ci: wire Codecov upload and gate coverage on [coverage] PR title #103
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Weekly audit on Mondays at 06:00 UTC | |
| - cron: "0 6 * * 1" | |
| env: | |
| CARGO_TERM_COLOR: always | |
| # The ubuntu-latest runner has clang-18 + libclang pre-installed; | |
| # point bindgen at it so we can skip apt-get install libclang-dev. | |
| LIBCLANG_PATH: /usr/lib/llvm-18/lib | |
| jobs: | |
| check: | |
| name: Check (fmt, clippy, compile) | |
| runs-on: ubuntu-latest | |
| # Skip on scheduled runs (only audit/mutants need the weekly trigger) | |
| if: github.event_name != 'schedule' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy, rustfmt | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Check formatting | |
| run: cargo fmt --check | |
| - name: Run Clippy | |
| run: cargo clippy --all-targets -- -D warnings | |
| - name: Check compilation | |
| run: cargo check | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: check | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Install cargo-nextest | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-nextest | |
| locked: true | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run tests | |
| run: cargo nextest run | |
| build: | |
| name: Build (release) | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Build release binary | |
| run: cargo build --release | |
| - name: Upload release binary | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: pg-migration-lint | |
| path: target/release/pg-migration-lint | |
| if-no-files-found: error | |
| retention-days: 14 | |
| build-bridge: | |
| name: Build Liquibase bridge JAR | |
| runs-on: ubuntu-latest | |
| # Skip on scheduled runs (only audit needs the weekly trigger) | |
| if: github.event_name != 'schedule' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Build fat JAR with Maven (via Docker) | |
| run: | | |
| docker run --rm \ | |
| -v "$PWD/bridge:/build" \ | |
| -w /build \ | |
| maven:3.9-eclipse-temurin-21 \ | |
| sh -c 'mvn package -q && cp target/liquibase-bridge-1.0.0.jar target/liquibase-bridge.jar' | |
| - name: Upload bridge JAR | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: liquibase-bridge | |
| path: bridge/target/liquibase-bridge.jar | |
| if-no-files-found: error | |
| retention-days: 14 | |
| coverage: | |
| name: Coverage | |
| runs-on: ubuntu-latest | |
| needs: check | |
| # Run on main push, scheduled, or when PR title contains [coverage] | |
| if: >- | |
| github.event_name == 'push' | |
| || github.event_name == 'schedule' | |
| || contains(github.event.pull_request.title, '[coverage]') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview | |
| - name: Install cargo-llvm-cov | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-llvm-cov | |
| locked: true | |
| - name: Install cargo-nextest | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-nextest | |
| locked: true | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Generate coverage | |
| run: cargo llvm-cov nextest --lcov --output-path lcov.info | |
| - name: Upload to Codecov | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| files: lcov.info | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| mutants: | |
| name: Mutation testing | |
| runs-on: ubuntu-latest | |
| # Only run on the weekly schedule | |
| if: github.event_name == 'schedule' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Install cargo-mutants | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-mutants | |
| locked: true | |
| - name: Install cargo-nextest | |
| uses: baptiste0928/cargo-install@v3 | |
| with: | |
| crate: cargo-nextest | |
| locked: true | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Run mutation tests | |
| run: cargo mutants --test-tool nextest --output mutants.out | |
| - name: Upload mutants report | |
| if: always() | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: mutants-report | |
| path: mutants.out/ | |
| retention-days: 30 | |
| deny: | |
| name: Deny (licenses, advisories, duplicates) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: EmbarkStudios/cargo-deny-action@v2 | |
| audit: | |
| name: Security audit | |
| runs-on: ubuntu-latest | |
| # Run on PRs, pushes to main, and the weekly schedule | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache Cargo | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-audit | |
| run: cargo install cargo-audit --locked | |
| - name: Run audit | |
| run: cargo audit |