From f1db89ca9955640ee2d45150482e333266ae59e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hans=20M=C3=BCndelein?= Date: Sun, 11 Jun 2023 18:30:26 +0200 Subject: [PATCH] Add experimental gitea actions --- .gitea/workflows/always.yml | 316 +++++++++++++++++++++++++++++ .gitea/workflows/pull-requests.yml | 122 +++++++++++ .gitea/workflows/release.yml | 162 +++++++++++++++ .gitea/workflows/scheduled.yml | 81 ++++++++ 4 files changed, 681 insertions(+) create mode 100644 .gitea/workflows/always.yml create mode 100644 .gitea/workflows/pull-requests.yml create mode 100644 .gitea/workflows/release.yml create mode 100644 .gitea/workflows/scheduled.yml diff --git a/.gitea/workflows/always.yml b/.gitea/workflows/always.yml new file mode 100644 index 0000000..1f3712c --- /dev/null +++ b/.gitea/workflows/always.yml @@ -0,0 +1,316 @@ +permissions: + contents: read +on: + push: + branches: [main] + pull_request: + branches: [main] +name: check + +jobs: + # check if code is correclty formatted + fmt: + runs-on: ubuntu-latest + name: ubuntu / stable / fmt + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + with: + components: rustfmt + - name: cargo fmt --check + run: cargo fmt --check --all + + clippy: + runs-on: ubuntu-latest + name: ubuntu / ${{ matrix.toolchain }} / clippy + permissions: + contents: read + checks: write + strategy: + fail-fast: false + matrix: + toolchain: [stable, beta, nightly ] + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install ${{ matrix.toolchain }} + uses: https://github.com/dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.toolchain }} + components: clippy + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo clippy + uses: https://github.com/actions-rs-plus/clippy-check@v2 + + doc: + runs-on: ubuntu-latest + name: ubuntu / nightly / doc + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install nightly + uses: https://github.com/dtolnay/rust-toolchain@nightly + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo doc + run: cargo doc --no-deps --all-features + env: + RUSTDOCFLAGS: --cfg docsrs + + udeps: + runs-on: ubuntu-latest + name: ubuntu / nightly / unused deps + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@master + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@nightly + - uses: https://github.com/taiki-e/install-action@cargo-udeps + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo-udeps + run: cargo udeps + + # trying if all feature combinations are passing + hack: + runs-on: ubuntu-latest + name: ubuntu / stable / feature-powerset + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - name: cargo install cargo-hack + uses: https://github.com/taiki-e/install-action@cargo-hack + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + # intentionally no target specifier; see https://github.com/jonhoo/rust-ci-conf/pull/4 + - name: cargo hack + run: | + cargo hack --feature-powerset check + +# check if all packages have a minimal supported rust version and work with that version + msrv: + runs-on: ubuntu-latest + name: ubuntu / stable / msrv + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - uses: https://github.com/taiki-e/cache-cargo-install-action@v1 + with: + tool: cargo-msrv + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: check msrv + run: | + $( + set -e; + for package_path in $(cargo metadata --no-deps | jq '.packages[].manifest_path' | xargs dirname); + do + cargo msrv --path $package_path verify; + done + ) + + required: + runs-on: ubuntu-latest + name: ubuntu / ${{ matrix.toolchain }} + strategy: + matrix: + toolchain: [stable, beta] + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install ${{ matrix.toolchain }} + uses: https://github.com/dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.toolchain }} + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo generate-lockfile + if: hashFiles('Cargo.lock') == '' + run: | + cargo run test --locked --all-features --all-targets + - name: cargo test --locked + run: | + cargo test --locked --all-features --all-targets + - name: cargo test --doc + run: | + cargo test --locked --all-features --doc + + minimal: + runs-on: ubuntu-latest + name: ubuntu / stable / minimal-versions + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@nightly + - uses: https://github.com/taiki-e/install-action@cargo-hack + - uses: https://github.com/taiki-e/install-action@cargo-minimal-versions + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo test + run: cargo minimal-versions test --locked --all-features --all-targets + + os-check: + runs-on: ${{ matrix.os }} + name: ${{ matrix.os }} / stable + strategy: + fail-fast: false + matrix: + os: [macos-latest, windows-latest] + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo generate-lockfile + if: hashFiles('Cargo.lock') == '' + run: | + cargo generate-lockfile + - name: cargo test + run: | + cargo test --locked --all-features --all-targets + + coverage: + runs-on: ubuntu-latest + name: ubuntu / stable / coverage + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - uses: actions/checkout@v3 + - uses: https://github.com/dtolnay/rust-toolchain@stable + with: + components: llvm-tools-preview + - name: Install cargo-llvm-cov + uses: https://github.com/taiki-e/install-action@cargo-llvm-cov + - name: Install latest nextest release + uses: https://github.com/taiki-e/install-action@nextest + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: Generate code coverage + run: | + cargo llvm-cov \ + --all-features \ + --fail-under-lines 80.0 \ + --workspace \ + --lcov \ + --output-path lcov.info \ + --ignore-filename-regex '(main.rs|command.rs|cli.rs|config.rs|logging.rs) \ + nextest + + loom: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo test --test loom + run: | + cargo test --release --test loom + env: + LOOM_MAX_PREEMPTIONS: 2 + RUSTFLAGS: "--cfg loom" + + + sanitizers: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install nightly + uses: https://github.com/dtolnay/rust-toolchain@nightly + - run: | + # to get the symbolizer for debug symbol resolution + sudo apt install llvm + # to fix buggy leak analyzer: + # https://github.com/japaric/rust-san#unrealiable-leaksanitizer + sed -i '/\[features\]/i [profile.dev]' Cargo.toml + sed -i '/profile.dev/a opt-level = 1' Cargo.toml + cat Cargo.toml + name: Enable debug symbols + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + + - name: cargo test -Zsanitizer=address + # only --lib --tests b/c of https://github.com/rust-lang/rust/issues/53945 + run: cargo test --all-features --target x86_64-unknown-linux-gnu + env: + ASAN_OPTIONS: "detect_odr_violation=0:detect_leaks=0" + RUSTFLAGS: "-Z sanitizer=address" + + # Leaks can also occur in safe code + # https://github.com/japaric/rust-san#leaksanitizer + - name: cargo test -Zsanitizer=leak + run: cargo test --all-features --target x86_64-unknown-linux-gnu + env: + LSAN_OPTIONS: "suppressions=lsan-suppressions.txt" + RUSTFLAGS: "-Z sanitizer=leak" + + # Just running the binary might not make much sense, unless we run + # a special test binary, running on tests does not work though + # https://github.com/japaric/rust-san#memorysanitizer-use-of-uninitialized-value-in-the-test-runner + - name: cargo run -Zsanitizer=memory + run: cargo run --all-features --target x86_64-unknown-linux-gnu + env: + LSAN_OPTIONS: "suppressions=lsan-suppressions.txt" + RUSTFLAGS: "-Z sanitizer=memory" + + # https://github.com/japaric/rust-san#threadsanitizer-data-race-in-the-test-runner + # does not seem to work and we still panic even with setting the test threads in + # environment variable or cli flags, so we fall back to testing the binary + # which might be less usefull + - name: cargo run -Zsanitizer=thread + run: cargo run --all-features --target x86_64-unknown-linux-gnu + env: + LSAN_OPTIONS: "suppressions=lsan-suppressions.txt" + RUSTFLAGS: "-Z sanitizer=thread" + RUST_TEST_THREADS: "1" + + miri: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install nightly + run: | + echo "NIGHTLY=nightly-$(curl -s https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV + - name: Install ${{ env.NIGHTLY }} + uses: https://github.com/dtolnay/rust-toolchain@master + with: + toolchain: ${{ env.NIGHTLY }} + components: miri + - name: Install latest nextest release + uses: https://github.com/taiki-e/install-action@nextest + - name: Build frontend + run: cd frontend && npm install && npm run build && cd - + - name: cargo miri + run: cargo miri nextest run + env: + MIRIFLAGS: "" + diff --git a/.gitea/workflows/pull-requests.yml b/.gitea/workflows/pull-requests.yml new file mode 100644 index 0000000..3e62fc9 --- /dev/null +++ b/.gitea/workflows/pull-requests.yml @@ -0,0 +1,122 @@ +permissions: + contents: read + checks: write + pull-requests: write + +on: + pull_request: + branches: [main] + +name: info +jobs: + bloat: + runs-on: ${{ matrix.os }} + name: ${{ matrix.os }} / stable / bloat + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest] + steps: + - uses: actions/checkout@master + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - uses: https://github.com/taiki-e/cache-cargo-install-action@v1 + with: + tool: cargo-bloat + - name: Download last size result + uses: actions/download-artifact@v3 + # we handle the absence in the run section + continue-on-error: true + with: + name: last-bloat-${{ matrix.os }} + path: last + - name: cargo-bloat + run: | + BINARY_PACKAGE=$(cargo metadata --no-deps | jq -r '.packages[] | select( .targets[] | select(.kind[] | contains("bin"))) | .name') + cargo bloat -p $BINARY_PACKAGE --release --crates --message-format json > bloat.json + if test -f last/bloat.json; then + last_size="last size: $(printf "%0.4f MB" $(bc -l <<< $(jq -r '."file-size"' last/bloat.json)/1000000))" + fi + size="size: $(printf "%0.4f MB" $(bc -l <<< $(jq -r '."file-size"' bloat.json)/1000000))" + echo "Here is how the binary size progressed on ${{ matrix.os }}" >> body + echo $last_size >> body + echo $size >> body + gh pr comment ${{ github.event.number }} -F body + - name: Save size result + uses: actions/upload-artifact@v3 + with: + name: ${{ github.sha }}-bloat-${{ matrix.os }} + path: bloat.json + - name: Save last size result + uses: actions/upload-artifact@v3 + with: + name: last-bloat-${{ matrix.os }} + path: bloat.json + + + outdated: + runs-on: ubuntu-latest + name: ubuntu / stable / outdated + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@master + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - uses: https://github.com/taiki-e/cache-cargo-install-action@v1 + with: + tool: cargo-outdated + - name: cargo-outdated + run: | + echo There are some new verions the used dependencies: > body + echo "" >> body + if cargo outdated --exit-code 1 >> body; then + echo dependencies look good + else + gh pr comment ${{ github.event.number }} -F body + fi + + iai: + runs-on: ubuntu-latest + name: ubuntu / stable / iai + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@master + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - uses: https://github.com/taiki-e/install-action@valgrind + - name: Download last bench result + uses: actions/download-artifact@v3 + # we handle the absence in the run section + continue-on-error: true + with: + name: last-bench + path: last + - name: cargo-bloat + run: | + cargo bench --bench iai > bench.result + if test -f last/bench.result; then + echo Last benchmark results: >> body + cat last/bench.result >> body + fi + echo "Benchmark results" >> body + cat bench.result >> body + gh pr comment ${{ github.event.number }} -F body + - name: Save size result + uses: actions/upload-artifact@v3 + with: + name: ${{ github.sha }}-bench + path: bench.result + - name: Save last size result + uses: actions/upload-artifact@v3 + with: + name: last-bench + path: bench.result diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml new file mode 100644 index 0000000..c406ac1 --- /dev/null +++ b/.gitea/workflows/release.yml @@ -0,0 +1,162 @@ +name: release +permissions: + contents: write +on: + push: + tags: + - '*-?v[0-9]+*' + +jobs: + # Create the Github Release™ so the packages have something to be uploaded to + + create-release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: https://github.com/taiki-e/create-gh-release-action@v1 + with: + # (Optional) Path to changelog. + changelog: CHANGELOG.md + # (Required) GitHub token for creating GitHub Releases. + token: ${{ secrets.GITHUB_TOKEN }} + draft: true + branch: main + + # create-release: + # runs-on: ubuntu-latest + # outputs: + # has-releases: ${{ steps.create-release.outputs.has-releases }} + # env: + # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # steps: + # - uses: actions/checkout@v3 + # - name: Install Rust + # run: rustup update 1.67.1 --no-self-update && rustup default 1.67.1 + # - name: Install cargo-dist + # run: curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.0.5/cargo-dist-v0.0.5-installer.sh | sh + # - id: create-release + # run: | + # cargo dist manifest --tag=${{ github.ref_name }} --artifacts=all --no-local-paths --output-format=json > dist-manifest.json + # echo "dist manifest ran successfully" + # cat dist-manifest.json + + # # Create the Github Release™ based on what cargo-dist thinks it should be + # ANNOUNCEMENT_TITLE=$(cat dist-manifest.json | jq --raw-output ".announcement_title") + # IS_PRERELEASE=$(cat dist-manifest.json | jq --raw-output ".announcement_is_prerelease") + # cat dist-manifest.json | jq --raw-output ".announcement_github_body" > new_dist_announcement.md + # gh release create ${{ github.ref_name }} --draft --prerelease="$IS_PRERELEASE" --title="$ANNOUNCEMENT_TITLE" --notes-file=new_dist_announcement.md + # echo "created announcement!" + + # # Upload the manifest to the Github Release™ + # gh release upload ${{ github.ref_name }} dist-manifest.json + # echo "uploaded manifest!" + + # # Disable all the upload-artifacts tasks if we have no actual releases + # HAS_RELEASES=$(cat dist-manifest.json | jq --raw-output ".releases != null") + # echo "has-releases=$HAS_RELEASES" >> "$GITHUB_OUTPUT" + + approve-release: + # Only run after all the other tasks + needs: [create-release] + permissions: + issues: write + runs-on: ubuntu-latest + steps: + - uses: https://github.com/trstringer/manual-approval@v1 + with: + secret: ${{ github.TOKEN }} + approvers: hmuendel + minimum-approvals: 1 + issue-title: "Release: ${{ github.ref_name }}" + issue-body: "Please approve or deny the release of version ${{ github.ref_name }}" + exclude-workflow-initiator-as-approver: false + additional-approved-words: 'sure,go,continue' + additional-denied-words: 'nope,cancel,stop' + + upload-assets: + needs: [create-release] + strategy: + matrix: + os: + - ubuntu-latest + - macos-latest + - windows-latest + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - uses: https://github.com/taiki-e/upload-rust-binary-action@v1 + with: + # (required) Comma-separated list of binary names (non-extension portion of filename) to build and upload. + # Note that glob pattern is not supported yet. + # TODO: Make this general + bin: rust-ci-test-repo + # (optional) On which platform to distribute the `.tar.gz` file. + # [default value: unix] + # [possible values: all, unix, windows, none] + tar: unix + # (optional) On which platform to distribute the `.zip` file. + # [default value: windows] + # [possible values: all, unix, windows, none] + zip: windows + # (required) GitHub token for uploading assets to GitHub Releases. + token: ${{ secrets.GITHUB_TOKEN }} + checksum: sha256 + include: LICENSE,README.md + + # Build and packages all the things + # upload-artifacts: + # # Let the initial task tell us to not run (currently very blunt) + # needs: create-release + # if: ${{ needs.create-release.outputs.has-releases == 'true' }} + # strategy: + # matrix: + # # For these target platforms + # include: + # - os: macos-11 + # dist-args: --artifacts=local --target=aarch64-apple-darwin --target=x86_64-apple-darwin + # install-dist: curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.0.5/cargo-dist-v0.0.5-installer.sh | sh + # - os: ubuntu-20.04 + # dist-args: --artifacts=local --target=x86_64-unknown-linux-gnu + # install-dist: curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.0.5/cargo-dist-v0.0.5-installer.sh | sh + # - os: windows-2019 + # dist-args: --artifacts=local --target=x86_64-pc-windows-msvc + # install-dist: irm https://github.com/axodotdev/cargo-dist/releases/download/v0.0.5/cargo-dist-v0.0.5-installer.ps1 | iex + + # runs-on: ${{ matrix.os }} + # env: + # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # steps: + # - uses: actions/checkout@v3 + # - name: Install Rust + # run: rustup update 1.67.1 --no-self-update && rustup default 1.67.1 + # - name: Install cargo-dist + # run: ${{ matrix.install-dist }} + # - name: Run cargo-dist + # # This logic is a bit janky because it's trying to be a polyglot between + # # powershell and bash since this will run on windows, macos, and linux! + # # The two platforms don't agree on how to talk about env vars but they + # # do agree on 'cat' and '$()' so we use that to marshal values between commands. + # run: | + # # Actually do builds and make zips and whatnot + # cargo dist build --tag=${{ github.ref_name }} --output-format=json ${{ matrix.dist-args }} > dist-manifest.json + # echo "dist ran successfully" + # cat dist-manifest.json + + # # Parse out what we just built and upload it to the Github Release™ + # cat dist-manifest.json | jq --raw-output ".artifacts[]?.path | select( . != null )" > uploads.txt + # echo "uploading..." + # cat uploads.txt + # gh release upload ${{ github.ref_name }} $(cat uploads.txt) + # echo "uploaded!" + + publish-release: + # Only run after all the other tasks, but it's ok if upload-artifacts was skipped + needs: [approve-release, upload-assets] + runs-on: ubuntu-latest + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v3 + - name: mark release as non-draft + run: | + gh release edit ${{ github.ref_name }} --draft=false diff --git a/.gitea/workflows/scheduled.yml b/.gitea/workflows/scheduled.yml new file mode 100644 index 0000000..1670ac6 --- /dev/null +++ b/.gitea/workflows/scheduled.yml @@ -0,0 +1,81 @@ +permissions: + contents: read +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: + - cron: '7 7 * * *' +name: scheduled +jobs: + # https://twitter.com/mycoliza/status/1571295690063753218 + nightly: + runs-on: ubuntu-latest + name: ubuntu / nightly + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install nightly + uses: https://github.com/dtolnay/rust-toolchain@nightly + - name: cargo generate-lockfile + if: hashFiles('Cargo.lock') == '' + run: cargo generate-lockfile + - name: cargo test --locked + run: cargo test --locked --all-features --all-targets + # https://twitter.com/alcuadrado/status/1571291687837732873 + update: + runs-on: ubuntu-latest + name: ubuntu / beta / updated + # There's no point running this if no Cargo.lock was checked in in the + # first place, since we'd just redo what happened in the regular test job. + # Unfortunately, hashFiles only works in if on steps, so we reepeat it. + # if: hashFiles('Cargo.lock') != '' + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install beta + if: hashFiles('Cargo.lock') != '' + uses: https://github.com/dtolnay/rust-toolchain@beta + - name: cargo update + if: hashFiles('Cargo.lock') != '' + run: cargo update + - name: cargo test + if: hashFiles('Cargo.lock') != '' + run: cargo test --locked --all-features --all-targets + env: + RUSTFLAGS: -D deprecated + + audit: + name: stable / audit + runs-on: ubuntu-latest + permissions: + checks: write + issues: write + steps: + - uses: actions/checkout@v3 + - uses: https://github.com/rustsec/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + deny: + runs-on: ubuntu-latest + name: stable / deny + strategy: + matrix: + checks: + - advisories + - bans licenses sources + # Prevent sudden announcement of a new advisory from failing ci: + continue-on-error: ${{ matrix.checks == 'advisories' }} + steps: + - uses: actions/checkout@v3 + with: + submodules: true + - name: Install stable + uses: https://github.com/dtolnay/rust-toolchain@stable + - uses: https://github.com/EmbarkStudios/cargo-deny-action@v1 + with: + command: check ${{ matrix.checks }}