name: build on: push: branches: - main pull_request: permissions: read-all env: CARGO_INCREMENTAL: 0 CARGO_PROFILE_DEV_DEBUG: 0 jobs: build: strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-14, windows-latest] cargo_flags: [""] include: - os: ubuntu-latest cargo_flags: "--all-features" runs-on: ${{ matrix.os }} # TODO FIXME (aseipp): keep the timeout limit to ~15 minutes. this is long # enough to give us runway for the future, but also once we hit it, we're at # the "builds are taking too long" stage and we should start looking at ways # to optimize the CI. # # at the same time, this avoids some issues where some flaky, bugged tests # seem to be causing multi-hour runs on Windows (GPG signing issues), which # is a problem we should fix. in the mean time, this will make these flakes # less harmful, as it won't cause builds to spin for multiple hours, requiring # manual cancellation. timeout-minutes: 15 steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # The default version of gpg installed on the runners is a version baked in with git # which only contains the components needed by git and doesn't work for our test cases. # # This installs the latest gpg4win version, which is a variation of GnuPG built for # Windows. # # There is some issue with windows PATH max length which is what all the PATH wrangling # below is for. Please see the below link for where this fix was derived from: # https://github.com/orgs/community/discussions/24933 - name: Setup GnuPG [windows] if: ${{ matrix.os == 'windows-latest' }} run: | $env:PATH = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin" [Environment]::SetEnvironmentVariable("Path", $env:PATH, "Machine") choco install --yes gpg4win echo "C:\Program Files (x86)\Gpg4win\..\GnuPG\bin" >> $env:GITHUB_PATH # The default version of openssh on windows server is quite old (8.1) and doesn't have # all the necessary signing/verification commands available (such as -Y find-principals) - name: Setup ssh-agent [windows] if: ${{ matrix.os == 'windows-latest' }} run: | Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 choco install openssh --pre - name: Install Rust uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 with: toolchain: 1.76 - name: Build run: cargo build --workspace --all-targets --verbose ${{ matrix.cargo_flags }} - name: Test run: cargo test --workspace --all-targets --verbose ${{ matrix.cargo_flags }} env: RUST_BACKTRACE: 1 check-protos: name: Check protos runs-on: ubuntu-latest steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b - uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 with: toolchain: stable - run: sudo apt update && sudo apt-get -y install protobuf-compiler - name: Generate Rust code from .proto files run: cargo run -p gen-protos - name: Check for uncommitted changes run: git diff --exit-code rustfmt: name: Check formatting runs-on: ubuntu-latest steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b - uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 with: toolchain: nightly components: rustfmt - run: cargo +nightly fmt --all -- --check mkdocs: name: Check that MkDocs can build the docs runs-on: ubuntu-latest steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d with: python-version: 3.11 - name: Install poetry uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 with: poetry-version: latest - name: Install dependencies run: poetry install --no-root - name: Check that `mkdocs` can build the docs run: poetry run -- mkdocs build --strict mkdocs-old-poetry: name: Check that MkDocs can build the docs with Poetry 1.3.2 runs-on: ubuntu-latest steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d with: python-version: 3.11 - name: Install poetry uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 with: # Test with the version of Poetry in Debian stable. If this starts # failing, we should increase this version and document the minimum # necessary version of Poetry in contributing.md. # # One way to install old `poetry` is using `pipx`: # pipx install 'poetry<1.4' --suffix -1.3 poetry-version: 1.3.2 - name: Install dependencies run: poetry install --no-root - name: Check that `mkdocs` can build the docs run: poetry run -- mkdocs build --strict cargo-deny: runs-on: ubuntu-latest strategy: matrix: checks: - advisories - bans licenses sources # Prevent sudden announcement of a new advisory from failing ci: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 with: command: check ${{ matrix.checks }} clippy-check: name: Clippy check permissions: checks: write runs-on: ubuntu-latest steps: - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b - uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 with: toolchain: stable components: clippy - run: cargo +stable clippy --all-features --workspace --all-targets -- -D warnings