Skip to content

Merge pull request #713 from kristof-mattei/renovate/lock-file-mainte… #1946

Merge pull request #713 from kristof-mattei/renovate/lock-file-mainte…

Merge pull request #713 from kristof-mattei/renovate/lock-file-mainte… #1946

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
checks: write
pull-requests: write
issues: write
packages: write
env:
CARGO_TERM_COLOR: always
# set this to true in GitHub variables to enable building the container
# HAS_CONTAINER: true
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
# just a name, but storing it separately as we're nice people
DOCKER_IMAGE_ARTIFACT_NAME: Docker image
DOCKER_IMAGE_OUTPUT_LOCATION: /tmp
DOCKER_IMAGE_TAR_LOCATION: /tmp/docker-image.tar # notice /tmp same as DOCKER_IMAGE_OUTPUT_LOCATION
concurrency:
# each new commit to a PR runs this workflow
# so we need to avoid a long running older one from overwriting the "pr-<number>-latest"
group: "${{ github.workflow }} @ ${{ github.ref_name }}"
cancel-in-progress: true
jobs:
repo-has-container:
name: Repo has container?
runs-on: ubuntu-latest
outputs:
has_container: ${{ steps.determine.outputs.has_container }}
steps:
- name: Repo has docker container?
id: determine
shell: bash
run: |
HAS_CONTAINER="${{ vars.HAS_CONTAINER }}"
echo "has_container=${HAS_CONTAINER:-false}" >> ${GITHUB_OUTPUT}
changes:
name: Detect changes
runs-on: ubuntu-latest
outputs:
code: ${{ steps.filter.outputs.code }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Check if we actually made changes
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # tag=v2.11.1
id: filter
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: .github/file-filters.yml
calculate-version:
name: Calculate version
runs-on: ubuntu-latest
needs:
- changes
- repo-has-container
outputs:
version: ${{ steps.version.outputs.nextversion }}
if: |
github.event_name == 'pull_request' &&
fromJSON(needs.repo-has-container.outputs.has_container) == true &&
fromJSON(needs.changes.outputs.code) == true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
fetch-depth: 0
- name: Cache dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
env:
CACHE_NAME: cargo-cache-dependencies
with:
path: |
~/.cargo
./target
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-cocogitto
restore-keys: |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-
${{ runner.os }}-build-${{ env.CACHE_NAME }}-
- name: Set up toolchain
shell: bash
run: |
rm ${HOME}/.cargo/bin/rustfmt
rm ${HOME}/.cargo/bin/cargo-fmt
rustup update
cargo --version
- name: Get binstall
shell: bash
run: |
cd /tmp
archive="cargo-binstall-x86_64-unknown-linux-musl.tgz"
wget "https://github.com/cargo-bins/cargo-binstall/releases/latest/download/${archive}"
tar -xvf "./${archive}"
rm "./${archive}"
mv ./cargo-binstall ~/.cargo/bin/
- name: Install cocogitto to get the next version number
shell: bash
run: |
cargo binstall --no-confirm cocogitto --target x86_64-unknown-linux-musl --pkg-url "{ repo }/releases/download/{ version }/{ name }-{ version }-{ target }.tar.gz" --bin-dir "{ bin }" --pkg-fmt tgz
- name: Calculate next version
id: version
shell: bash
run: |
VERSION="$(cog bump --auto --dry-run || true)"
if [[ -z $VERSION ]]; then
VERSION="$(git tag --points-at "$(git rev-list --tags --max-count=1)" | sort --reverse | head --lines 1)"
echo "No version generated, defaulting to latest git tag: ${VERSION}"
else
echo "New version: ${VERSION}"
fi
# remove v
VERSION="${VERSION//v/}"
# store
echo "nextversion=${VERSION}" >> ${GITHUB_OUTPUT}
cargo-build:
name: Cargo build
runs-on: ubuntu-latest
needs:
- changes
if: |
github.event_name == 'pull_request' &&
fromJSON(needs.changes.outputs.code) == true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Cache dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
env:
CACHE_NAME: cargo-cache-dependencies
with:
path: |
~/.cargo
./target
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-build
restore-keys: |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-
${{ runner.os }}-build-${{ env.CACHE_NAME }}-
- name: Set up toolchain
shell: bash
run: |
rm ${HOME}/.cargo/bin/rustfmt
rm ${HOME}/.cargo/bin/cargo-fmt
rustup update
cargo --version
- name: Build
shell: bash
run: |
cargo build --all-targets --workspace --verbose
cargo-fmt:
name: Cargo fmt
runs-on: ubuntu-latest
needs:
- changes
if: |
github.event_name == 'pull_request' &&
fromJSON(needs.changes.outputs.code) == true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Cache dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
env:
CACHE_NAME: cargo-cache-dependencies
with:
path: |
~/.cargo
./target
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-fmt
restore-keys: |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-
${{ runner.os }}-build-${{ env.CACHE_NAME }}-
- name: Set up toolchain
shell: bash
run: |
rm ${HOME}/.cargo/bin/rustfmt
rm ${HOME}/.cargo/bin/cargo-fmt
rustup update
cargo --version
- name: Check formatting
shell: bash
run: |
cargo fmt --all -- --check --verbose
cargo-test-and-report:
name: Cargo test (and report)
runs-on: ubuntu-latest
needs:
- changes
if: fromJSON(needs.changes.outputs.code) == true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Cache dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
env:
CACHE_NAME: cargo-cache-dependencies
with:
path: |
~/.cargo
./target
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-test
restore-keys: |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-
${{ runner.os }}-build-${{ env.CACHE_NAME }}-
- name: Set up toolchain
shell: bash
run: |
rm ${HOME}/.cargo/bin/rustfmt
rm ${HOME}/.cargo/bin/cargo-fmt
rustup update
cargo --version
- name: Install llvm-tools-preview
shell: bash
run: |
rustup component add llvm-tools-preview
- name: Get binstall
shell: bash
run: |
archive="cargo-binstall-x86_64-unknown-linux-musl.tgz"
wget "https://github.com/ryankurte/cargo-binstall/releases/latest/download/${archive}"
tar -xvf "./${archive}"
rm "./${archive}"
mv ./cargo-binstall ~/.cargo/bin/
- name: Install nextest, custom test runner, with native support for junit
shell: bash
run: |
cargo binstall --no-confirm cargo-nextest;
- name: Install grcov
shell: bash
run: |
cargo binstall --no-confirm grcov --pkg-url "{ repo }/releases/download/v{ version }/{ name }-{ target }.tar.bz2" --pkg-fmt tbz2 --bin-dir "{ bin }";
- name: Build with instrumentation support
shell: bash
env:
RUSTFLAGS: "-C instrument-coverage"
run: |
cargo build --all-targets --workspace --verbose
- name: Run nextest
shell: bash
id: tests
env:
RUSTFLAGS: "-C instrument-coverage"
LLVM_PROFILE_FILE: "profiling/profile-%p-%m.profraw"
run: |
cargo nextest run --profile ci --no-fail-fast --all-targets --workspace
continue-on-error: true
- name: Upload test results
uses: EnricoMi/publish-unit-test-result-action@ca89ad036b5fcd524c1017287fb01b5139908408 # v2.11.0
with:
check_name: Test results
github_token: ${{ secrets.GITHUB_TOKEN }}
junit_files: reports/results.xml
- name: Run grcov
shell: bash
run: |
grcov $(find profiling -name "profile-*.profraw" -print) --source-dir . --binary-path ./target/debug/ --output-type lcov --branch --ignore-not-existing --llvm --keep-only "src/**" --keep-only "tests/**" --output-path ./reports/lcov.info
- name: Upload to Coveralls
uses: coverallsapp/github-action@3dfc5567390f6fa9267c0ee9c251e4c8c3f18949 # v2.2.3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: reports/lcov.info
- name: Fail if tests failed
shell: bash
if: steps.tests.outcome != 'success'
run: |
# the test reporter we use (or any for that matter)
# all show a report. But we cannot depend on that report because
# we don't know which subsection it belongs in GitHub
# so we explicitly fail this one
# which will fail All Done
exit 1;
cargo-clippy-and-report:
name: Cargo clippy (and report)
runs-on: ubuntu-latest
needs:
- changes
if: |
github.event_name == 'pull_request' &&
fromJSON(needs.changes.outputs.code) == true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Cache dependencies
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
env:
CACHE_NAME: cargo-cache-dependencies
with:
path: |
~/.cargo
./target
key: ${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-clippy
restore-keys: |
${{ runner.os }}-build-${{ env.CACHE_NAME }}-${{ hashFiles('Cargo.lock') }}-
${{ runner.os }}-build-${{ env.CACHE_NAME }}-
- name: Set up toolchain
shell: bash
run: |
rm ${HOME}/.cargo/bin/rustfmt
rm ${HOME}/.cargo/bin/cargo-fmt
rustup update
cargo --version
- name: Run Clippy for GitHub Actions report
uses: actions-rs-plus/clippy-check@58bb2527088f0a574f000fad0244d021aeebc55a # v2.1.1
with:
args: --workspace --all-targets --all-features
docker-build:
name: Build Docker container
runs-on: ubuntu-latest
needs:
- calculate-version
outputs:
image_id_with_sha256: ${{ steps.build.outputs.imageid }}
# if: ... is not needed because calculate-version will not run if we disable building the docker container
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Set the Cargo.toml version before we copy in the data into the Docker container
shell: bash
run: |
./.github/scripts/update-version.sh ${{ needs.calculate-version.outputs.version }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
# TODO validate no changes between github.event.pull_request.head.sha and the actual current sha (representing the hypothetical merge)
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=pr,suffix=-latest
type=raw,value=pr-${{ github.event.pull_request.base.sha }}-${{ github.event.pull_request.head.sha }}
labels: |
org.opencontainers.image.version=pr-${{ github.event.number }}
org.opencontainers.image.source=${{ github.event.pull_request.html_url }}
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Lowercase the image name
shell: bash
run: |
echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}
- name: Set application name
shell: bash
run: |
APPLICATION_NAME=${{ github.repository }}
echo "APPLICATION_NAME=${APPLICATION_NAME##*/}" >> ${GITHUB_ENV}
- name: Build Docker image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
id: build
with:
build-args: |
APPLICATION_NAME=${{ env.APPLICATION_NAME }}
context: .
# this container is THE PR's artifact, and we will re-tag it
# once the PR has been accepted
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
outputs: type=docker,dest=${{ env.DOCKER_IMAGE_TAR_LOCATION }}
- name: Upload artifact
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
path: ${{ env.DOCKER_IMAGE_TAR_LOCATION }}
docker-integration-test:
name: Docker integration test
runs-on: ubuntu-latest
needs:
- changes
- docker-build
if: |
(needs.changes.outputs.code == 'true')
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
show-progress: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Download artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
path: ${{ env.DOCKER_IMAGE_OUTPUT_LOCATION }}
- name: Load image from artifact
shell: bash
run: |
docker load --input ${{ env.DOCKER_IMAGE_TAR_LOCATION }}
- name: Run integration tests
shell: bash
env:
DOCKER_BUILDKIT: "1" # https://github.com/moby/buildkit/issues/1945#issuecomment-763705334
IMAGE_ID_WITH_SHA256: ${{ needs.docker-build.outputs.image_id_with_sha256 }}
run: |
# IMAGE_ID_WITH_SHA256 looks like sha256:0ae0dc0eb5fbada1c6083b078a168422b4d67227bb762340857c095008c3cbb3
# we only need the second part so we're splitting it at the :
export IMAGE_ID=${IMAGE_ID_WITH_SHA256#*:}
cd integration-tests
./tests.sh
docker-publish:
name: Publish Docker container
runs-on: ubuntu-latest
needs:
- cargo-build
- cargo-fmt
- cargo-test-and-report
- cargo-clippy-and-report
- docker-build
- docker-integration-test
# Check if the event is not triggered by a fork
if: github.event.pull_request.head.repo.full_name == github.repository && github.event_name == 'pull_request'
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Download artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
path: ${{ env.DOCKER_IMAGE_OUTPUT_LOCATION }}
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Load image from artifact
shell: bash
run: |
docker load --input ${{ env.DOCKER_IMAGE_TAR_LOCATION }}
- name: Push image with all tags
shell: bash
run: |
docker push ${REGISTRY,,}/${IMAGE_NAME,,} --all-tags
all-done:
name: All done
# this is the job that should be marked as required on GitHub. It's the only one that'll reliably trigger
# when any upstream fails: success
# when all upstream skips: pass
# when all upstream success: success
# combination of upstream skip and success: success
runs-on: ubuntu-latest
needs:
- calculate-version
- cargo-build
- cargo-fmt
- cargo-clippy-and-report
- cargo-test-and-report
- docker-build
- docker-publish
if: always()
steps:
- name: Fail!
shell: bash
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: |
echo "One / more upstream failed or was cancelled. Failing job..."
exit 1
- name: Success!
shell: bash
run: |
echo "Great success!"