Google Git
Sign in
android / toolchain / cargo-deny / HEAD / . / .github / workflows / ci.yaml
blob: 7d0d7175523e4a8eb7a684b071ab4c2ba62a0283 [file] [log] [blame]
name: CI
on:
push:
branches:
- main
tags:
- "*"
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
# Lightweight check for typos in any files. Config lives in 'typos.toml'
typos:
name: Typos
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
# Typos check should be pinned to the very specific version
# to prevent sudden dictionary updates from making our CI fail
- uses: crate-ci/[email protected]
lint:
name: Lint
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: "clippy, rustfmt"
- uses: Swatinem/rust-cache@v2
# make sure all code has been formatted with rustfmt and linted with clippy
- name: rustfmt
run: cargo fmt -- --check --color always
# run clippy to verify we have no warnings
- run: cargo fetch
- name: cargo clippy
run: cargo clippy --all-targets --all-features -- -D warnings
test:
name: Test
strategy:
matrix:
os: [ubuntu-22.04, macos-14]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- run: cargo fetch
- name: cargo test build
run: cargo build --tests
- run: cargo test
self:
name: Check Users
strategy:
matrix:
include:
- os: ubuntu-22.04
target: x86_64-unknown-linux-musl
runs-on: ${{ matrix.os }}
env:
TARGET: x86_64-unknown-linux-musl
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
target: ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
- name: Install musl tools
if: matrix.target == 'x86_64-unknown-linux-musl'
run: |
sudo apt-get install -y musl-tools
- name: cargo fetch
run: cargo fetch --target ${{ matrix.target }}
- name: cargo install
# Install in debug mode since this part is sloooooow and
# release doesn't really matter much for runtime
# Also, build and run with musl, this lets us ensure that
# musl still works, which is important for the linux binaries
# we release, but wasn't exercised until now
run: cargo install --path . --debug --target ${{ matrix.target }}
- name: self check
run: cargo deny -L debug --all-features --locked check
# - name: check external users
# run: ./scripts/check_external.sh
# Build `mdBook` documentation and upload it as a temporary build artifact
doc-book:
name: Build the book
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- env:
version: "0.4.32"
run: |
set -e
curl -L https://github.com/rust-lang-nursery/mdBook/releases/download/v${version}/mdbook-v${version}-x86_64-unknown-linux-gnu.tar.gz | tar xzf -
echo `pwd` >> $GITHUB_PATH
- run: (cd docs && mdbook build)
- uses: actions/upload-artifact@v1
with:
name: doc-book
path: docs/book
publish-check:
name: Publish Check
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- run: cargo fetch
- name: cargo publish
run: cargo publish --dry-run
release:
name: Release
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
include:
- os: ubuntu-22.04
rust: stable
target: x86_64-unknown-linux-musl
bin: cargo-deny
- os: windows-2022
rust: stable
target: x86_64-pc-windows-msvc
bin: cargo-deny.exe
- os: macos-14
rust: stable
target: x86_64-apple-darwin
bin: cargo-deny
- os: macos-14
rust: stable
target: aarch64-apple-darwin
bin: cargo-deny
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
target: ${{ matrix.target }}
- name: Install musl tools
if: matrix.target == 'x86_64-unknown-linux-musl'
run: |
sudo apt-get install -y musl-tools
- uses: Swatinem/rust-cache@v2
- name: cargo fetch
run: cargo fetch --target ${{ matrix.target }}
- name: Release build
run: cargo build --release --target ${{ matrix.target }}
- name: Package
shell: bash
run: |
name=cargo-deny
tag=$(git describe --tags --abbrev=0)
release_name="$name-$tag-${{ matrix.target }}"
release_tar="${release_name}.tar.gz"
mkdir "$release_name"
if [ "${{ matrix.target }}" != "x86_64-pc-windows-msvc" ]; then
strip "target/${{ matrix.target }}/release/${{ matrix.bin }}"
fi
cp "target/${{ matrix.target }}/release/${{ matrix.bin }}" "$release_name/"
cp README.md LICENSE-APACHE LICENSE-MIT "$release_name/"
tar czvf "$release_tar" "$release_name"
rm -r "$release_name"
# Windows environments in github actions don't have the gnu coreutils installed,
# which includes the shasum exe, so we just use powershell instead
if [ "${{ matrix.target }}" == "x86_64-pc-windows-msvc" ]; then
echo "(Get-FileHash \"${release_tar}\" -Algorithm SHA256).Hash | Out-File -Encoding ASCII -NoNewline \"${release_tar}.sha256\"" | pwsh -c -
else
echo -n "$(shasum -ba 256 "${release_tar}" | cut -d " " -f 1)" > "${release_tar}.sha256"
fi
- name: Publish
uses: softprops/action-gh-release@v1
with:
draft: true
files: "cargo-deny*"
env:
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
publish:
name: Publish Docs
needs: [doc-book]
runs-on: ubuntu-22.04
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Download book
uses: actions/download-artifact@v1
with:
name: doc-book
- name: Assemble gh-pages
run: |
mv doc-book gh-pages
# If this is a push to the main branch push to the `gh-pages` using a
# deploy key. Note that a deploy key is necessary for now because otherwise
# using the default token for github actions doesn't actually trigger a page
# rebuild.
- name: Push to gh-pages
# Uses a rust script to setup and push to the gh-pages branch
run: rustc scripts/build-pages.rs && (cd gh-pages && ../build-pages)
env:
GITHUB_DEPLOY_KEY: ${{ secrets.GITHUB_DEPLOY_KEY }}
BUILD_REPOSITORY_ID: ${{ github.repository }}
BUILD_SOURCEVERSION: ${{ github.sha }}
test_success:
runs-on: ubuntu-22.04
needs: [typos,lint,test,self,publish-check,doc-book]
steps:
- run: echo "All test jobs passed"