diff options
| -rw-r--r-- | .github/workflows/autobot.yaml | 9 | ||||
| -rw-r--r-- | .github/workflows/clippy.yaml | 18 | ||||
| -rw-r--r-- | .github/workflows/docker.yaml | 29 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml (renamed from .github/workflows/update-lock.yaml) | 8 |
4 files changed, 34 insertions, 30 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index 328113f..e0e4ccf 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -1,9 +1,10 @@ -name: auto-merge dependabot +name: Auto-merge Dependabot on: pull_request jobs: automerge: + name: Check and merge PR runs-on: ubuntu-latest permissions: @@ -18,9 +19,9 @@ jobs: with: github-token: ${{ github.token }} - - name: enable auto-merge - if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + - name: Enable auto-merge + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' run: gh pr merge --auto --rebase "$PR" env: - PR: ${{ github.event.pull_request.html_url }} GH_TOKEN: ${{ github.token }} + PR: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/clippy.yaml b/.github/workflows/clippy.yaml index 12838af..8b8df46 100644 --- a/.github/workflows/clippy.yaml +++ b/.github/workflows/clippy.yaml @@ -1,13 +1,13 @@ -name: clippy +name: Clippy on: push: - branches: [main] + branches: ["main"] pull_request: - workflow_dispatch: jobs: clippy: + name: Run Clippy scan runs-on: ubuntu-latest permissions: @@ -16,22 +16,22 @@ jobs: steps: - uses: actions/checkout@v4 - - name: install rust + - name: Install Rust uses: dtolnay/rust-toolchain@stable with: toolchain: stable components: clippy - - name: setup rust cache + - name: Setup Rust cache uses: Swatinem/rust-cache@v2 - - name: install sarif tools + - name: Install SARIF tools run: cargo install clippy-sarif sarif-fmt - - name: fetch cargo deps + - name: Fetch Cargo deps run: cargo fetch --locked - - name: run clippy + - name: Run Clippy continue-on-error: true run: | set -euxo pipefail @@ -42,7 +42,7 @@ jobs: --message-format=json \ | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt - - name: upload results + - name: Upload results uses: github/codeql-action/upload-sarif@v2 with: sarif_file: /tmp/clippy.sarif diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 80de66c..eddde61 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,14 +1,14 @@ -name: upload to registry -# this is for uploading images to a container registry when -# changes are made to `main` +name: Push to image registry on: check_suite: - types: [completed] + types: ["completed"] workflow_dispatch: jobs: build: + name: Build image + runs-on: ubuntu-latest strategy: matrix: @@ -23,19 +23,20 @@ jobs: steps: - uses: actions/checkout@v4 - - name: install nix + - name: Install Nix uses: DeterminateSystems/nix-installer-action@v8 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + - name: Setup Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 - - name: build docker image + - name: Build Docker image id: build run: | nix build -L --accept-flake-config .#container-${{ matrix.arch }} [ ! -L result ] && exit 1 echo "path=$(realpath result)" >> "$GITHUB_OUTPUT" - - name: upload image + - name: Upload image uses: actions/upload-artifact@v3 with: name: container-${{ matrix.arch }} @@ -43,7 +44,9 @@ jobs: if-no-files-found: error retention-days: 1 - upload: + push: + name: Push image + needs: build runs-on: ubuntu-latest @@ -61,25 +64,25 @@ jobs: && github.event.check_suite.head_branch == 'main' steps: - - name: set image name + - name: Set image name run: | echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV" - uses: actions/checkout@v4 - - name: download images + - name: Download images uses: actions/download-artifact@v3 with: path: images - - name: login to registry + - name: Login to registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ env.USERNAME }} password: ${{ github.token }} - - name: upload to registry + - name: Push to registry env: TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest run: | diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-flake.yaml index e735b81..f27539f 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-flake.yaml @@ -1,4 +1,4 @@ -name: update flake lock +name: Update flake.lock on: schedule: @@ -17,10 +17,10 @@ jobs: steps: - uses: actions/checkout@v4 - - name: install nix + - name: Install Nix uses: nixbuild/nix-quick-install-action@v26 - - name: update lockfile + - name: Update and create PR uses: DeterminateSystems/update-flake-lock@v20 id: update with: @@ -28,7 +28,7 @@ jobs: pr-title: "flake: update inputs" token: ${{ github.token }} - - name: enable auto-merge + - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: |