matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Simplify and speedup CI

Browse Source
This commit is contained in:
Quentin Gliech
2022-11-03 11:05:35 +01:00
parent ba3379434d
commit a7ffb635d4
2 changed files with 44 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
.github/workflows/ci.yaml vendored
View File

@ -14,58 +14,6 @@ env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
jobs: jobs:
fetch:
name: Fetch Cargo dependencies
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Install toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: "1.61.0" # MSRV
target: x86_64-unknown-linux-musl
profile: minimal
override: true
- name: Setup Cargo cache
uses: actions/cache@v3.0.11
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-deps-msrv-${{ hashFiles('**/Cargo.lock') }}
- name: Fetch dependencies
id: fetch
uses: actions-rs/cargo@v1
continue-on-error: true
with:
command: fetch
args: --locked
- name: Fetch dependencies (retry)
id: fetch-2
uses: actions-rs/cargo@v1
if: steps.fetch.outcome == 'failure'
continue-on-error: true
with:
command: fetch
args: --locked
- name: Fetch dependencies (second retry)
uses: actions-rs/cargo@v1
if: steps.fetch.outcome == 'failure' && steps.fetch-2.outcome == 'failure'
with:
command: fetch
args: --locked
opa-lint: opa-lint:
name: Lint and test OPA policies name: Lint and test OPA policies
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -103,9 +51,9 @@ jobs:
files: crates/policy/policies/coverage.json files: crates/policy/policies/coverage.json
flags: policies flags: policies
rustfmt: rustfmt:
name: Check style name: Check style
needs: [fetch]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -116,41 +64,18 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install toolchain - name: Install toolchain
id: toolchain run: |
uses: actions-rs/toolchain@v1 rustup toolchain install nightly
with: rustup default nightly
toolchain: nightly rustup component add rustfmt
target: x86_64-unknown-linux-musl
components: rustfmt
profile: minimal
override: true
- name: Setup Cargo cache
uses: actions/cache@v3.0.11
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-deps-msrv-${{ hashFiles('**/Cargo.lock') }}
- name: Setup build cache
uses: actions/cache@v3.0.11
with:
path: |
target
key: cargo-fmt-${{ hashFiles('**/Cargo.lock') }}-${{ steps.toolchain.outputs.rustc_hash }}
- name: Check style - name: Check style
uses: actions-rs/cargo@v1 run: cargo fmt --all -- --check
with:
command: fmt
args: --all -- --check
clippy: clippy:
name: Run Clippy name: Run Clippy
needs: [opa-lint, fetch] needs: [rustfmt, opa-lint]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -161,14 +86,10 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install toolchain - name: Install toolchain
id: toolchain run: |
uses: actions-rs/toolchain@v1 rustup toolchain install stable
with: rustup default stable
toolchain: stable rustup component add clippy
target: x86_64-unknown-linux-musl
components: clippy
profile: minimal
override: true
- name: Install Protoc - name: Install Protoc
uses: arduino/setup-protoc@v1 uses: arduino/setup-protoc@v1
@ -183,32 +104,17 @@ jobs:
cd crates/policy/policies cd crates/policy/policies
make make
- name: Setup Cargo cache - name: Setup Rust cache
uses: actions/cache@v3.0.11 uses: Swatinem/rust-cache@v2
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-deps-msrv-${{ hashFiles('**/Cargo.lock') }}
- name: Setup build cache - name: Run clippy
uses: actions/cache@v3.0.11 run: |
with: cargo clippy --workspace -- -D warnings
path: |
target
key: cargo-clippy-${{ hashFiles('**/Cargo.lock') }}-${{ steps.toolchain.outputs.rustc_hash }}
- name: Run Clippy
uses: actions-rs/cargo@v1
with:
command: clippy
args: --workspace -- -D warnings
test: test:
name: Run test suite with Rust ${{ matrix.toolchain }} name: Run test suite with Rust ${{ matrix.toolchain }}
needs: [rustfmt, clippy, opa-lint, fetch] needs: [rustfmt, opa-lint]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -218,7 +124,6 @@ jobs:
fail-fast: false # Continue other jobs if one fails to help filling the cache fail-fast: false # Continue other jobs if one fails to help filling the cache
matrix: matrix:
toolchain: toolchain:
- "1.61.0" # MSRV
- stable - stable
- beta - beta
- nightly - nightly
@ -243,13 +148,9 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install toolchain - name: Install toolchain
id: toolchain run: |
uses: actions-rs/toolchain@v1 rustup toolchain install ${{ matrix.toolchain }}
with: rustup default ${{ matrix.toolchain }}
toolchain: ${{ matrix.toolchain }}
target: x86_64-unknown-linux-musl
profile: minimal
override: true
- name: Install Protoc - name: Install Protoc
uses: arduino/setup-protoc@v1 uses: arduino/setup-protoc@v1
@ -264,31 +165,16 @@ jobs:
cd crates/policy/policies cd crates/policy/policies
make make
- name: Setup Cargo cache - name: Setup Rust cache
uses: actions/cache@v3.0.11 uses: Swatinem/rust-cache@v2
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-deps-msrv-${{ hashFiles('**/Cargo.lock') }}
- name: Setup build cache
uses: actions/cache@v3.0.11
with:
path: |
target
key: ${{ runner.os }}-cargo-build-${{ steps.toolchain.outputs.rustc_hash }}-${{ hashFiles('**/Cargo.lock') }}
- name: Test - name: Test
id: test id: test
uses: actions-rs/cargo@v1
with:
command: test
args: --offline --workspace
env: env:
DATABASE_URL: postgresql://postgres:postgres@localhost/postgres DATABASE_URL: postgresql://postgres:postgres@localhost/postgres
SQLX_OFFLINE: '1' SQLX_OFFLINE: '1'
run: |
cargo test --workspace
# Ignore errors on the nightly toolchain # Ignore errors on the nightly toolchain
continue-on-error: "${{ matrix.toolchain == 'nightly' }}" continue-on-error: "${{ matrix.toolchain == 'nightly' }}"
@ -301,7 +187,7 @@ jobs:
coverage: coverage:
name: Code coverage name: Code coverage
needs: [rustfmt, clippy, opa-lint, fetch] needs: [rustfmt, opa-lint]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -327,13 +213,10 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install toolchain - name: Install toolchain
id: toolchain run: |
uses: actions-rs/toolchain@v1 rustup toolchain install stable
with: rustup default stable
toolchain: stable rustup component add llvm-tools-preview
target: x86_64-unknown-linux-musl
override: true
components: llvm-tools-preview
- name: Install Protoc - name: Install Protoc
uses: arduino/setup-protoc@v1 uses: arduino/setup-protoc@v1
@ -348,35 +231,19 @@ jobs:
cd crates/policy/policies cd crates/policy/policies
make make
- name: Setup Cargo cache - name: Setup Rust cache
uses: actions/cache@v3.0.11 uses: Swatinem/rust-cache@v2
with:
path: |
~/.cargo/registry/index
~/.cargo/registry/cache
~/.cargo/git/db
key: ${{ runner.os }}-cargo-deps-msrv-${{ hashFiles('**/Cargo.lock') }}
- name: Setup build cache
uses: actions/cache@v3.0.11
with:
path: |
target
key: ${{ runner.os }}-cargo-coverage-${{ steps.toolchain.outputs.rustc_hash }}-${{ hashFiles('**/Cargo.lock') }}
- name: Download grcov - name: Download grcov
run: | run: |
mkdir -p "${HOME}/.local/bin" mkdir -p "${HOME}/.local/bin"
curl -sL https://github.com/mozilla/grcov/releases/download/v0.8.7/grcov-x86_64-unknown-linux-gnu.tar.bz2 | tar jxf - -C "${HOME}/.local/bin" curl -sL https://github.com/mozilla/grcov/releases/download/v0.8.13/grcov-x86_64-unknown-linux-gnu.tar.bz2 | tar jxf - -C "${HOME}/.local/bin"
echo "$HOME/.local/bin" >> $GITHUB_PATH echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Run test suite with profiling enabled - name: Run test suite with profiling enabled
uses: actions-rs/cargo@v1 run: |
with: cargo test --no-fail-fast --workspace
command: test
args: --no-fail-fast --workspace
env: env:
CARGO_INCREMENTAL: '0'
RUSTFLAGS: '-Cinstrument-coverage' RUSTFLAGS: '-Cinstrument-coverage'
LLVM_PROFILE_FILE: "cargo-test-%p-%m.profraw" LLVM_PROFILE_FILE: "cargo-test-%p-%m.profraw"
DATABASE_URL: postgresql://postgres:postgres@localhost/postgres DATABASE_URL: postgresql://postgres:postgres@localhost/postgres
@ -396,7 +263,7 @@ jobs:
build-image: build-image:
name: Build and push Docker image name: Build and push Docker image
needs: [opa-lint] needs: [rustfmt, opa-lint]
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
IMAGE: ghcr.io/matrix-org/matrix-authentication-service IMAGE: ghcr.io/matrix-org/matrix-authentication-service
@ -436,10 +303,6 @@ jobs:
type=semver,pattern={{major}},suffix=-debug type=semver,pattern={{major}},suffix=-debug
type=sha,suffix=-debug type=sha,suffix=-debug
- name: Merge buildx bake files
run: |
jq -s '.[0] * .[1]' ${{ steps.meta.outputs.bake-file }} ${{ steps.meta-debug.outputs.bake-file }} > docker-bake.override.json
- name: Setup Cosign - name: Setup Cosign
uses: sigstore/cosign-installer@v2.8.1 uses: sigstore/cosign-installer@v2.8.1
@ -460,11 +323,15 @@ jobs:
# For pull-requests, only read from the cache, do not try to push to the # For pull-requests, only read from the cache, do not try to push to the
# cache or the image itself # cache or the image itself
# We only build for the amd64 platform in pul-requests to speed-up CI # We only build for the amd64 platform in pull-requests to speed-up CI
- name: Build - name: Build
uses: docker/bake-action@v2 uses: docker/bake-action@v2
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
with: with:
files: |
docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
${{ steps.meta-debug.outputs.bake-file }}
set: | set: |
base.platform=linux/amd64 base.platform=linux/amd64
base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache
@ -473,6 +340,10 @@ jobs:
uses: docker/bake-action@v2 uses: docker/bake-action@v2
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
with: with:
files: |
docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
${{ steps.meta-debug.outputs.bake-file }}
set: | set: |
base.output=type=image,push=true base.output=type=image,push=true
base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache

1
clippy.toml
View File

@ -1,4 +1,3 @@
msrv = "1.61.0"
doc-valid-idents = ["OpenID", "OAuth", ".."] doc-valid-idents = ["OpenID", "OAuth", ".."]
disallowed-methods = [ disallowed-methods = [