-
Notifications
You must be signed in to change notification settings - Fork 112
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This workflow looks for breaking API changes using popular cargo-semver-checks tool. This comit introduces it only for PRs. If PR breaks API, appropriate label is added, otherwise it is removed.
- Loading branch information
Showing
1 changed file
with
81 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| # This workflow tests semver compatibilty. | ||
| # For PRs it checks if PR makes any API breaking changes, and assings appropriate label if so. | ||
| name: Semver checks | ||
|
|
||
| on: | ||
| pull_request_target: | ||
| branches: | ||
| - main | ||
| - 'branch-*' | ||
|
|
||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| RUST_BACKTRACE: full | ||
| PR_BASE: ${{ github.event.pull_request.base.sha }} | ||
| PR_HEAD: ${{ github.event.pull_request.head.sha }} | ||
| PR_ID: ${{ github.event.number }} | ||
|
|
||
| jobs: | ||
| semver-pull-request-check: | ||
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'pull_request_target' | ||
| # Disable all permissions | ||
| # This is important, because this job runs on untrusted input from | ||
| # the user and it's possible for the user to take over the job, | ||
| # for example by adding malicious build.rs file. If the job had, | ||
| # for example, `pull_requests: write` permission, malicous user | ||
| # could do us a lot of harm. This is also the reason that there are | ||
| # 2 jobs - it's so that it's not possible to take over a job that | ||
| # has permissions. | ||
| permissions: {} | ||
| timeout-minutes: 30 | ||
| outputs: | ||
| exitcode: ${{ steps.semver-pr-check.outputs.exitcode }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: "2" | ||
| ref: "refs/pull/${{ env.PR_ID }}/merge" | ||
| # Check if there was another push before this job started. | ||
| # If there was, wrong commit would be checked out. | ||
| - name: Sanity check | ||
| run: | | ||
| [[ "$(git rev-parse 'HEAD^2')" == "$PR_HEAD" ]] | ||
| # I don't know any way to do this using checkout action | ||
| - name: Fetch PR base | ||
| run: git fetch origin "$PR_BASE" | ||
| - name: Install semver-checks | ||
| # Official action uses binary releases fetched from GitHub | ||
| # If this pipeline becomes too slow, we should do this too | ||
| run: cargo install cargo-semver-checks --no-default-features | ||
| - name: Verify the API compatibilty with PR base | ||
| id: semver-pr-check | ||
| run: | | ||
| set +e | ||
| make semver-rev rev="$PR_BASE" | ||
| exitcode=$? | ||
| echo "exitcode=$exitcode" >> $GITHUB_OUTPUT | ||
| exit "$exitcode" | ||
| continue-on-error: true | ||
|
|
||
| semver-pull-request-label: | ||
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'pull_request_target' | ||
| permissions: | ||
| pull-requests: write | ||
| needs: semver-pull-request-check | ||
| timeout-minutes: 3 | ||
| steps: | ||
| - name: Remove breaking label on success | ||
| run: gh pr edit "$PR_ID" --remove-label semver-checks-breaking | ||
| if: needs.semver-pull-request-check.outputs.exitcode == '0' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GH_REPO: ${{ github.repository }} | ||
| - name: Add breaking label on failure | ||
| run: gh pr edit "$PR_ID" --add-label semver-checks-breaking | ||
| if: needs.semver-pull-request-check.outputs.exitcode != '0' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GH_REPO: ${{ github.repository }} |