fix(ci-self-hosted): restore with: block in clippy job
#6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI (self-hosted) | |
| # Routes the compile-heavy cargo test pass to the Hoff's self-hosted | |
| # Linux/X64 runner. Triggered only on pushes to in-repo branches and on | |
| # manual dispatch — NEVER on `pull_request`, because fork PRs from | |
| # outside contributors must not be able to execute code on the | |
| # self-hosted box (they hit the existing `ubuntu-latest` ci.yml jobs | |
| # instead, where GitHub sandboxes the work). | |
| # | |
| # Belt-and-braces: GitHub repo setting "Require approval for all | |
| # outside collaborators" must also be enabled in Settings -> Actions | |
| # -> General so even the cloud-hosted workflows don't fire on a fork | |
| # PR without manual approval. | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - main | |
| - 'feat/**' | |
| - 'fix/**' | |
| - 'harden/**' | |
| - 'polish/**' | |
| - 'perf/**' | |
| - 'docs/**' | |
| - 'ci/**' | |
| workflow_dispatch: | |
| # Tighten the default GITHUB_TOKEN to read-only. Per-job permissions can | |
| # override if needed (none of these jobs write to the repo). | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: self-hosted-${{ github.ref }} | |
| cancel-in-progress: true | |
| # All third-party actions pinned to commit SHAs (not tags) so a | |
| # compromised tag re-point cannot poison the self-hosted runner. | |
| # Version comments reflect the tag/branch the SHA resolved from at | |
| # pinning time — update via Dependabot or manual re-resolve. | |
| jobs: | |
| test: | |
| name: cargo test (self-hosted) | |
| runs-on: [self-hosted, Linux, X64] | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable channel ref | |
| - name: Cargo cache | |
| uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| with: | |
| shared-key: self-hosted-stable | |
| - name: cargo test --bin contextcrawler | |
| run: cargo test --bin contextcrawler --no-fail-fast | |
| - name: Upload tee logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 | |
| with: | |
| name: rtk-tee-logs-${{ github.run_id }} | |
| path: ~/.local/share/rtk/tee/ | |
| if-no-files-found: ignore | |
| retention-days: 7 | |
| clippy: | |
| name: cargo clippy (self-hosted) | |
| runs-on: [self-hosted, Linux, X64] | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable channel ref | |
| with: | |
| components: clippy | |
| - name: Cargo cache | |
| uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 | |
| with: | |
| shared-key: self-hosted-stable | |
| # Clippy runs in visible-but-non-fatal mode while the codebase | |
| # works through new doc/MSRV lints introduced by post-1.80 | |
| # toolchains. Re-tighten to `-- -D warnings` after lint cleanup | |
| # lands (tracked separately). | |
| - name: cargo clippy | |
| run: cargo clippy --bin contextcrawler --all-features |