CI #785
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| merge_group: | |
| pull_request: | |
| schedule: | |
| - cron: "0 3 * * 6" # 6 = Saturday | |
| workflow_dispatch: | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| permissions: | |
| contents: read | |
| jobs: | |
| check-up-to-dateness: | |
| outputs: | |
| is-up-to-date: ${{ steps.main.outputs.is-up-to-date }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: main | |
| uses: trailofbits/check-up-to-dateness@v2 | |
| test: | |
| needs: [check-up-to-dateness] | |
| if: needs.check-up-to-dateness.outputs.is-up-to-date != 'true' | |
| strategy: | |
| fail-fast: ${{ github.event_name == 'merge_group' }} | |
| matrix: | |
| environment: [ubuntu-latest, macos-latest] | |
| runs-on: ${{ matrix.environment }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Install tools | |
| run: | | |
| rustup update | |
| rustup install nightly | |
| rustup +nightly component add clippy | |
| cargo install cargo-dylint dylint-link || true | |
| cargo install cargo-supply-chain || true | |
| cargo install group-runner || true | |
| - name: Update | |
| if: ${{ runner.os == 'Linux' }} | |
| run: sudo apt update | |
| - name: Install Bubblewrap | |
| if: ${{ runner.os == 'Linux' }} | |
| run: sudo apt install bubblewrap | |
| - name: Install Bubblewrap profile on Ubuntu | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| sudo apt install apparmor-profiles | |
| sudo cp /usr/share/apparmor/extra-profiles/bwrap-userns-restrict /etc/apparmor.d || true | |
| sudo systemctl reload apparmor | |
| # smoelius: Go is needed for the `aws-lc-fips-sys` third-party test. | |
| - name: Install Go on macOS | |
| if: ${{ runner.os == 'macOS' }} | |
| run: brew install go | |
| - name: Build | |
| run: cargo test --no-run | |
| - name: Test | |
| run: cargo test --config "target.'cfg(all())'.runner = 'group-runner'" | |
| all-checks: | |
| needs: [test] | |
| # smoelius: From "Defining prerequisite jobs" | |
| # (https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow#defining-prerequisite-jobs): | |
| # > If you would like a job to run even if a job it is dependent on did not succeed, use the | |
| # > `always()` conditional expression in `jobs.<job_id>.if`. | |
| if: ${{ always() }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check results | |
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| run: exit 1 |