fix(ci): Skip GCP CI jobs on PRs from external contributors, let mergify test them after approval #478
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint | |
# Ensures that only one workflow task will run at a time. Previous builds, if | |
# already in process, will get cancelled. Only the latest commit will be allowed | |
# to run, cancelling any workflows in between | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
on: | |
# we build Rust caches on main, so they can be shared by all branches: | |
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache | |
push: | |
branches: | |
- main | |
pull_request: | |
env: | |
CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} | |
RUST_LOG: ${{ vars.RUST_LOG }} | |
RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} | |
RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} | |
COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} | |
jobs: | |
changed-files: | |
runs-on: ubuntu-latest | |
name: Checks changed-files | |
outputs: | |
rust: ${{ steps.changed-files-rust.outputs.any_changed == 'true' }} | |
workflows: ${{ steps.changed-files-workflows.outputs.any_changed == 'true' }} | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- name: Rust files | |
id: changed-files-rust | |
uses: tj-actions/changed-files@v40.1.1 | |
with: | |
files: | | |
**/*.rs | |
**/Cargo.toml | |
**/Cargo.lock | |
clippy.toml | |
.cargo/config.toml | |
.github/workflows/ci-lint.yml | |
- name: Workflow files | |
id: changed-files-workflows | |
uses: tj-actions/changed-files@v40.1.1 | |
with: | |
files: | | |
.github/workflows/*.yml | |
clippy: | |
name: Clippy | |
timeout-minutes: 45 | |
runs-on: ubuntu-latest | |
needs: changed-files | |
if: ${{ needs.changed-files.outputs.rust == 'true' }} | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
- name: Install last version of Protoc | |
uses: arduino/setup-protoc@v2.1.0 | |
with: | |
# TODO: increase to latest version after https://github.com/arduino/setup-protoc/issues/33 is fixed | |
version: '23.x' | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check workflow permissions | |
id: check_permissions | |
uses: scherermichael-oss/action-has-permission@1.0.6 | |
with: | |
required-permission: write | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Setup Rust with stable toolchain and default profile | |
- name: Setup Rust | |
run: | | |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=default | |
- uses: Swatinem/rust-cache@v2.7.1 | |
with: | |
shared-key: "clippy-cargo-lock" | |
# TODO: keep this action until we find a better solution | |
- name: Run clippy action to produce annotations | |
uses: actions-rs/clippy-check@v1.0.7 | |
if: ${{ steps.check_permissions.outputs.has-permission }} | |
with: | |
# GitHub displays the clippy job and its results as separate entries | |
name: Clippy (stable) Results | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --all-features --all-targets -- -D warnings | |
- name: Run clippy manually without annotations | |
if: ${{ !steps.check_permissions.outputs.has-permission }} | |
run: cargo clippy --all-features --all-targets -- -D warnings | |
fmt: | |
name: Rustfmt | |
timeout-minutes: 30 | |
runs-on: ubuntu-latest | |
needs: changed-files | |
if: ${{ needs.changed-files.outputs.rust == 'true' }} | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
with: | |
persist-credentials: false | |
- uses: r7kamura/rust-problem-matchers@v1.4.0 | |
- name: Install last version of Protoc | |
uses: arduino/setup-protoc@v2.1.0 | |
with: | |
# TODO: increase to latest version after https://github.com/arduino/setup-protoc/issues/33 is fixed | |
version: '23.x' | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
# Setup Rust with stable toolchain and default profile | |
- name: Setup Rust | |
run: | | |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=default | |
# We don't cache `fmt` outputs because the job is quick, | |
# and we want to use the limited GitHub actions cache space for slower jobs. | |
#- uses: Swatinem/rust-cache@v2.7.1 | |
- run: | | |
cargo fmt --all -- --check | |
actionlint: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
needs: changed-files | |
if: ${{ needs.changed-files.outputs.workflows == 'true' }} | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: actionlint | |
uses: reviewdog/action-actionlint@v1.39.1 | |
with: | |
level: warning | |
fail_on_error: false | |
# This gives an error when run on PRs from external repositories, so we skip it. | |
- name: validate-dependabot | |
# If this is a PR, check that the PR source is from a local branch. | |
# (github.ref is always a local branch, so this check always passes for non-PRs.) | |
if: ${{ contains(github.head_ref || github.ref, 'refs/heads/') }} | |
uses: marocchino/validate-dependabot@v2.1.0 | |
codespell: | |
runs-on: ubuntu-latest | |
needs: changed-files | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- uses: plettich/action-codespell@master | |
with: | |
github_token: ${{ secrets.github_token }} | |
level: warning |