Skip to content

sterile.yml

sterile.yml #231

Workflow file for this run

# This is a sterile build and test workflow that uses the `dev-env` container image
# to build and test the project in a sterile environment.
# Artifacts produced by this workflow are intended to be used for production.
name: "sterile.yml"
on:
pull_request: {}
push:
branches:
- "main"
merge_group:
types: ["checks_requested"]
workflow_dispatch:
inputs:
debug_enabled:
type: "boolean"
description: "Run with tmate enabled"
required: false
default: false
concurrency:
group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after }}"
cancel-in-progress: true
jobs:
check_changes:
name: "Deduce required tests from code changes"
runs-on: "ubuntu-latest"
outputs:
devfiles: "${{ steps.changes.outputs.devfiles }}"
steps:
- name: "Checkout"
if: "${{ !github.event.pull_request }}"
uses: "actions/checkout@v4"
with:
persist-credentials: "false"
fetch-depth: "0"
- name: "Check code changes"
uses: "dorny/paths-filter@v3"
id: "changes"
with:
filters: |
devfiles:
- '!(README.md|LICENSE|design-docs/**|.gitignore|.github/**)'
- '.github/workflows/sterile.yml'
test:
needs: [ check_changes ]
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}"
permissions:
contents: "read"
packages: "read"
id-token: "write"
runs-on: "lab"
strategy:
fail-fast: false
matrix:
rust:
- "stable"
name: "Sterile test run"
steps:
- name: "login to ghcr.io"
uses: "docker/login-action@v3"
with:
registry: "ghcr.io"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "install rust"
uses: "dtolnay/rust-toolchain@stable"
with:
toolchain: "${{ matrix.rust }}"
targets: "x86_64-unknown-linux-gnu"
- uses: "cargo-bins/cargo-binstall@main"
- name: "install just"
run: |
cargo binstall --no-confirm just
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "dev/gnu sterile test"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu sterile test
mkdir dev.gnu
cp -a ./target/nextest dev.gnu
- name: "release/gnu sterile test"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu sterile test
mkdir release.gnu
cp -a ./target/nextest release.gnu
- name: "dev/musl sterile test"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-musl sterile test
mkdir dev.musl
cp -a ./target/nextest dev.musl
- name: "release/musl sterile test"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl sterile test
mkdir release.musl
cp -a ./target/nextest release.musl
- name: "install markdown-test-report"
if: ${{ always() }}
run: |
sudo apt-get update
sudo apt-get --yes --no-install-recommends install \
colorized-logs \
libssl-dev \
openssl \
pkg-config
cargo binstall --no-confirm markdown-test-report
- name: "dev/gnu report"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
export CARGO_TARGET_DIR=dev.gnu
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu report
- name: "dev/musl report"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
export CARGO_TARGET_DIR=dev.musl
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-musl report
- name: "release/gnu report"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
export CARGO_TARGET_DIR=release.gnu
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu report
- name: "release/musl report"
if: ${{ always() }}
run: |
export GITHUB_STEP_SUMMARY
export CARGO_TARGET_DIR=release.musl
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl report
- uses: "actions/upload-artifact@v4"
if: ${{ always() }}
with:
name: 'rust-${{matrix.rust}}-test-results'
path: "target/nextest"
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
timeout-minutes: 60
with:
limit-access-to-actor: true
push:
needs: [ check_changes ]
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}"
permissions:
contents: "read"
packages: "write"
id-token: "write"
runs-on: "lab"
strategy:
fail-fast: false
matrix:
rust:
- "stable"
name: "Push containers"
steps:
- name: "login to ghcr.io"
uses: "docker/login-action@v3"
with:
registry: "ghcr.io"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: "install rust"
uses: "dtolnay/rust-toolchain@stable"
with:
toolchain: "${{ matrix.rust }}"
targets: "x86_64-unknown-linux-gnu"
- uses: "cargo-bins/cargo-binstall@main"
- name: "install just"
run: |
cargo binstall --no-confirm just
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "install rust"
uses: "dtolnay/rust-toolchain@stable"
with:
toolchain: "${{ matrix.rust }}"
targets: "x86_64-unknown-linux-gnu"
- uses: "cargo-bins/cargo-binstall@main"
- run: |
cargo binstall --no-confirm cargo-deny
- run: |
just debug=true cargo deny check
- run: |
just debug=true rust="${{matrix.rust}}" profile=debug target=x86_64-unknown-linux-gnu push-container
- run: |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu push-container
- run: |
just debug=true rust="${{matrix.rust}}" profile=debug target=x86_64-unknown-linux-musl push-container
- run: |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl push-container
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
timeout-minutes: 60
with:
limit-access-to-actor: true
summary:
name: "Summary"
runs-on: "ubuntu-latest"
needs:
- test
- push
if: ${{ always() && needs.test.result != 'skipped' && needs.push.result != 'skipped' }}
steps:
- name: "Flag any test failures"
if: ${{ needs.test.result != 'success' }}
run: |
>&2 echo "One or more required tests failed"
exit 1
- name: "Flag any push failures"
if: ${{ needs.push.result != 'success' }}
run: |
>&2 echo "One or more required pushes failed"
exit 1