sterile.yml #231
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a sterile build and test workflow that uses the `dev-env` container image | |
# to build and test the project in a sterile environment. | |
# Artifacts produced by this workflow are intended to be used for production. | |
name: "sterile.yml" | |
on: | |
pull_request: {} | |
push: | |
branches: | |
- "main" | |
merge_group: | |
types: ["checks_requested"] | |
workflow_dispatch: | |
inputs: | |
debug_enabled: | |
type: "boolean" | |
description: "Run with tmate enabled" | |
required: false | |
default: false | |
concurrency: | |
group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after }}" | |
cancel-in-progress: true | |
jobs: | |
check_changes: | |
name: "Deduce required tests from code changes" | |
runs-on: "ubuntu-latest" | |
outputs: | |
devfiles: "${{ steps.changes.outputs.devfiles }}" | |
steps: | |
- name: "Checkout" | |
if: "${{ !github.event.pull_request }}" | |
uses: "actions/checkout@v4" | |
with: | |
persist-credentials: "false" | |
fetch-depth: "0" | |
- name: "Check code changes" | |
uses: "dorny/paths-filter@v3" | |
id: "changes" | |
with: | |
filters: | | |
devfiles: | |
- '!(README.md|LICENSE|design-docs/**|.gitignore|.github/**)' | |
- '.github/workflows/sterile.yml' | |
test: | |
needs: [ check_changes ] | |
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}" | |
permissions: | |
contents: "read" | |
packages: "read" | |
id-token: "write" | |
runs-on: "lab" | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: | |
- "stable" | |
name: "Sterile test run" | |
steps: | |
- name: "login to ghcr.io" | |
uses: "docker/login-action@v3" | |
with: | |
registry: "ghcr.io" | |
username: "${{ github.actor }}" | |
password: "${{ secrets.GITHUB_TOKEN }}" | |
- name: "install rust" | |
uses: "dtolnay/rust-toolchain@stable" | |
with: | |
toolchain: "${{ matrix.rust }}" | |
targets: "x86_64-unknown-linux-gnu" | |
- uses: "cargo-bins/cargo-binstall@main" | |
- name: "install just" | |
run: | | |
cargo binstall --no-confirm just | |
- name: "Checkout" | |
uses: "actions/checkout@v4" | |
- name: "dev/gnu sterile test" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu sterile test | |
mkdir dev.gnu | |
cp -a ./target/nextest dev.gnu | |
- name: "release/gnu sterile test" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu sterile test | |
mkdir release.gnu | |
cp -a ./target/nextest release.gnu | |
- name: "dev/musl sterile test" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-musl sterile test | |
mkdir dev.musl | |
cp -a ./target/nextest dev.musl | |
- name: "release/musl sterile test" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl sterile test | |
mkdir release.musl | |
cp -a ./target/nextest release.musl | |
- name: "install markdown-test-report" | |
if: ${{ always() }} | |
run: | | |
sudo apt-get update | |
sudo apt-get --yes --no-install-recommends install \ | |
colorized-logs \ | |
libssl-dev \ | |
openssl \ | |
pkg-config | |
cargo binstall --no-confirm markdown-test-report | |
- name: "dev/gnu report" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
export CARGO_TARGET_DIR=dev.gnu | |
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-gnu report | |
- name: "dev/musl report" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
export CARGO_TARGET_DIR=dev.musl | |
just debug=true rust="${{matrix.rust}}" profile=dev target=x86_64-unknown-linux-musl report | |
- name: "release/gnu report" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
export CARGO_TARGET_DIR=release.gnu | |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu report | |
- name: "release/musl report" | |
if: ${{ always() }} | |
run: | | |
export GITHUB_STEP_SUMMARY | |
export CARGO_TARGET_DIR=release.musl | |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl report | |
- uses: "actions/upload-artifact@v4" | |
if: ${{ always() }} | |
with: | |
name: 'rust-${{matrix.rust}}-test-results' | |
path: "target/nextest" | |
- name: "Setup tmate session for debug" | |
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
uses: "mxschmitt/action-tmate@v3" | |
timeout-minutes: 60 | |
with: | |
limit-access-to-actor: true | |
push: | |
needs: [ check_changes ] | |
if: "${{ needs.check_changes.outputs.devfiles == 'true' }}" | |
permissions: | |
contents: "read" | |
packages: "write" | |
id-token: "write" | |
runs-on: "lab" | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: | |
- "stable" | |
name: "Push containers" | |
steps: | |
- name: "login to ghcr.io" | |
uses: "docker/login-action@v3" | |
with: | |
registry: "ghcr.io" | |
username: "${{ github.actor }}" | |
password: "${{ secrets.GITHUB_TOKEN }}" | |
- name: "install rust" | |
uses: "dtolnay/rust-toolchain@stable" | |
with: | |
toolchain: "${{ matrix.rust }}" | |
targets: "x86_64-unknown-linux-gnu" | |
- uses: "cargo-bins/cargo-binstall@main" | |
- name: "install just" | |
run: | | |
cargo binstall --no-confirm just | |
- name: "Checkout" | |
uses: "actions/checkout@v4" | |
- name: "install rust" | |
uses: "dtolnay/rust-toolchain@stable" | |
with: | |
toolchain: "${{ matrix.rust }}" | |
targets: "x86_64-unknown-linux-gnu" | |
- uses: "cargo-bins/cargo-binstall@main" | |
- run: | | |
cargo binstall --no-confirm cargo-deny | |
- run: | | |
just debug=true cargo deny check | |
- run: | | |
just debug=true rust="${{matrix.rust}}" profile=debug target=x86_64-unknown-linux-gnu push-container | |
- run: | | |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-gnu push-container | |
- run: | | |
just debug=true rust="${{matrix.rust}}" profile=debug target=x86_64-unknown-linux-musl push-container | |
- run: | | |
just debug=true rust="${{matrix.rust}}" profile=release target=x86_64-unknown-linux-musl push-container | |
- name: "Setup tmate session for debug" | |
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
uses: "mxschmitt/action-tmate@v3" | |
timeout-minutes: 60 | |
with: | |
limit-access-to-actor: true | |
summary: | |
name: "Summary" | |
runs-on: "ubuntu-latest" | |
needs: | |
- test | |
- push | |
if: ${{ always() && needs.test.result != 'skipped' && needs.push.result != 'skipped' }} | |
steps: | |
- name: "Flag any test failures" | |
if: ${{ needs.test.result != 'success' }} | |
run: | | |
>&2 echo "One or more required tests failed" | |
exit 1 | |
- name: "Flag any push failures" | |
if: ${{ needs.push.result != 'success' }} | |
run: | | |
>&2 echo "One or more required pushes failed" | |
exit 1 |