github: bump EmbarkStudios/cargo-deny-action #16478
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
permissions: read-all | |
env: | |
CARGO_INCREMENTAL: 0 | |
CARGO_PROFILE_DEV_DEBUG: 0 | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
# macos-13 is x86; macos-14 is ARM | |
os: [ubuntu-latest, macos-13, macos-14, windows-latest] | |
cargo_flags: [""] | |
include: | |
- os: ubuntu-latest | |
cargo_flags: "--all-features" | |
runs-on: ${{ matrix.os }} | |
# TODO FIXME (aseipp): keep the timeout limit to ~15 minutes. this is long | |
# enough to give us runway for the future, but also once we hit it, we're at | |
# the "builds are taking too long" stage and we should start looking at ways | |
# to optimize the CI. | |
# | |
# at the same time, this avoids some issues where some flaky, bugged tests | |
# seem to be causing multi-hour runs on Windows (GPG signing issues), which | |
# is a problem we should fix. in the mean time, this will make these flakes | |
# less harmful, as it won't cause builds to spin for multiple hours, requiring | |
# manual cancellation. | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
# The default version of gpg installed on the runners is a version baked in with git | |
# which only contains the components needed by git and doesn't work for our test cases. | |
# | |
# This installs the latest gpg4win version, which is a variation of GnuPG built for | |
# Windows. | |
# | |
# There is some issue with windows PATH max length which is what all the PATH wrangling | |
# below is for. Please see the below link for where this fix was derived from: | |
# https://github.com/orgs/community/discussions/24933 | |
- name: Setup GnuPG [windows] | |
if: ${{ matrix.os == 'windows-latest' }} | |
run: | | |
$env:PATH = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin" | |
[Environment]::SetEnvironmentVariable("Path", $env:PATH, "Machine") | |
choco install --yes gpg4win | |
echo "C:\Program Files (x86)\Gpg4win\..\GnuPG\bin" >> $env:GITHUB_PATH | |
# The default version of openssh on windows server is quite old (8.1) and doesn't have | |
# all the necessary signing/verification commands available (such as -Y find-principals) | |
- name: Setup ssh-agent [windows] | |
if: ${{ matrix.os == 'windows-latest' }} | |
run: | | |
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 | |
choco install openssh --pre | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: 1.76 | |
- name: Build | |
run: cargo build --workspace --all-targets --verbose ${{ matrix.cargo_flags }} | |
- name: Test | |
run: cargo test --workspace --all-targets --verbose ${{ matrix.cargo_flags }} | |
env: | |
RUST_BACKTRACE: 1 | |
build-no-git: | |
name: Build jj-lib without Git support | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: 1.76 | |
- name: Build | |
run: cargo build -p jj-lib --no-default-features --verbose | |
check-protos: | |
name: Check protos | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: stable | |
- run: sudo apt update && sudo apt-get -y install protobuf-compiler | |
- name: Generate Rust code from .proto files | |
run: cargo run -p gen-protos | |
- name: Check for uncommitted changes | |
run: git diff --exit-code | |
rustfmt: | |
name: Check formatting | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: nightly | |
components: rustfmt | |
- run: cargo +nightly fmt --all -- --check | |
mkdocs: | |
name: Check that MkDocs can build the docs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b | |
with: | |
python-version: 3.11 | |
- name: Install uv | |
uses: astral-sh/setup-uv@e779db74266a80753577425b0f4ee823649f251d | |
with: | |
# If you bump the version, also update docs/contributing.md | |
# and all other workflows that install uv | |
version: "0.5.1" | |
- name: Check that `mkdocs` can build the docs | |
run: uv run -- mkdocs build --strict | |
# An optional job to alert us when uv updates break the build | |
mkdocs-latest: | |
name: Check that MkDocs can build the docs with latest Python and uv | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Install uv | |
uses: astral-sh/setup-uv@e779db74266a80753577425b0f4ee823649f251d | |
# 'only-managed' means that uv will always download Python, even | |
# if the runner happens to provide a compatible version | |
- name: Check that `mkdocs` can build the docs | |
run: uv run --python-preference=only-managed -- mkdocs build --strict | |
cargo-deny: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
checks: | |
- advisories | |
- bans licenses sources | |
# Prevent sudden announcement of a new advisory from failing ci: | |
continue-on-error: ${{ matrix.checks == 'advisories' }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: EmbarkStudios/cargo-deny-action@f87fcad0e65efa7cbdec993036c394fa9be14262 | |
with: | |
command: check ${{ matrix.checks }} | |
clippy-check: | |
name: Clippy check | |
permissions: | |
checks: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: stable | |
components: clippy | |
- run: cargo +stable clippy --all-features --workspace --all-targets -- -D warnings |