ci: Improve workflow files #111
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,16 @@ | ||
| --- | ||
| name: Security audit | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: "15 4 * * *" | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| audit: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 # renovate: tag=v1.2.0 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,104 @@ | ||
| --- | ||
| name: Pull Request Cockpit | ||
|
|
||
| on: | ||
| pull_request: | ||
| paths: | ||
| - ".github/workflows/pr_cockpit.yml" | ||
| - "rust/stackable-cockpitd" | ||
| - "rust/stackable-cockpit" | ||
| - "docs/modules/cockpit" | ||
| - "docs/modules/ROOT" | ||
| - "Cargo.lock" | ||
| - "deploy" | ||
| - "docker" | ||
| - "go.sum" | ||
|
|
||
| env: | ||
| RUST_VERSION: 1.70.0 | ||
| CARGO_TERM_COLOR: always | ||
| CARGO_INCREMENTAL: "0" | ||
| CARGO_PROFILE_DEV_DEBUG: "0" | ||
| RUSTFLAGS: "-D warnings" | ||
| RUSTDOCFLAGS: "-D warnings" | ||
| RUST_LOG: "info" | ||
| DEV_REPO_HELM_URL: https://repo.stackable.tech/repository/helm-dev | ||
|
|
||
| jobs: | ||
| general-checks: | ||
| name: General Pull Request Checks | ||
| uses: ./.github/workflows/pr_general.yml | ||
|
|
||
| reviewdog-checks: | ||
| name: Reviewdog Pull Request Checks | ||
| uses: ./.github/workflows/pr_reviewdog.yml | ||
|
|
||
| check-charts: | ||
| name: Helm Chart Check | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - general-checks | ||
| - reviewdog-checks | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - name: Setup Helm | ||
| uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 | ||
| with: | ||
| version: v3.6.2 | ||
| - name: Setup Rust | ||
| uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| - name: Setup Rust Cache | ||
| uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 | ||
| with: | ||
| key: pr-stackable-cockpit-chart | ||
| - name: Regenerate Charts | ||
| run: make regenerate-charts | ||
| - name: Checking that Helm Charts are up-to-date | ||
| run: git diff --exit-code | ||
| - name: Helm Charts not up-to-date | ||
| if: ${{ failure() }} | ||
| uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6 | ||
| with: | ||
| script: | | ||
| core.setFailed('Committed Helm charts were not up to date, please regenerate and re-commit!') | ||
|
|
||
| publish: | ||
| name: Publish Docker Image | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} | ||
| outputs: | ||
| IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }} | ||
| needs: | ||
| - check-charts | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - name: Setup Rust | ||
| uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| - name: Setup Rust Cache | ||
| uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 | ||
| with: | ||
| key: pr-stackable-cockpit-chart | ||
| - name: Update Version | ||
| run: | | ||
| cargo install cargo-edit --version 0.11.11 | ||
| cargo set-version --offline --package stackable-cockpit 0.0.0-pr${{ github.event.pull_request.number }} | ||
|
|
||
| # Recreate charts and publish charts and docker image. The "-e" is needed as we want to override the | ||
| # default value in the makefile if called from this action, but not otherwise (i.e. when called locally). | ||
| # This is needed for the HELM_REPO variable. | ||
| - name: Publish Docker Image and Helm Chart | ||
| run: make -e publish | ||
| - id: printtag | ||
| name: Output Image Name and Tag | ||
| run: echo "IMAGE_TAG=$(make -e print-docker-tag)" >> "$GITHUB_OUTPUT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,161 @@ | ||
| --- | ||
| name: Pull Request General | ||
|
|
||
| on: workflow_call | ||
|
|
||
| env: | ||
| RUST_VERSION: 1.70.0 | ||
| CARGO_TERM_COLOR: always | ||
| CARGO_INCREMENTAL: "0" | ||
| CARGO_PROFILE_DEV_DEBUG: "0" | ||
| RUSTFLAGS: "-D warnings" | ||
| RUSTDOCFLAGS: "-D warnings" | ||
| RUST_LOG: "info" | ||
|
|
||
| jobs: | ||
| run_udeps: | ||
| name: Run Cargo Udeps | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| RUSTC_BOOTSTRAP: 1 | ||
| steps: | ||
| - name: Install host dependencies | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | ||
| with: | ||
| node-version: 18 | ||
| cache: yarn | ||
| - run: yarn install --frozen-lockfile | ||
| - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 | ||
| with: | ||
| key: udeps | ||
| - run: cargo install cargo-udeps | ||
| - run: cargo udeps --workspace | ||
|
|
||
| run_cargodeny: | ||
| name: Run Cargo Deny | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| checks: | ||
| - advisories | ||
| - bans licenses sources | ||
| # Prevent sudden announcement of a new advisory from failing ci: | ||
| continue-on-error: ${{ matrix.checks == 'advisories' }} | ||
| steps: | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8 # v1.5.4 | ||
| with: | ||
| command: check ${{ matrix.checks }} | ||
|
|
||
| run_rustfmt: | ||
| name: Run Rustfmt | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| components: rustfmt | ||
| - run: cargo fmt --all -- --check | ||
|
|
||
| run_clippy: | ||
| name: Run Clippy | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| components: clippy | ||
| - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 | ||
| with: | ||
| key: clippy | ||
| - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | ||
| with: | ||
| node-version: 18 | ||
| cache: yarn | ||
| - run: yarn install --frozen-lockfile | ||
| - name: Run clippy action to produce annotations | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| uses: giraffate/clippy-action@871cc4173f2594435c7ea6b0bce499cf6c2164a1 | ||
| if: env.GITHUB_TOKEN != null | ||
| with: | ||
| clippy_flags: --all-targets -- -D warnings | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| reporter: "github-pr-check" | ||
| - name: Run clippy manually without annotations | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| if: env.GITHUB_TOKEN == null | ||
| run: cargo clippy --all-targets -- -D warnings | ||
|
|
||
| run_rustdoc: | ||
| name: Run RustDoc | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| components: rustfmt | ||
| - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 | ||
| with: | ||
| key: doc | ||
| - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | ||
| with: | ||
| node-version: 18 | ||
| cache: yarn | ||
| - run: yarn install --frozen-lockfile | ||
| - run: cargo doc --document-private-items | ||
|
|
||
| run_tests: | ||
| name: Run Cargo Tests | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| submodules: recursive | ||
| - uses: dtolnay/rust-toolchain@0e66bd3e6b38ec0ad5312288c83e47c143e6b09e # v1 | ||
| with: | ||
| toolchain: ${{ env.RUST_VERSION }} | ||
| - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # v2.2.0 | ||
| with: | ||
| key: test | ||
| - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | ||
| with: | ||
| node-version: 18 | ||
| cache: yarn | ||
| - run: yarn install --frozen-lockfile | ||
| - run: cargo test | ||
|
|
||
| tests_passed: | ||
| name: All tests passed | ||
| needs: | ||
| - run_udeps | ||
| - run_cargodeny | ||
| - run_clippy | ||
| - run_rustfmt | ||
| - run_rustdoc | ||
| - run_tests | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: log | ||
| run: echo All tests have passed! |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume the plan is to upstream this back into templating?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. This is the ultimate goal. Depends how much we can re-use in the operator repos tho.