build(deps): bump EmbarkStudios/cargo-deny-action from 2.0.2 to 2.0.3 #974
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ main ] | |
tags: | |
- 'v*' | |
pull_request: | |
branches: [ main ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
CARGO_TERM_COLOR: always | |
CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
SCCACHE_GHA_ENABLED: "true" | |
RUSTC_WRAPPER: "sccache" | |
jobs: | |
opa-lint: | |
name: Lint and test OPA policies | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2.2.0 | |
with: | |
version: 0.64.1 | |
- name: Lint policies | |
working-directory: ./policies | |
run: make lint | |
- name: Run OPA tests | |
working-directory: ./policies | |
run: make test | |
frontend-lint: | |
name: Check frontend style | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Install Node | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: 20 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Lint | |
working-directory: ./frontend | |
run: npm run lint | |
frontend-test: | |
name: Run the frontend test suite | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Install Node | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: 20 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Test | |
working-directory: ./frontend | |
run: npm test | |
rustfmt: | |
name: Check Rust style | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Install toolchain | |
run: | | |
rustup toolchain install nightly | |
rustup default nightly | |
rustup component add rustfmt | |
- name: Check style | |
run: cargo fmt --all -- --check | |
cargo-deny: | |
name: Run `cargo deny` checks | |
runs-on: ubuntu-latest | |
env: | |
# We need to remove the sccache wrapper because we don't install it in this job | |
RUSTC_WRAPPER: "" | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Run `cargo-deny` | |
uses: EmbarkStudios/cargo-deny-action@v2.0.3 | |
check-schema: | |
name: Check schema | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Install Rust toolchain | |
run: | | |
rustup toolchain install stable | |
rustup default stable | |
- name: Setup sccache | |
uses: mozilla-actions/sccache-action@v0.0.6 | |
- name: Install Node | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: 20 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Update the schemas | |
run: sh ./misc/update.sh | |
- name: Check that the workspace is clean | |
run: | | |
if ! [[ -z $(git status -s) ]]; then | |
echo "::error title=Workspace is not clean::Please run 'sh ./misc/update.sh' and commit the changes" | |
( | |
echo '## Diff after running `sh ./misc/update.sh`:' | |
echo | |
echo '```diff' | |
git diff | |
echo '```' | |
) >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
clippy: | |
name: Run Clippy | |
needs: [rustfmt, opa-lint] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Install toolchain | |
run: | | |
rustup toolchain install 1.82.0 | |
rustup default 1.82.0 | |
rustup component add clippy | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2.2.0 | |
with: | |
version: 0.64.1 | |
- name: Compile OPA policies | |
working-directory: ./policies | |
run: make | |
- name: Setup sccache | |
uses: mozilla-actions/sccache-action@v0.0.6 | |
- name: Run clippy | |
run: | | |
cargo clippy --workspace --tests --bins --lib -- -D warnings | |
compile-test-artifacts: | |
name: Compile test artifacts | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.2.2 | |
- name: Install toolchain | |
run: | | |
rustup toolchain install stable | |
rustup default stable | |
- name: Install nextest | |
uses: taiki-e/install-action@nextest | |
- name: Setup sccache | |
uses: mozilla-actions/sccache-action@v0.0.6 | |
- name: Build and archive tests | |
run: cargo nextest archive --workspace --archive-file nextest-archive.tar.zst | |
env: | |
SQLX_OFFLINE: '1' | |
- name: Upload archive to workflow | |
uses: actions/upload-artifact@v4.4.3 | |
with: | |
name: nextest-archive | |
path: nextest-archive.tar.zst | |
test: | |
name: Run test suite with Rust stable | |
needs: [rustfmt, opa-lint, compile-test-artifacts] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
strategy: | |
matrix: | |
partition: [1, 2] | |
services: | |
postgres: | |
image: docker.io/library/postgres:15.3 | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- "5432:5432" | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- run: mkdir -p ~/.cargo/bin | |
- name: Install nextest | |
uses: taiki-e/install-action@nextest | |
- name: Install Node | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: 20 | |
- name: Install Node dependencies | |
working-directory: ./frontend | |
run: npm ci | |
- name: Build the frontend | |
working-directory: ./frontend | |
run: npm run build | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2.2.0 | |
with: | |
version: 0.64.1 | |
- name: Compile OPA policies | |
working-directory: ./policies | |
run: make | |
- name: Download archive | |
uses: actions/download-artifact@v4 | |
with: | |
name: nextest-archive | |
- name: Test | |
env: | |
DATABASE_URL: postgresql://postgres:postgres@localhost/postgres | |
run: | | |
~/.cargo/bin/cargo-nextest nextest run --archive-file nextest-archive.tar.zst \ | |
--partition count:${{ matrix.partition }}/2 \ | |
--retries 1 | |
# --retries is a workaround for sqlx not playing nice with nextest | |
# Waiting for https://github.com/launchbadge/sqlx/pull/3334 | |
syn2mas: | |
name: Check syn2mas | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout the code | |
uses: actions/checkout@v4.2.2 | |
- name: Install Node | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version-file: ./tools/syn2mas/.nvmrc | |
- name: Install Node dependencies | |
working-directory: ./tools/syn2mas | |
run: npm ci | |
- name: Lint | |
working-directory: ./tools/syn2mas | |
run: npm run lint | |
- name: Build | |
working-directory: ./tools/syn2mas | |
run: npm run build | |
tests-done: | |
name: Tests done | |
if: ${{ always() }} | |
needs: | |
- opa-lint | |
- frontend-lint | |
- frontend-test | |
- rustfmt | |
- cargo-deny | |
- clippy | |
- check-schema | |
- test | |
- syn2mas | |
runs-on: ubuntu-latest | |
steps: | |
- uses: matrix-org/done-action@v3 | |
with: | |
needs: ${{ toJSON(needs) }} |