-
Notifications
You must be signed in to change notification settings - Fork 20
122 lines (118 loc) · 4.29 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: CI
on:
push:
pull_request:
schedule:
- cron: 45 3 * * 2 # every Tuesday at 3:45 UTC
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions: {}
jobs:
checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Compute the checks for ${{ github.event_name }}
id: checks
run: |
x() {
local check=$1
[[ $GITHUB_BASE_REF == dev/* && $check == changelog ]] && return
while [[ $# -gt 1 ]]; do
shift
[[ $1 == $GITHUB_EVENT_NAME ]] || continue
[[ -z "$CHECKS" ]] || CHECKS+=', '
CHECKS+="\"$check\""
done
true
}
x copyright pull_request
x changelog pull_request
x textreview pull_request
x sync pull_request push schedule
x publish pull_request push schedule
x markdown pull_request push schedule
x taplo pull_request push schedule
x applets pull_request push schedule
x runners pull_request push schedule
x tests-0 pull_request push schedule
x tests-1 pull_request push schedule
x tests-2 pull_request push schedule
x tests-3 pull_request push schedule
x hw-host pull_request push schedule
x book pull_request push schedule
x footprint pull_request push
echo "checks=[$CHECKS]" >> $GITHUB_OUTPUT
release=$(git log -1 --pretty=%s | sed -n 's/^Release all crates (#\([0-9]*\))$/\1/p')
[[ $GITHUB_EVENT_NAME == push ]] || release=
[[ $GITHUB_REF == refs/heads/main ]] || release=
echo release=${release:-0} >> $GITHUB_OUTPUT
outputs:
checks: ${{ steps.checks.outputs.checks }}
release: ${{ steps.checks.outputs.release }}
cache:
runs-on: ubuntu-latest
needs: checks
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- if: github.event_name != 'schedule'
id: cache
name: Restore and save the cache
uses: ./.github/actions/ci-cache
with:
mode: save
- if: steps.cache.outputs.cache-hit != 'true'
name: Run all checks ${{ needs.checks.outputs.checks }}
uses: ./.github/actions/ci-checks
with:
checks: ${{ needs.checks.outputs.checks }}
token: ${{ secrets.GITHUB_TOKEN }}
use-cache: 'false'
- if: steps.cache.outputs.cache-hit != 'true'
run: rm -rf target && cargo xtask help
matrix:
runs-on: ubuntu-latest
needs: [checks, cache] # The cache is used by the checks.
strategy:
fail-fast: false
matrix:
check: ${{ fromJSON(needs.checks.outputs.checks) }}
name: ${{ matrix.check }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run the ${{ matrix.check }} check
uses: ./.github/actions/ci-checks
with:
checks: "[\"${{ matrix.check }}\"]"
token: ${{ secrets.GITHUB_TOKEN }}
ubuntu:
runs-on: ubuntu-latest
needs: matrix
steps:
- run: true
release:
runs-on: ubuntu-latest
needs: [checks, ubuntu]
if: ${{ needs.checks.outputs.release != 0 }}
permissions:
attestations: write
contents: write
id-token: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: ./scripts/artifacts.sh
- uses: actions/attest-build-provenance@210c1913531870065f03ce1f9440dd87bc0938cd # v1.4.0
id: attest
with:
subject-path: 'artifacts/*'
- run: |
mv ${{ steps.attest.outputs.bundle-path }} attestation.intoto.jsonl
echo 'attestation.intoto.jsonl#Provenance attestation' >> artifacts.txt
COMMIT=$(git rev-parse -q --verify HEAD)
DATE=$(git log -1 --pretty=%cs)
xargs --arg-file=artifacts.txt --delimiter='\n' \
gh release create release/$DATE --target=$COMMIT \
--title="Release $DATE" --notes-file=notes.txt
env:
GH_TOKEN: ${{ github.token }}