zebra/.github/workflows/ci-lint.yml

174 lines
6.0 KiB
YAML

# This workflow conducts various linting checks for a Rust-based project.
# 1. Determines if Rust or workflow files have been modified.
# 2. Runs the Clippy linter on Rust files, producing annotations and failing on warnings.
# 3. Ensures Rust code formatting complies with 'rustfmt' standards.
# 4. Lints GitHub Actions workflow files for common issues.
# 5. Checks for common spelling errors in the codebase.
# The workflow is designed to maintain code quality and consistency, running checks conditionally based on the changed files.
name: Lint
# Ensures that only one workflow task will run at a time. Previous builds, if
# already in process, will get cancelled. Only the latest commit will be allowed
# to run, cancelling any workflows in between
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
# we build Rust caches on main, so they can be shared by all branches:
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache
push:
branches:
- main
pull_request:
env:
CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }}
RUST_LOG: ${{ vars.RUST_LOG }}
RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }}
RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }}
COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }}
jobs:
changed-files:
runs-on: ubuntu-latest
name: Checks changed-files
outputs:
rust: ${{ steps.changed-files-rust.outputs.any_changed == 'true' }}
workflows: ${{ steps.changed-files-workflows.outputs.any_changed == 'true' }}
steps:
- uses: actions/checkout@v4.1.6
with:
persist-credentials: false
fetch-depth: 0
- name: Rust files
id: changed-files-rust
uses: tj-actions/changed-files@v44.5.2
with:
files: |
**/*.rs
**/Cargo.toml
**/Cargo.lock
clippy.toml
.cargo/config.toml
.github/workflows/ci-lint.yml
- name: Workflow files
id: changed-files-workflows
uses: tj-actions/changed-files@v44.5.2
with:
files: |
.github/workflows/*.yml
clippy:
name: Clippy
timeout-minutes: 45
runs-on: ubuntu-latest
needs: changed-files
if: ${{ needs.changed-files.outputs.rust == 'true' }}
steps:
- uses: actions/checkout@v4.1.6
with:
persist-credentials: false
- name: Install last version of Protoc
uses: arduino/setup-protoc@v3.0.0
with:
# TODO: increase to latest version after https://github.com/arduino/setup-protoc/issues/33 is fixed
version: '23.x'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Check workflow permissions
id: check_permissions
uses: scherermichael-oss/action-has-permission@1.0.6
with:
required-permission: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Setup Rust with stable toolchain and default profile
- name: Setup Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=default
- uses: Swatinem/rust-cache@v2.7.3
with:
shared-key: "clippy-cargo-lock"
# TODO: keep this action until we find a better solution
- name: Run clippy action to produce annotations
uses: actions-rs/clippy-check@v1.0.7
if: ${{ steps.check_permissions.outputs.has-permission }}
with:
# GitHub displays the clippy job and its results as separate entries
name: Clippy (stable) Results
token: ${{ secrets.GITHUB_TOKEN }}
args: --workspace --all-features --all-targets -- -D warnings
- name: Run clippy manually without annotations
if: ${{ !steps.check_permissions.outputs.has-permission }}
run: cargo clippy --workspace --all-features --all-targets -- -D warnings
fmt:
name: Rustfmt
timeout-minutes: 30
runs-on: ubuntu-latest
needs: changed-files
if: ${{ needs.changed-files.outputs.rust == 'true' }}
steps:
- uses: actions/checkout@v4.1.6
with:
persist-credentials: false
- uses: r7kamura/rust-problem-matchers@v1.5.0
- name: Install last version of Protoc
uses: arduino/setup-protoc@v3.0.0
with:
# TODO: increase to latest version after https://github.com/arduino/setup-protoc/issues/33 is fixed
version: '23.x'
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Setup Rust with stable toolchain and default profile
- name: Setup Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=default
# We don't cache `fmt` outputs because the job is quick,
# and we want to use the limited GitHub actions cache space for slower jobs.
#- uses: Swatinem/rust-cache@v2.7.3
- run: |
cargo fmt --all -- --check
actionlint:
runs-on: ubuntu-latest
continue-on-error: true
needs: changed-files
if: ${{ needs.changed-files.outputs.workflows == 'true' }}
steps:
- uses: actions/checkout@v4.1.6
- name: actionlint
uses: reviewdog/action-actionlint@v1.48.0
with:
level: warning
fail_on_error: false
# This is failing with a JSON schema error, see #8028 for details.
#- name: validate-dependabot
# # This gives an error when run on PRs from external repositories, so we skip it.
# # If this is a PR, check that the PR source is a local branch. Always runs on non-PRs.
# if: ${{ !startsWith(github.event_name, 'pull') || !github.event.pull_request.head.repo.fork }}
# uses: marocchino/validate-dependabot@v2.1.0
codespell:
runs-on: ubuntu-latest
needs: changed-files
steps:
- uses: actions/checkout@v4.1.6
- uses: codespell-project/actions-codespell@v2.0
with:
only_warn: 1