Add note about password schemes to migration docs #652
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: [ main ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| jobs: | |
| opa-lint: | |
| name: Lint and test OPA policies | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Setup OPA | |
| uses: open-policy-agent/[email protected] | |
| with: | |
| version: 0.64.1 | |
| - name: Lint policies | |
| working-directory: ./policies | |
| run: make lint | |
| - name: Run OPA tests | |
| working-directory: ./policies | |
| run: make test | |
| frontend-lint: | |
| name: Check frontend style | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 20 | |
| - name: Install Node dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Lint | |
| working-directory: ./frontend | |
| run: npm run lint | |
| frontend-test: | |
| name: Run the frontend test suite | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 20 | |
| - name: Install Node dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Test | |
| working-directory: ./frontend | |
| run: npm test | |
| rustfmt: | |
| name: Check Rust style | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install toolchain | |
| run: | | |
| rustup toolchain install nightly | |
| rustup default nightly | |
| rustup component add rustfmt | |
| - name: Check style | |
| run: cargo fmt --all -- --check | |
| cargo-deny: | |
| name: Run `cargo deny` checks | |
| runs-on: ubuntu-latest | |
| env: | |
| # We need to remove the sccache wrapper because we don't install it in this job | |
| RUSTC_WRAPPER: "" | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Run `cargo-deny` | |
| uses: EmbarkStudios/[email protected] | |
| check-schema: | |
| name: Check schema | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install Rust toolchain | |
| run: | | |
| rustup toolchain install stable | |
| rustup default stable | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Install Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 20 | |
| - name: Install Node dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Update the schemas | |
| run: sh ./misc/update.sh | |
| - name: Check that the workspace is clean | |
| run: | | |
| if ! [[ -z $(git status -s) ]]; then | |
| echo "::error title=Workspace is not clean::Please run 'sh ./misc/update.sh' and commit the changes" | |
| ( | |
| echo '## Diff after running `sh ./misc/update.sh`:' | |
| echo | |
| echo '```diff' | |
| git diff | |
| echo '```' | |
| ) >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| clippy: | |
| name: Run Clippy | |
| needs: [rustfmt, opa-lint] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install toolchain | |
| run: | | |
| rustup toolchain install 1.82.0 | |
| rustup default 1.82.0 | |
| rustup component add clippy | |
| - name: Setup OPA | |
| uses: open-policy-agent/[email protected] | |
| with: | |
| version: 0.64.1 | |
| - name: Compile OPA policies | |
| working-directory: ./policies | |
| run: make | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Run clippy | |
| run: | | |
| cargo clippy --workspace --tests --bins --lib -- -D warnings | |
| compile-test-artifacts: | |
| name: Compile test artifacts | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Install toolchain | |
| run: | | |
| rustup toolchain install stable | |
| rustup default stable | |
| - name: Install nextest | |
| uses: taiki-e/install-action@nextest | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Build and archive tests | |
| run: cargo nextest archive --workspace --archive-file nextest-archive.tar.zst | |
| env: | |
| SQLX_OFFLINE: '1' | |
| - name: Upload archive to workflow | |
| uses: actions/[email protected] | |
| with: | |
| name: nextest-archive | |
| path: nextest-archive.tar.zst | |
| test: | |
| name: Run test suite with Rust stable | |
| needs: [rustfmt, opa-lint, compile-test-artifacts] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| partition: [1, 2] | |
| services: | |
| postgres: | |
| image: docker.io/library/postgres:15.3 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: postgres | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - "5432:5432" | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - run: mkdir -p ~/.cargo/bin | |
| - name: Install nextest | |
| uses: taiki-e/install-action@nextest | |
| - name: Install Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 20 | |
| - name: Install Node dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Build the frontend | |
| working-directory: ./frontend | |
| run: npm run build | |
| - name: Setup OPA | |
| uses: open-policy-agent/[email protected] | |
| with: | |
| version: 0.64.1 | |
| - name: Compile OPA policies | |
| working-directory: ./policies | |
| run: make | |
| - name: Download archive | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nextest-archive | |
| - name: Test | |
| env: | |
| DATABASE_URL: postgresql://postgres:postgres@localhost/postgres | |
| run: | | |
| ~/.cargo/bin/cargo-nextest nextest run --archive-file nextest-archive.tar.zst \ | |
| --partition count:${{ matrix.partition }}/2 \ | |
| --retries 1 | |
| # --retries is a workaround for sqlx not playing nice with nextest | |
| # Waiting for https://github.com/launchbadge/sqlx/pull/3334 | |
| syn2mas: | |
| name: Check syn2mas | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version-file: ./tools/syn2mas/.nvmrc | |
| - name: Install Node dependencies | |
| working-directory: ./tools/syn2mas | |
| run: npm ci | |
| - name: Lint | |
| working-directory: ./tools/syn2mas | |
| run: npm run lint | |
| - name: Build | |
| working-directory: ./tools/syn2mas | |
| run: npm run build | |
| tests-done: | |
| name: Tests done | |
| if: ${{ always() }} | |
| needs: | |
| - opa-lint | |
| - frontend-lint | |
| - frontend-test | |
| - rustfmt | |
| - cargo-deny | |
| - clippy | |
| - check-schema | |
| - test | |
| - syn2mas | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: matrix-org/done-action@v3 | |
| with: | |
| needs: ${{ toJSON(needs) }} |