Mystara/refraction
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: simplify

Browse source
This commit is contained in:
seth 2024-08-06 23:59:03 -04:00 committed by Sefa Eyeoglu
parent 0b6be71c48
commit add9edcaca
8 changed files with 202 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

66
.github/workflows/check.yml vendored
View file

@ -1,66 +0,0 @@
name: Check
on:
push:
branches: ['main']
pull_request:
jobs:
rustfmt:
name: Run rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt
- name: Setup Rust cache
uses: Swatinem/rust-cache@v2
- name: Run rustfmt
run: cargo fmt --all -- --check
clippy:
name: Run Clippy scan
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: clippy
- name: Setup Rust cache
uses: Swatinem/rust-cache@v2
- name: Install SARIF tools
run: cargo install clippy-sarif sarif-fmt
- name: Fetch Cargo deps
run: cargo fetch --locked
- name: Run Clippy
continue-on-error: true
run: |
cargo clippy \
--all-features \
--all-targets \
--message-format=json \
| clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt
- name: Upload results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: /tmp/clippy.sarif
wait-for-processing: true

79
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,79 @@
name: CI
on:
push:
branches: [main]
pull_request:
workflow_dispatch:
jobs:
build:
name: Build (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
use-nix: true
- os: windows-latest
use-nix: false
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust
if: ${{ !matrix.use-nix }}
uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Install Nix
if: ${{ matrix.use-nix }}
uses: DeterminateSystems/nix-installer-action@v15
- name: Setup Nix cache
if: ${{ matrix.use-nix }}
uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Build
if: ${{ !matrix.use-nix }}
run: cargo build --locked
- name: Build
if: ${{ matrix.use-nix }}
run: nix build --print-build-logs .#refraction-debug
flake:
name: Flake checks
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v15
- name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Run checks
run: |
nix flake check --print-build-logs --show-trace
# Make sure all above jobs finished successfully
release-gate:
name: CI Release gate
needs: [build, flake]
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Exit with error
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1

47
.github/workflows/clippy.yml vendored Normal file
View file

@ -0,0 +1,47 @@
name: Clippy
on:
push:
branches: [main]
paths:
- 'Cargo.toml'
- 'Cargo.lock'
- '**.rs'
pull_request:
paths:
- 'Cargo.toml'
- 'Cargo.lock'
- '**.rs'
workflow_dispatch:
jobs:
clippy:
name: Run scan
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v13
- name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v7
- name: Generate sarif report
id: clippy-run
run: |
nix build --print-build-logs .#clippy-report
[ -L result ] || exit 1
echo "sarif-file=$(readlink -f result)" >> "$GITHUB_OUTPUT"
- name: Upload results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.clippy-run.outputs.sarif-file }}
wait-for-processing: true

20
.github/workflows/docker.yml vendored
View file

@ -2,7 +2,7 @@ name: Docker
on: on:
push: push:
branches: [ main ] branches: [main]
pull_request: pull_request:
workflow_dispatch: workflow_dispatch:
@ -13,7 +13,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
arch: [ amd64, arm64 ] arch: [amd64, arm64]
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -44,11 +44,25 @@ jobs:
if-no-files-found: error if-no-files-found: error
retention-days: 3 retention-days: 3
# Make sure all above jobs finished successfully
release-gate:
name: Docker Release gate
needs: [build]
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Exit with error
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1
push: push:
name: Push image name: Push image
needs: build needs: build
if: github.event_name == 'push' if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest

52
.github/workflows/nix.yml vendored
View file

@ -1,52 +0,0 @@
name: Nix
on:
push:
branches: ['main']
pull_request:
workflow_dispatch:
jobs:
build:
name: Build
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v15
- name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Build refraction
run: nix build --fallback --print-build-logs
check:
name: Check flake
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v15
- name: Setup Nix cache
uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Run checks
run: |
nix flake check --print-build-logs --show-trace

4
.github/workflows/update-flake.yml vendored
View file

@ -24,9 +24,9 @@ jobs:
- name: Update flake.lock - name: Update flake.lock
id: update id: update
uses: DeterminateSystems/update-flake-lock@main uses: DeterminateSystems/update-flake-lock@v23
with: with:
pr-title: "nix: update flake.lock" pr-title: 'nix: update flake.lock'
- name: Enable Pull Request Automerge - name: Enable Pull Request Automerge
uses: peter-evans/enable-pull-request-automerge@v3 uses: peter-evans/enable-pull-request-automerge@v3

18
flake.nix
View file

@ -58,6 +58,24 @@
nixosModules.default = import ./nix/module.nix self; nixosModules.default = import ./nix/module.nix self;
# For CI
legacyPackages = forAllSystems (
system:
let
pkgs = nixpkgsFor.${system};
in
{
clippy-report = pkgs.callPackage ./nix/clippy.nix { inherit (self.packages.${system}) refraction; };
refraction-debug = (self.packages.${system}.refraction.override { lto = false; }).overrideAttrs (
finalAttrs: _: {
cargoBuildType = "debug";
cargoCheckType = finalAttrs.cargoBuildType;
}
);
}
);
packages = forAllSystems ( packages = forAllSystems (
system: system:
let let

39
nix/clippy.nix Normal file
View file

@ -0,0 +1,39 @@
{
cargo,
clippy,
clippy-sarif,
refraction,
rustPlatform,
sarif-fmt,
stdenv,
}:
stdenv.mkDerivation {
pname = "${refraction.pname}-sarif-report";
inherit (refraction)
version
src
cargoDeps
buildInputs
;
nativeBuildInputs = [
cargo
clippy
clippy-sarif
rustPlatform.cargoSetupHook
sarif-fmt
];
buildPhase = ''
cargo clippy \
--all-features \
--all-targets \
--tests \
--message-format=json \
| clippy-sarif | tee $out | sarif-fmt
'';
dontInstall = true;
dontFixup = true;
}