chore(deps): update trufflesecurity/trufflehog digest to 781157a #11125
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: protobuf_compatibility | |
on: | |
pull_request: | |
branches: [ "*" ] | |
push: | |
# protobuf compatibility is a transitive property, | |
# but it requires all the transitions to be checked. | |
# If we checked it just against the PR branches, | |
# we may end up with conflicting PRs getting merged | |
# (unless we improve our github setup). | |
# Therefore on post-merge we will execute the | |
# compatibility check as well (TODO: alerting). | |
branches: [ "main" ] | |
permissions: | |
contents: read | |
env: | |
CARGO_TERM_COLOR: always | |
CARGO_INCREMENTAL: "0" | |
RUSTFLAGS: "-Dwarnings -C linker=clang -C link-arg=-fuse-ld=lld -C link-arg=-Wl,-z,nostart-stop-gc" | |
RUSTC_WRAPPER: "sccache" | |
SCCACHE_GHA_ENABLED: "true" | |
RUST_BACKTRACE: "1" | |
SQLX_OFFLINE: true, | |
# github.base_ref -> github.head_ref for pull_request | |
BASE: ${{ github.event.pull_request.base.sha || github.event.before }} | |
# github.event.before -> github.event.after for push | |
HEAD: ${{ github.event.pull_request.head.sha || github.event.after }} | |
jobs: | |
compatibility: | |
runs-on: [ubuntu-22.04-github-hosted-16core] | |
steps: | |
- uses: mozilla-actions/sccache-action@89e9040de88b577a072e3760aaf59f585da083af # v0.0.5 | |
# before | |
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 | |
with: | |
ref: ${{ env.BASE }} | |
path: before | |
fetch-depth: 0 # fetches all branches and tags, which is needed to compute the LCA. | |
- name: checkout LCA | |
run: | |
git checkout $(git merge-base $BASE $HEAD) | |
working-directory: ./before | |
- name: compile before | |
run: cargo check --all-targets | |
working-directory: ./before/ | |
- name: build before.binpb | |
run: > | |
perl -ne 'print "$1\n" if /PROTOBUF_DESCRIPTOR="(.*)"/' | |
`find ./before/target/debug/build/*/output` | |
| xargs cat > ./before.binpb | |
# after | |
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 | |
with: | |
ref: ${{ env.HEAD }} | |
path: after | |
- name: compile after | |
run: cargo check --all-targets | |
working-directory: ./after | |
- name: build after.binpb | |
run: > | |
perl -ne 'print "$1\n" if /PROTOBUF_DESCRIPTOR="(.*)"/' | |
`find ./after/target/debug/build/*/output` | |
| xargs cat > ./after.binpb | |
# compare | |
- uses: bufbuild/buf-setup-action@54abbed4fe8d8d45173eca4798b0c39a53a7b658 # v1.39.0 | |
with: | |
github_token: ${{ github.token }} | |
- name: buf breaking | |
run: > | |
buf breaking './after.binpb' --against './before.binpb' --exclude-path 'zksync/config/experimental.proto' | |
--config '{"version":"v1","breaking":{"use":["WIRE_JSON","WIRE"]}}' --error-format 'github-actions' |