forked from mirrors/jj
0fd1969e8f
I've wanted to make the Git support optional for a long time. However, since everyone uses the Git backend (and we want to support it even in the custom binary at Google), there hasn't been much practical reason to make Git support optional. Since we now use jj-lib on the server at Google, it does make sense to have the server not include Git support. In addition to making the server binary smaller, it would make it easier for us (jj team at Googlle) to prove that our server is not affected by some libgit2 or Gitoxide vulnerability. But to be honest, neither of those problems have come up, so it's more of an excuse to make the Git support optional at this point. It turned out to be much simpler than I expected to make Git support in the lib crate optional. We have done a pretty good job of keeping Git-related logic separated there. If we make Git support optional in the lib crate, it's going to make it a bit harder to move logic from the CLI crate into the lib crate (as we have planned to do). Maybe that's good, though, since it helps remind us to keep Git-related logic separated.
186 lines
6.6 KiB
YAML
186 lines
6.6 KiB
YAML
name: build
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
|
|
permissions: read-all
|
|
|
|
env:
|
|
CARGO_INCREMENTAL: 0
|
|
CARGO_PROFILE_DEV_DEBUG: 0
|
|
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [ubuntu-latest, macos-14, windows-latest]
|
|
cargo_flags: [""]
|
|
include:
|
|
- os: ubuntu-latest
|
|
cargo_flags: "--all-features"
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
# TODO FIXME (aseipp): keep the timeout limit to ~15 minutes. this is long
|
|
# enough to give us runway for the future, but also once we hit it, we're at
|
|
# the "builds are taking too long" stage and we should start looking at ways
|
|
# to optimize the CI.
|
|
#
|
|
# at the same time, this avoids some issues where some flaky, bugged tests
|
|
# seem to be causing multi-hour runs on Windows (GPG signing issues), which
|
|
# is a problem we should fix. in the mean time, this will make these flakes
|
|
# less harmful, as it won't cause builds to spin for multiple hours, requiring
|
|
# manual cancellation.
|
|
timeout-minutes: 15
|
|
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
|
|
# The default version of gpg installed on the runners is a version baked in with git
|
|
# which only contains the components needed by git and doesn't work for our test cases.
|
|
#
|
|
# This installs the latest gpg4win version, which is a variation of GnuPG built for
|
|
# Windows.
|
|
#
|
|
# There is some issue with windows PATH max length which is what all the PATH wrangling
|
|
# below is for. Please see the below link for where this fix was derived from:
|
|
# https://github.com/orgs/community/discussions/24933
|
|
- name: Setup GnuPG [windows]
|
|
if: ${{ matrix.os == 'windows-latest' }}
|
|
run: |
|
|
$env:PATH = "C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\ProgramData\chocolatey\bin"
|
|
[Environment]::SetEnvironmentVariable("Path", $env:PATH, "Machine")
|
|
choco install --yes gpg4win
|
|
echo "C:\Program Files (x86)\Gpg4win\..\GnuPG\bin" >> $env:GITHUB_PATH
|
|
|
|
# The default version of openssh on windows server is quite old (8.1) and doesn't have
|
|
# all the necessary signing/verification commands available (such as -Y find-principals)
|
|
- name: Setup ssh-agent [windows]
|
|
if: ${{ matrix.os == 'windows-latest' }}
|
|
run: |
|
|
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
|
|
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
|
|
choco install openssh --pre
|
|
|
|
- name: Install Rust
|
|
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
|
|
with:
|
|
toolchain: 1.76
|
|
- name: Build
|
|
run: cargo build --workspace --all-targets --verbose ${{ matrix.cargo_flags }}
|
|
- name: Test
|
|
run: cargo test --workspace --all-targets --verbose ${{ matrix.cargo_flags }}
|
|
env:
|
|
RUST_BACKTRACE: 1
|
|
|
|
build-no-git:
|
|
name: Build jj-lib without Git support
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
|
|
- name: Install Rust
|
|
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
|
|
with:
|
|
toolchain: 1.76
|
|
- name: Build
|
|
run: cargo build -p jj-lib --no-default-features --verbose
|
|
|
|
check-protos:
|
|
name: Check protos
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
|
|
with:
|
|
toolchain: stable
|
|
- run: sudo apt update && sudo apt-get -y install protobuf-compiler
|
|
- name: Generate Rust code from .proto files
|
|
run: cargo run -p gen-protos
|
|
- name: Check for uncommitted changes
|
|
run: git diff --exit-code
|
|
|
|
rustfmt:
|
|
name: Check formatting
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
|
|
with:
|
|
toolchain: nightly
|
|
components: rustfmt
|
|
- run: cargo +nightly fmt --all -- --check
|
|
|
|
mkdocs:
|
|
name: Check that MkDocs can build the docs
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
|
|
with:
|
|
python-version: 3.11
|
|
- name: Install poetry (latest release)
|
|
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
|
|
with:
|
|
poetry-version: latest
|
|
- name: Install dependencies
|
|
run: poetry install
|
|
- name: Check that `mkdocs` can build the docs
|
|
run: poetry run -- mkdocs build --strict
|
|
|
|
mkdocs-old-poetry:
|
|
name: Check that MkDocs can build the docs with Poetry 1.8
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
|
|
with:
|
|
python-version: 3.11
|
|
- name: Install poetry
|
|
uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439
|
|
with:
|
|
# Test with the version of Poetry in Debian stable. If this starts
|
|
# failing, we should increase this version and document the minimum
|
|
# necessary version of Poetry in contributing.md.
|
|
#
|
|
# One way to install old `poetry` is using `pipx`:
|
|
# pipx install 'poetry<1.4' --suffix -1.3
|
|
poetry-version: 1.8
|
|
- name: Install dependencies
|
|
run: poetry install
|
|
- name: Check that `mkdocs` can build the docs
|
|
run: poetry run -- mkdocs build --strict
|
|
|
|
cargo-deny:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
checks:
|
|
- advisories
|
|
- bans licenses sources
|
|
|
|
# Prevent sudden announcement of a new advisory from failing ci:
|
|
continue-on-error: ${{ matrix.checks == 'advisories' }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
- uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868
|
|
with:
|
|
command: check ${{ matrix.checks }}
|
|
|
|
clippy-check:
|
|
name: Clippy check
|
|
permissions:
|
|
checks: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
|
|
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
|
|
with:
|
|
toolchain: stable
|
|
components: clippy
|
|
- run: cargo +stable clippy --all-features --workspace --all-targets -- -D warnings
|