Consolidate PR workflow with dependabot automation #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request | |
| on: pull_request | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_NET_RETRY: 10 | |
| RUSTUP_MAX_RETRIES: 10 | |
| RUSTFLAGS: "-D warnings -D deprecated -C debuginfo=0" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| meta: | |
| timeout-minutes: 5 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: build | |
| uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 | |
| with: | |
| files: | | |
| .github/workflows/pr.yml | |
| justfile | |
| - id: cargo | |
| uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 | |
| with: | |
| files: | | |
| **/Cargo.toml | |
| - id: rust | |
| uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 | |
| with: | |
| files: | | |
| **/*.rs | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - id: cargo-crates | |
| run: ./.github/list-crates.sh ${{ steps.cargo.outputs.all_changed_files }} | |
| outputs: | |
| any_changed: ${{ steps.build.outputs.any_changed || steps.cargo.outputs.any_changed || steps.rust.outputs.any_changed }} | |
| build_changed: ${{ steps.build.outputs.any_changed }} | |
| cargo_changed: ${{ steps.cargo.outputs.any_changed }} | |
| cargo_crates: ${{ steps.cargo-crates.outputs.crates }} | |
| rust_changed: ${{ steps.rust.outputs.any_changed }} | |
| rust: | |
| needs: meta | |
| if: needs.meta.outputs.any_changed | |
| runs-on: ubuntu-latest | |
| container: ghcr.io/linkerd/dev:v42-rust | |
| permissions: | |
| contents: read | |
| timeout-minutes: 20 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 | |
| - run: just fetch | |
| - name: Audit dependencies | |
| uses: EmbarkStudios/cargo-deny-action@64015a69ee7ee08f6c56455089cdaf6ad974fd15 | |
| with: | |
| command: check bans licenses sources | |
| - run: just check-fmt | |
| - run: just clippy | |
| - run: just docs | |
| - run: just test-build --no-default-features | |
| - run: just test --no-default-features | |
| rust-crates: | |
| needs: meta | |
| if: needs.meta.outputs.cargo_changed | |
| timeout-minutes: 20 | |
| runs-on: ubuntu-latest | |
| container: ghcr.io/linkerd/dev:v43-rust | |
| strategy: | |
| matrix: | |
| crate: ${{ fromJson(needs.meta.outputs.cargo_crates) }} | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 | |
| - run: just fetch | |
| - run: just check-crate ${{ matrix.crate }} | |
| rust-coverage: | |
| needs: meta | |
| if: needs.meta.outputs.rust_changed | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| container: | |
| image: docker://ghcr.io/linkerd/dev:v43-rust | |
| options: --security-opt seccomp=unconfined # 🤷 | |
| env: | |
| CXX: "/usr/bin/clang++-14" | |
| steps: | |
| # XXX(ver) Workaround for a linking problem in the binary we store in the | |
| # devcontainer. | |
| # - run: scurl https://github.com/xd009642/tarpaulin/releases/download/0.27.1/cargo-tarpaulin-x86_64-unknown-linux-musl.tar.gz | tar -C /usr/local/bin -zxvf - | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| # linkerd-transport-header and opencencus-proto tests only check codegen. | |
| - run: cargo tarpaulin --locked --workspace --exclude=linkerd2-proxy --exclude=linkerd-transport-header --exclude=opencensus-proto --exclude=spire-proto --no-run | |
| - run: cargo tarpaulin --locked --workspace --exclude=linkerd2-proxy --exclude=linkerd-transport-header --exclude=opencensus-proto --exclude=spire-proto --skip-clean --ignore-tests --no-fail-fast --out=Xml | |
| # Some tests are especially flakey in coverage tests. That's fine. We | |
| # only really care to measure how much of our codebase is covered. | |
| continue-on-error: true | |
| - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab | |
| linkerd-install: | |
| needs: meta | |
| if: needs.meta.outputs.any_changed | |
| timeout-minutes: 20 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: linkerd/dev/actions/setup-tools@v43 | |
| - name: scurl https://run.linkerd.io/install-edge | sh | |
| run: | | |
| scurl https://run.linkerd.io/install-edge | sh | |
| echo "PATH=$PATH:$HOME/.linkerd2/bin" >> "$GITHUB_ENV" | |
| export PATH="$PATH:$HOME/.linkerd2/bin" | |
| tag=$(linkerd version --client --short) | |
| echo "linkerd $tag" | |
| echo "LINKERD_TAG=$tag" >> "$GITHUB_ENV" | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - run: just docker | |
| - run: just-k3d create | |
| - run: just k3d-load-linkerd | |
| - run: just linkerd-install | |
| - run: just linkerd-check-contol-plane-proxy | |
| env: | |
| TMPDIR: ${{ runner.temp }} | |
| auto-merge: | |
| needs: [rust, rust-crates, rust-coverage, linkerd-install] | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: gh pr merge '${{ github.event.pull_request.number }}' --auto --merge | |
| env: | |
| GH_TOKEN: ${{ github.token }} |