minimal-versions
compile-examples:
name: compile-examples (${{ matrix.rust }})
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
rust: ["1.86", stable]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install ${{ matrix.rust }} --profile minimal && rustup default ${{ matrix.rust }}
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- name: Compile examples
run: cargo build --examples --all-features
coverage:
name: coverage
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install stable --profile minimal -c llvm-tools-preview
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- name: Install cargo-llvm-cov
run: cargo install --locked cargo-llvm-cov
- uses: ./.github/actions/install-tools
with:
tools: just uv
- name: Run coverage
run: just check-coverage
conformance:
name: conformance
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install Rust
run: rustup toolchain install stable --profile minimal
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
- uses: ./.github/actions/install-tools
with:
tools: just uv
- name: Run conformance tests
run: just check-conformance
nix:
name: nix
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: cachix/install-nix-action@1ca7d21a94afc7c957383a2d217460d980de4934 # v31.10.1
- uses: ./.github/actions/install-tools
with:
tools: just
- name: lint
run: just check-format-nix
release:
name: release
if: github.event_name == 'push' && github.repository == 'hegeldev/hegel-rust'
needs: [lint, test, test-all-features, test-minimal-versions, docs, coverage, conformance, nix]
runs-on: ubuntu-latest
permissions:
contents: write
# id-token: "enables the workflow to request and use an OIDC token from GitHub's OIDC provider".
# Used by our trusted publishing flow
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Check for RELEASE.md
id: check
run: |
if [ ! -f RELEASE.md ]; then
echo "skip=true" >> "$GITHUB_OUTPUT"
fi
- name: Generate app token
if: steps.check.outputs.skip != 'true'
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: app-token
with:
app-id: ${{ vars.HEGEL_RELEASE_APP_ID }}
private-key: ${{ secrets.HEGEL_RELEASE_APP_PRIVATE_KEY }}
repositories: hegel-rust
- name: Re-checkout with app token # zizmor: ignore[artipacked]
if: steps.check.outputs.skip != 'true'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{ steps.app-token.outputs.token }}
- name: Release
if: steps.check.outputs.skip != 'true'
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
HEGEL_RELEASE_APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
run: python .github/scripts/release.py release
- name: Install Rust
if: steps.check.outputs.skip != 'true'
run: rustup toolchain install stable --profile minimal
- name: Authenticate with crates.io
if: steps.check.outputs.skip != 'true'
uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1.0.3
id: crates-io-auth
- name: Publish hegeltest-macros
if: steps.check.outputs.skip != 'true'
run: cargo publish -p hegeltest-macros
env:
CARGO_REGISTRY_TOKEN: ${{ steps.crates-io-auth.outputs.token }}
- name: Wait for crates.io index
if: steps.check.outputs.skip != 'true'
run: |
VERSION=$(grep '^version' hegel-macros/Cargo.toml | head -1 | sed 's/.*"\(.*\)"/\1/')
echo "waiting for hegeltest-macros $VERSION to appear on crates.io..."
for i in $(seq 1 60); do
if cargo search hegeltest-macros | grep -q "\"$VERSION\""; then
exit 0
fi
sleep 3
done
echo "Timed out waiting for hegeltest-macros to appear on Crates.io"
exit 1
- name: Publish hegeltest
if: steps.check.outputs.skip != 'true'
run: cargo publish -p hegeltest
env:
CARGO_REGISTRY_TOKEN: ${{ steps.crates-io-auth.outputs.token }}
- name: Push to main or open PR
if: steps.check.outputs.skip != 'true'
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: python .github/scripts/release.py push-or-pr