diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/autobot.yaml | 31 | ||||
| -rw-r--r-- | .github/workflows/ci.yaml | 87 | ||||
| -rw-r--r-- | .github/workflows/clippy.yaml | 66 | ||||
| -rw-r--r-- | .github/workflows/docker.yaml | 82 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml | 44 |
5 files changed, 154 insertions, 156 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index f1ebe4e..129eb80 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -1,31 +1,34 @@ -name: Auto-merge Dependabot +name: "Auto-merge Dependabot" -on: pull_request +on: + pull_request: jobs: automerge: - name: Check and merge PR - if: github.actor == 'dependabot[bot]' + name: "Check and merge PR" - runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + + runs-on: "ubuntu-latest" steps: - - name: Generate GitHub App token - uses: actions/create-github-app-token@v1 - id: app-token + - name: "Generate GitHub App token" + uses: "actions/create-github-app-token@v1" + id: "app-token" with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - - name: Fetch metadata - uses: dependabot/fetch-metadata@v2 - id: metadata + - name: "Fetch metadata" + uses: "dependabot/fetch-metadata@v2" + id: "metadata" with: github-token: ${{ steps.app-token.outputs.token }} - - name: Enable auto-merge + - name: "Enable auto-merge" if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' }} - run: gh pr merge --auto --squash "$PR" env: - PR: ${{ github.event.pull_request.html_url }} GH_TOKEN: ${{ steps.app-token.outputs.token }} + PR: ${{ github.event.pull_request.html_url }} + run: | + gh pr merge --auto --squash "$PR" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f084a2a..68f9f35 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,8 +1,8 @@ -name: CI +name: "CI" on: push: - branches: [main] + branches: [ "main" ] paths: - "**.nix" - "**.rs" @@ -18,71 +18,64 @@ on: jobs: build: - name: Build + name: "Build (${{ matrix.os }})" strategy: fail-fast: false matrix: - os: [macos-latest, windows-latest] + include: + - os: "ubuntu-latest" + use-nix: true + - os: "windows-latest" + use-nix: false runs-on: ${{ matrix.os }} steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: "Checkout repository" + uses: "actions/checkout@v4" - - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@v1 + - name: "Install Nix" + if: ${{ matrix.use-nix }} + uses: "cachix/install-nix-action@v30" - - name: Run build - run: | - cargo build --locked --release - - nix: - name: Nix - - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v13 + - name: "Setup Nix cache" + if: ${{ matrix.use-nix }} + uses: "DeterminateSystems/magic-nix-cache-action@v8" - - name: Setup Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v7 + - name: "Install Rust" + if: ${{ !matrix.use-nix }} + uses: "actions-rust-lang/setup-rust-toolchain@v1" - - name: Run flake checks + - name: "Run cargo build" + if: ${{ !matrix.use-nix }} run: | - nix build --print-build-logs --show-trace - - rustfmt: - name: Rustfmt - - runs-on: ubuntu-latest + cargo build --locked --release - steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: "Evaluate flake.nix" + if: ${{ matrix.use-nix }} + run: nix flake check --no-build --show-trace - - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@v1 - with: - components: rustfmt + - name: "Run nix build" + if: ${{ matrix.use-nix }} + run: | + nix build --print-build-logs - - name: Run rustfmt - uses: actions-rust-lang/rustfmt@v1 + - name: "Build Flake checks" + if: ${{ matrix.os == 'ubuntu-latest' }} + run: | + nix flake check --print-build-logs release-gate: - name: CI Release gate - needs: [build, rustfmt, nix] + name: "CI Release gate" + needs: [ "build" ] if: ${{ always() }} - runs-on: ubuntu-latest + runs-on: "ubuntu-latest" steps: - - name: Exit with error - if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') - run: exit 1 + - name: "Exit with error" + if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + run: | + exit 1 diff --git a/.github/workflows/clippy.yaml b/.github/workflows/clippy.yaml index cd99256..138e418 100644 --- a/.github/workflows/clippy.yaml +++ b/.github/workflows/clippy.yaml @@ -1,56 +1,54 @@ -name: Clippy +name: "Clippy" on: push: - branches: [main] + branches: [ "main" ] paths: - - 'Cargo.toml' - - 'Cargo.lock' - - '**.rs' + - "**.rs" + - "**.lock" + - "Cargo.toml" + - "flake.nix" + + - ".github/workflows/clippy.yaml" pull_request: paths: - - 'Cargo.toml' - - 'Cargo.lock' - - '**.rs' + - "**.rs" + - "**.lock" + - "Cargo.toml" + - "flake.nix" + + - ".github/workflows/clippy.yaml" workflow_dispatch: jobs: clippy: - name: Run scan + name: "Run scan" - runs-on: ubuntu-latest + runs-on: "ubuntu-latest" permissions: - security-events: write + contents: "read" + security-events: "write" steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: "Checkout repository" + uses: "actions/checkout@v4" - - name: Install Rust - uses: actions-rust-lang/setup-rust-toolchain@v1 - with: - components: clippy + - name: "Install Nix" + uses: "cachix/install-nix-action@v30" - - name: Install SARIF tools - run: | - cargo install clippy-sarif sarif-fmt + - name: "Setup Nix cache" + uses: "DeterminateSystems/magic-nix-cache-action@v8" - - name: Fetch Cargo deps + - name: "Run Clippy" + id: "clippy-run" run: | - cargo fetch --locked + nix build --print-build-logs .#checks.x86_64-linux.clippy-sarif + [ -L result ] || exit 1 + echo "sarif-file=$(readlink -f result)" >> "$GITHUB_OUTPUT" - - name: Run Clippy - continue-on-error: true - run: | - cargo clippy \ - --all-features \ - --all-targets \ - --message-format=json \ - | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt - - - name: Upload results - uses: github/codeql-action/upload-sarif@v3 + - name: "Upload results" + uses: "github/codeql-action/upload-sarif@v3" with: - sarif_file: /tmp/clippy.sarif + sarif_file: ${{ steps.clippy-run.outputs.sarif-file }} wait-for-processing: true diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 0bb28ad..fe8cffd 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,8 +1,8 @@ -name: Docker +name: "Docker" on: push: - branches: [main] + branches: [ "main" ] paths: - "**.nix" - "**.rs" @@ -18,27 +18,27 @@ on: jobs: build: - name: Build image + name: "Build image" strategy: fail-fast: false matrix: - arch: [amd64, arm64] + arch: [ "amd64", "arm64" ] - runs-on: ubuntu-latest + runs-on: "ubuntu-latest" steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: "Checkout repository" + uses: "actions/checkout@v4" - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v13 + - name: "Install Nix" + uses: "cachix/install-nix-action@v30" - - name: Setup Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v7 + - name: "Setup Nix cache" + uses: "DeterminateSystems/magic-nix-cache-action@v8" - - name: Build Docker image - id: build + - name: "Build Docker image" + id: "build" env: ARCH: ${{ matrix.arch }} run: | @@ -51,67 +51,69 @@ jobs: [ ! -L result ] && exit 1 echo "path=$(readlink -f ./result)" >> "$GITHUB_OUTPUT" - - name: Upload image - uses: actions/upload-artifact@v4 + - name: "Upload image" + uses: "actions/upload-artifact@v4" with: - name: container-${{ matrix.arch }} + name: "container-${{ matrix.arch }}" path: ${{ steps.build.outputs.path }} - if-no-files-found: error + if-no-files-found: "error" retention-days: 1 release-gate: - name: Docker Release Gate - needs: build + name: "Docker Release Gate" + needs: [ "build" ] - if: always() + if: ${{ always() }} - runs-on: ubuntu-latest + runs-on: "ubuntu-latest" steps: - - name: Exit with error - if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') - run: exit 1 + - name: "Exit with error" + if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + run: | + exit 1 push: - name: Push image - needs: release-gate + name: "Push image" + needs: [ "release-gate" ] - if: github.event_name == 'push' + if: ${{ github.event_name == 'push' }} - runs-on: ubuntu-latest + runs-on: "ubuntu-latest" permissions: - packages: write + contents: "read" + packages: "write" env: - REGISTRY: ghcr.io + REGISTRY: "ghcr.io" USERNAME: ${{ github.actor }} - IMAGE_NAME: teawie-bot + IMAGE_NAME: "chill-discord-bot" steps: - - name: Checkout repository - uses: actions/checkout@v4 + - name: "Checkout repository" + uses: "actions/checkout@v4" - - name: Download images - uses: actions/download-artifact@v4 + - name: "Download images" + uses: "actions/download-artifact@v4" with: - path: images + path: "images" - - name: Login to registry - uses: docker/login-action@v3 + - name: "Login to registry" + uses: "docker/login-action@v3" with: registry: ${{ env.REGISTRY }} username: ${{ env.USERNAME }} password: ${{ github.token }} - - name: Push to registry + - name: "Push to registry" env: TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest run: | architectures=("amd64" "arm64") for arch in "${architectures[@]}"; do docker load < images/container-"$arch"/*.tar.gz - docker tag teawie-bot:latest-"$arch" "$TAG"-"$arch" + docker tag chill-discord-bot:latest-"$arch" "$TAG"-"$arch" docker push "$TAG"-"$arch" done diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index 4473811..22e498f 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -1,49 +1,51 @@ -name: Update flake.lock +name: "Update flake.lock" on: schedule: - # run every saturday - - cron: "0 0 * * 6" + # Run on the 1st and 15th of every month + - cron: "0 0 1,15 * *" workflow_dispatch: jobs: update: - name: Run update & create PR + name: "Run update & create PR" - runs-on: ubuntu-latest + runs-on: "ubuntu-latest" steps: - - name: Generate GitHub App token - uses: actions/create-github-app-token@v1 - id: app-token + - name: "Generate GitHub App token" + uses: "actions/create-github-app-token@v1" + id: "app-token" with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - - name: Checkout repository - uses: actions/checkout@v4 + - name: "Checkout repository" + uses: "actions/checkout@v4" with: token: ${{ steps.app-token.outputs.token }} - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v14 + - name: "Install Nix" + uses: "cachix/install-nix-action@v30" - - name: Run update - run: nix flake update + - name: "Run update" + run: | + nix flake update - - name: Create pull request - id: pull-request - uses: peter-evans/create-pull-request@v7 + - name: "Create pull request" + id: "pull-request" + uses: "peter-evans/create-pull-request@v7" with: - branch: update-flake-lock + branch: "update-flake-lock" commit-message: "nix: update flake.lock" title: "nix: update flake.lock" token: ${{ steps.app-token.outputs.token }} sign-commits: true - - name: Enable auto-merge + - name: "Enable auto-merge" if: ${{ env.PR_ID != '' }} - run: gh pr merge --auto --squash "$PR_ID" env: - PR_ID: ${{ steps.pull-request.outputs.pull-request-number }} GH_TOKEN: ${{ steps.app-token.outputs.token }} + PR_ID: ${{ steps.pull-request.outputs.pull-request-number }} + run: | + gh pr merge --auto --squash "$PR_ID" |