Skip to content

Embed the host runner in the CLI #1984

Embed the host runner in the CLI

Embed the host runner in the CLI #1984

Workflow file for this run

name: CI
on:
push:
pull_request:
schedule:
- cron: 45 3 * * 2 # every Tuesday at 3:45 UTC
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions: {}
jobs:
checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Compute the checks for ${{ github.event_name }}
id: checks
run: |
x() {
local check=$1
[[ $GITHUB_BASE_REF == dev/* && $check == changelog ]] && return
while [[ $# -gt 1 ]]; do
shift
[[ $1 == $GITHUB_EVENT_NAME ]] || continue
[[ -z "$CHECKS" ]] || CHECKS+=', '
CHECKS+="\"$check\""
done
true
}
x copyright pull_request
x changelog pull_request
x textreview pull_request
x sync pull_request push schedule
x publish pull_request push schedule
x markdown pull_request push schedule
x taplo pull_request push schedule
x applets pull_request push schedule
x runners pull_request push schedule
x tests-0 pull_request push schedule
x tests-1 pull_request push schedule
x tests-2 pull_request push schedule
x tests-3 pull_request push schedule
x hw-host pull_request push schedule
x book pull_request push schedule
x footprint pull_request push
echo "checks=[$CHECKS]" >> $GITHUB_OUTPUT
release=$(git log -1 --pretty=%s | sed -n 's/^Release all crates (#\([0-9]*\))$/\1/p')
[[ $GITHUB_EVENT_NAME == push ]] || release=
[[ $GITHUB_REF == refs/heads/main ]] || release=
echo release=${release:-0} >> $GITHUB_OUTPUT
outputs:
checks: ${{ steps.checks.outputs.checks }}
release: ${{ steps.checks.outputs.release }}
cache:
runs-on: ubuntu-latest
needs: checks
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- if: github.event_name != 'schedule'
id: cache
name: Restore and save the cache
uses: ./.github/actions/ci-cache
with:
mode: save
- if: steps.cache.outputs.cache-hit != 'true'
name: Run all checks ${{ needs.checks.outputs.checks }}
uses: ./.github/actions/ci-checks
with:
checks: ${{ needs.checks.outputs.checks }}
token: ${{ secrets.GITHUB_TOKEN }}
use-cache: 'false'
- if: steps.cache.outputs.cache-hit != 'true'
run: rm -rf target && cargo xtask help
matrix:
runs-on: ubuntu-latest
needs: [checks, cache] # The cache is used by the checks.
strategy:
fail-fast: false
matrix:
check: ${{ fromJSON(needs.checks.outputs.checks) }}
name: ${{ matrix.check }}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Run the ${{ matrix.check }} check
uses: ./.github/actions/ci-checks
with:
checks: "[\"${{ matrix.check }}\"]"
token: ${{ secrets.GITHUB_TOKEN }}
ubuntu:
runs-on: ubuntu-latest
needs: matrix
steps:
- run: true
release:
runs-on: ubuntu-latest
needs: [checks, ubuntu]
if: ${{ needs.checks.outputs.release != 0 }}
permissions:
attestations: write
contents: write
id-token: write
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- run: ./scripts/artifacts.sh
- uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
id: attest
with:
subject-path: 'artifacts/*'
- run: |
mv ${{ steps.attest.outputs.bundle-path }} attestation.intoto.jsonl
echo 'attestation.intoto.jsonl#Provenance attestation' >> artifacts.txt
COMMIT=$(git rev-parse -q --verify HEAD)
DATE=$(git log -1 --pretty=%cs)
xargs --arg-file=artifacts.txt --delimiter='\n' \
gh release create release/$DATE --target=$COMMIT \
--title="Release $DATE" --notes-file=notes.txt
env:
GH_TOKEN: ${{ github.token }}