Add zizmor v0.8.0 #147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Release | |
on: | |
workflow_call: | |
push: | |
branches: [main] | |
pull_request: | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
complete: | |
if: always() | |
needs: [cargo, go] | |
runs-on: ubuntu-latest | |
steps: | |
- if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
run: exit 1 | |
cargo: | |
strategy: | |
fail-fast: false | |
matrix: | |
crate: | |
- name: cargo-workspaces | |
version: '0.2.35' | |
- name: cargo-workspaces | |
version: '0.3.6' | |
- name: cargo-hack | |
version: '0.5.28' | |
- name: cargo-set-rust-version | |
version: '0.5.0' | |
- name: cargo-edit | |
version: '0.11.6' | |
- name: cargo-fuzz | |
version: '0.12.0' | |
- name: cargo-deny | |
version: '0.14.19' | |
rust: '1.79.0' | |
- name: cargo-deny | |
version: '0.16.1' | |
- name: cargo-readme | |
version: '3.3.1' | |
- name: cargo-semver-checks | |
version: '0.35.0' | |
- name: cargo-public-api | |
version: '0.33.1' | |
- name: wasm-pack | |
version: '0.13.0' | |
- name: wasm-bindgen-cli | |
version: '0.2.92' | |
- name: check-lockfile-intersection | |
version: '0.1.0' | |
- name: wasm-cs | |
version: '1.0.0' | |
- name: zizmor | |
version: '0.8.0' | |
runs-on: | |
- ubuntu-latest | |
- macos-12 # amd64 | |
- macos-14 # arm64 | |
- windows-latest | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- uses: actions/checkout@v3 | |
- if: 'matrix.crate.rust' | |
shell: bash | |
run: | | |
rustup install ${{ matrix.crate.rust }} | |
rustup default ${{ matrix.crate.rust }} | |
- if: '!matrix.crate.rust' | |
shell: bash | |
run: rustup update | |
- shell: bash | |
run: | | |
rustc -V | |
cargo -V | |
- uses: stellar/actions/rust-cache@main | |
- shell: bash | |
run: cargo install --target-dir ~/.cargo/target --root . --locked --version ${{ matrix.crate.version }} ${{ matrix.crate.name }} | |
- shell: bash | |
run: tar cvfz ${{ matrix.crate.name }}-${{ matrix.crate.version }}-${{ runner.os }}-${{ runner.arch }}.tar.gz -C bin . | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.crate.name }}-${{ matrix.crate.version }}-${{ matrix.runs-on }} | |
path: '*.tar.gz' | |
go: | |
strategy: | |
fail-fast: false | |
matrix: | |
package: | |
- name: actionlint | |
import-path: github.com/rhysd/actionlint/cmd/actionlint | |
version: '1.7.1' | |
runs-on: | |
- ubuntu-latest | |
- macos-12 # amd64 | |
- macos-14 # arm64 | |
- windows-latest | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: stable | |
- shell: bash | |
run: GOBIN="$PWD/bin" go install ${{ matrix.package.import-path }}@v${{ matrix.package.version }} | |
- shell: bash | |
run: tar cvfz ${{ matrix.package.name }}-${{ matrix.package.version }}-${{ runner.os }}-${{ runner.arch }}.tar.gz -C bin . | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ matrix.package.name }}-${{ matrix.package.version }}-${{ matrix.runs-on }} | |
path: '*.tar.gz' | |
release-create: | |
if: github.ref_name == 'main' | |
needs: complete | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- id: set-tag | |
run: echo "tag=v$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT | |
- run: gh release -R ${{ github.repository }} create --generate-notes --target ${{ github.sha }} "${{ steps.set-tag.outputs.tag }}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
outputs: | |
tag: ${{ steps.set-tag.outputs.tag }} | |
release-upload: | |
if: github.ref_name == 'main' | |
needs: release-create | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v3 | |
- run: gh release -R ${{ github.repository }} upload --clobber "${{ needs.release-create.outputs.tag }}" **/*.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |