Commit signing backend implementation #9132
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
permissions: read-all | |
env: | |
CARGO_INCREMENTAL: 0 | |
CARGO_PROFILE_DEV_DEBUG: 0 | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-14, windows-latest] | |
cargo_flags: [""] | |
include: | |
- os: ubuntu-latest | |
cargo_flags: "--all-features" | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
# The default version of gpg installed on the runners is a version baked in with git | |
# which only contains the components needed by git and doesn't work for our test cases. | |
# | |
# This installs the latest gpg4win version, which is a variation of GnuPG built for | |
# Windows. | |
# | |
# There is some issue with windows PATH max length which is what all the PATH wrangling | |
# below is for. Please see the below link for where this fix was derived from: | |
# https://github.com/orgs/community/discussions/24933 | |
- name: Setup GnuPG [windows] | |
if: ${{ matrix.os == 'windows-latest' }} | |
run: | | |
$env:PATH = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin" | |
[Environment]::SetEnvironmentVariable("Path", $env:PATH, "Machine") | |
choco install --yes gpg4win | |
echo "C:\Program Files (x86)\Gpg4win\..\GnuPG\bin" >> $env:GITHUB_PATH | |
# The default version of openssh on windows server is quite old (8.1) and doesn't have | |
# all the necessary signing/verification commands available (such as -Y find-principals) | |
- name: Setup ssh-agent [windows] | |
if: ${{ matrix.os == 'windows-latest' }} | |
run: | | |
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 | |
choco install openssh --pre | |
$sshAgentOutput = ssh-agent -s | Out-String | |
if ($sshAgentOutput -match 'SSH_AUTH_SOCK=(.+?); export SSH_AUTH_SOCK;') { | |
"SSH_AUTH_SOCK=$($matches[1])" | Out-File -Append -FilePath $env:GITHUB_ENV -Encoding utf8 | |
} | |
if ($sshAgentOutput -match 'SSH_AGENT_PID=([0-9]+); export SSH_AGENT_PID;') { | |
"SSH_AGENT_PID=$($matches[1])" | Out-File -Append -FilePath $env:GITHUB_ENV -Encoding utf8 | |
} | |
- name: Setup ssh-agent [unix] | |
if: ${{ matrix.os != 'windows-latest' }} | |
run: | | |
eval "$(ssh-agent -s)" | |
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | |
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: 1.76 | |
- name: Build | |
run: cargo build --workspace --all-targets --verbose ${{ matrix.cargo_flags }} | |
- name: Test | |
run: cargo test --workspace --all-targets --verbose ${{ matrix.cargo_flags }} | |
env: | |
RUST_BACKTRACE: 1 | |
check-protos: | |
name: Check protos | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: stable | |
- run: sudo apt update && sudo apt-get -y install protobuf-compiler | |
- name: Generate Rust code from .proto files | |
run: cargo run -p gen-protos | |
- name: Check for uncommitted changes | |
run: git diff --exit-code | |
rustfmt: | |
name: Check formatting | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: nightly | |
components: rustfmt | |
- run: cargo +nightly fmt --all -- --check | |
mkdocs: | |
name: Check that MkDocs can build the docs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c | |
with: | |
python-version: 3.11 | |
- name: Install poetry | |
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | |
with: | |
poetry-version: latest | |
- name: Install dependencies | |
run: poetry install --no-root | |
- name: Check that `mkdocs` can build the docs | |
run: poetry run -- mkdocs build --strict | |
mkdocs-old-poetry: | |
name: Check that MkDocs can build the docs with Poetry 1.3.2 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c | |
with: | |
python-version: 3.11 | |
- name: Install poetry | |
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 | |
with: | |
# Test with the version of Poetry in Debian stable. If this starts | |
# failing, we should increase this version and document the minimum | |
# necessary version of Poetry in contributing.md. | |
# | |
# One way to install old `poetry` is using `pipx`: | |
# pipx install 'poetry<1.4' --suffix -1.3 | |
poetry-version: 1.3.2 | |
- name: Install dependencies | |
run: poetry install --no-root | |
- name: Check that `mkdocs` can build the docs | |
run: poetry run -- mkdocs build --strict | |
cargo-deny: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
checks: | |
- advisories | |
- bans licenses sources | |
# Prevent sudden announcement of a new advisory from failing ci: | |
continue-on-error: ${{ matrix.checks == 'advisories' }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: EmbarkStudios/cargo-deny-action@68cd9c5e3e16328a430a37c743167572e3243e7e | |
with: | |
command: check ${{ matrix.checks }} | |
clippy-check: | |
name: Clippy check | |
permissions: | |
checks: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: stable | |
components: clippy | |
- run: cargo +stable clippy --all-features --workspace --all-targets -- -D warnings |