diff options
| author | seth <[email protected]> | 2024-05-27 04:55:45 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2024-05-27 04:56:48 -0400 |
| commit | c69eea2f4823da476628742fbbec600ee95ac049 (patch) | |
| tree | 7cf3d87f5f202e6049ba44a06ac6fe9d3558826b /.github | |
initial commit
Diffstat (limited to '.github')
| -rw-r--r-- | .github/dependabot.yml | 15 | ||||
| -rw-r--r-- | .github/workflows/autobot.yaml | 28 | ||||
| -rw-r--r-- | .github/workflows/ci.yaml | 66 | ||||
| -rw-r--r-- | .github/workflows/clippy.yaml | 59 | ||||
| -rw-r--r-- | .github/workflows/docker.yaml | 125 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml | 32 |
6 files changed, 325 insertions, 0 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f9f0b67 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "ci" + + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "crates" diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml new file mode 100644 index 0000000..fe92dfa --- /dev/null +++ b/.github/workflows/autobot.yaml @@ -0,0 +1,28 @@ +name: Auto-merge Dependabot + +on: pull_request + +jobs: + automerge: + name: Check and merge PR + + if: github.actor == 'dependabot[bot]' + + runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + + steps: + - uses: dependabot/fetch-metadata@v2 + id: metadata + with: + github-token: ${{ github.token }} + + - name: Enable auto-merge + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr merge --auto --squash "$PR" + env: + GH_TOKEN: ${{ github.token }} + PR: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..94518e0 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,66 @@ +name: CI + +on: + push: + branches: [main] + paths: + - "**.nix" + - "flake.lock" + - "**.rs" + - "Cargo.toml" + - "Cargo.lock" + pull_request: + paths: + - "**.nix" + - "flake.lock" + - "**.rs" + - "Cargo.toml" + - "Cargo.lock" + workflow_dispatch: + +jobs: + build: + name: Build + + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + + - name: Setup Rust cache + uses: Swatinem/rust-cache@v2 + + - name: Run build + run: | + cargo build --locked --release + + format-and-lint: + name: Format and lint + + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v27 + + - name: Run checks + run: | + nix flake check --print-build-logs --show-trace + + release-gate: + name: CI Release gate + needs: [build, format-and-lint] + + runs-on: ubuntu-latest + + steps: + - name: Exit with error + if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') + run: exit 1 diff --git a/.github/workflows/clippy.yaml b/.github/workflows/clippy.yaml new file mode 100644 index 0000000..2d3ea70 --- /dev/null +++ b/.github/workflows/clippy.yaml @@ -0,0 +1,59 @@ +name: Clippy + +on: + push: + paths: + - 'Cargo.toml' + - 'Cargo.lock' + - '**.rs' + branches: [main] + pull_request: + paths: + - 'Cargo.toml' + - 'Cargo.lock' + - '**.rs' + workflow_dispatch: + +jobs: + clippy: + name: Run scan + + runs-on: ubuntu-latest + + permissions: + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + components: "clippy" + + - name: Setup Rust cache + uses: Swatinem/rust-cache@v2 + + - name: Install SARIF tools + run: | + cargo install clippy-sarif sarif-fmt + + - name: Fetch Cargo deps + run: | + cargo fetch --locked + + - name: Run Clippy + continue-on-error: true + run: | + cargo clippy \ + --all-features \ + --all-targets \ + --message-format=json \ + | clippy-sarif | tee /tmp/clippy.sarif | sarif-fmt + + - name: Upload results + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: /tmp/clippy.sarif + wait-for-processing: true diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..8736484 --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,125 @@ +name: Docker + +on: + push: + branches: [main] + paths: + - "**.nix" + - "flake.lock" + - "**.rs" + - "Cargo.toml" + - "Cargo.lock" + pull_request: + paths: + - "**.nix" + - "flake.lock" + - "**.rs" + - "Cargo.toml" + - "Cargo.lock" + workflow_dispatch: + +jobs: + build: + name: Build image + + strategy: + fail-fast: false + matrix: + arch: [x86_64, aarch64] + + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v27 + + - name: Setup Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v6 + + - name: Build Docker image + id: build + env: + ARCH: ${{ matrix.arch }} + run: | + nix build \ + --fallback \ + --print-build-logs \ + .#container-"$ARCH" + + # exit if no `result` from nix build + [ ! -L result ] && exit 1 + echo "path=$(readlink -f ./result)" >> "$GITHUB_OUTPUT" + + - name: Upload image + uses: actions/upload-artifact@v4 + with: + name: container-${{ matrix.arch }} + path: ${{ steps.build.outputs.path }} + if-no-files-found: error + retention-days: 1 + + release-gate: + name: Docker Release Gate + needs: build + + runs-on: ubuntu-latest + + steps: + - name: Exit with error + if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') + run: exit 1 + + push: + name: Push image + needs: release-gate + + if: github.event_name == 'push' + + runs-on: ubuntu-latest + + permissions: + packages: write + + env: + REGISTRY: ghcr.io + USERNAME: ${{ github.actor }} + + steps: + - name: Set image name + run: | + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV" + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Download images + uses: actions/download-artifact@v4 + with: + path: images + + - name: Login to registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.USERNAME }} + password: ${{ github.token }} + + - name: Push to registry + env: + TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + run: | + architectures=("x86_64" "aarch64") + for arch in "${architectures[@]}"; do + docker load < images/container-"$arch"/*.tar.gz + docker tag nixpkgs-tracker-bot:latest-"$arch" "$TAG"-"$arch" + docker push "$TAG"-"$arch" + done + + docker manifest create "$TAG" \ + --amend "$TAG"-x86_64 \ + --amend "$TAG"-aarch64 + + docker manifest push "$TAG" diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml new file mode 100644 index 0000000..daaea2e --- /dev/null +++ b/.github/workflows/update-flake.yaml @@ -0,0 +1,32 @@ +name: Update flake.lock + +on: + schedule: + # run every saturday + - cron: "0 0 * * 6" + workflow_dispatch: + +jobs: + update: + name: Run update + + runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v27 + + - name: Update lockfile & make PR + uses: DeterminateSystems/update-flake-lock@v21 + id: update + with: + commit-msg: 'nix: update flake.lock' + pr-title: 'nix: update flake.lock' + token: ${{ github.token }} |