forked from mirrors/jj
af76631021
The new code scanner is complaining that actions have permissions to do too much. It wasn't obvious to me what permissions the jobs need, but let's see how this works.
90 lines
2 KiB
YAML
90 lines
2 KiB
YAML
name: build
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ${{ matrix.operating-system }}
|
|
strategy:
|
|
matrix:
|
|
operating-system: [ ubuntu-latest, windows-latest, macos-latest ]
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install Rust (stable)
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: stable
|
|
override: true
|
|
profile: minimal
|
|
- name: Build
|
|
uses: actions-rs/cargo@v1
|
|
with:
|
|
command: build
|
|
args: --workspace --verbose
|
|
- name: Test
|
|
uses: actions-rs/cargo@v1
|
|
with:
|
|
command: test
|
|
args: --workspace --verbose
|
|
env:
|
|
RUST_BACKTRACE: 1
|
|
|
|
rustfmt:
|
|
name: Check formatting
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: nightly
|
|
profile: minimal
|
|
components: rustfmt
|
|
override: true
|
|
- uses: actions-rs/cargo@v1
|
|
with:
|
|
command: fmt
|
|
args: --all -- --check
|
|
|
|
clippy-stable:
|
|
name: Clippy check (stable)
|
|
permissions:
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: stable
|
|
profile: minimal
|
|
components: clippy
|
|
override: true
|
|
- uses: actions-rs/clippy-check@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
args: --all-features --workspace
|
|
|
|
clippy-nightly:
|
|
name: Clippy check (nightly)
|
|
permissions:
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: nightly
|
|
profile: minimal
|
|
components: clippy
|
|
override: true
|
|
- uses: actions-rs/clippy-check@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
args: --all-features --workspace
|