Detect and report GitHub API rate limiting #3904
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| permissions: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Format | |
| run: cargo fmt --check | |
| - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 | |
| - name: Lint | |
| run: cargo clippy -- --deny warnings | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 | |
| - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 | |
| - name: Test dependencies | |
| run: | | |
| # Don't waste time on man-db updates | |
| sudo apt-get remove --purge man-db | |
| # Needed for tty-tests | |
| sudo apt install -y expect | |
| - name: Test | |
| run: cargo test --features crater-tests,tty-tests,schema | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Test snippets | |
| run: | | |
| make snippets | |
| git diff --exit-code | |
| test-site: | |
| name: Test site build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 | |
| - name: Test site | |
| run: make site | |
| test-schema: | |
| name: Test schema | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Verify schema covers all audits | |
| run: | | |
| REGISTRY_COUNT=$(grep -c "register_audit!" crates/zizmor/src/registry.rs) | |
| SCHEMA_COUNT=$(jq '.definitions.RulesConfig.properties | length' support/zizmor.schema.json) | |
| if [ "$REGISTRY_COUNT" -ne "$SCHEMA_COUNT" ]; then | |
| echo "Error: registry.rs has $REGISTRY_COUNT audits but schema has $SCHEMA_COUNT" | |
| echo "Update config/schema.rs and regenerate the schema:" | |
| echo " make generate-schema" | |
| exit 1 | |
| fi | |
| echo "Schema covers all $REGISTRY_COUNT audits" | |
| - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 | |
| - name: Verify committed schema is up-to-date | |
| run: | | |
| make generate-schema | |
| git diff --exit-code | |
| all-tests-pass: | |
| name: All tests pass | |
| if: always() | |
| needs: [lint, test, test-site, test-schema] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: check test jobs | |
| uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 | |
| with: | |
| jobs: ${{ toJSON(needs) }} |