Skip to content

Lock file maintenance (JS) (#12157) #26705

Lock file maintenance (JS) (#12157)

Lock file maintenance (JS) (#12157) #26705

Workflow file for this run

name: CI
on:
push:
branches:
- main
- master
pull_request:
permissions: {}
concurrency:
group: ci-${{ github.head_ref || github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
# renovate: datasource=crate depName=cargo-deny versioning=semver
CARGO_DENY_VERSION: 0.18.5
# renovate: datasource=github-releases depName=cargo-insta lookupName=mitsuhiko/insta versioning=semver
CARGO_INSTA_VERSION: 1.43.2
# renovate: datasource=crate depName=cargo-machete versioning=semver
CARGO_MACHETE_VERSION: 0.9.1
# renovate: datasource=github-releases depName=shssoichiro/oxipng versioning=semver
OXIPNG_VERSION: 9.1.5
# renovate: datasource=npm depName=pnpm
PNPM_VERSION: 10.19.0
# renovate: datasource=github-releases depName=typst/typst versioning=semver
TYPST_VERSION: 0.13.1
# renovate: datasource=pypi depName=zizmor
ZIZMOR_VERSION: 1.15.2
jobs:
changed-files:
name: Changed Files
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
# This is needed to get the commit history for the changed-files action
# (see https://github.com/tj-actions/changed-files/blob/v46.0.5/README.md#usage-)
fetch-depth: 0
- uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
id: changed-files-non-js
with:
files_ignore: |
app/**
e2e/**
packages/**
public/**
tests/**
eslint.config.mjs
.template-lintrc.js
ember-cli-build.js
package.json
pnpm-lock.yaml
testem.js
- uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
id: changed-files-non-rust
with:
files_ignore: |
crates/**
migrations/**
src/**
build.rs
Cargo.lock
Cargo.toml
rust-toolchain.toml
- uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
id: changed-files-rust-lockfile
with:
files: Cargo.lock
- uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
id: changed-files-ci
with:
files: .github/workflows/**
outputs:
non-js: ${{ steps.changed-files-non-js.outputs.any_modified }}
non-rust: ${{ steps.changed-files-non-rust.outputs.any_modified }}
rust-lockfile: ${{ steps.changed-files-rust-lockfile.outputs.any_modified }}
ci: ${{ steps.changed-files-ci.outputs.any_modified }}
percy-nonce:
name: Frontend / Percy Nonce
runs-on: ubuntu-latest
needs: changed-files
if: needs.changed-files.outputs.non-rust == 'true'
# persist job results to other jobs in the workflow
outputs:
nonce: ${{ steps.percy-nonce.outputs.nonce }}
steps:
# persist step results to other steps in the job
- id: percy-nonce
# adding a timestamp makes the nonce more unique for re-runs
run: echo "nonce=${{ github.run_id }}-$(date +%s)" >> $GITHUB_OUTPUT
backend-lint:
name: Backend / Lint
runs-on: ubuntu-24.04
needs: changed-files
if: needs.changed-files.outputs.non-js == 'true'
env:
RUSTFLAGS: "-D warnings"
RUSTDOCFLAGS: "-D warnings"
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- run: rustup component add rustfmt
- run: rustup component add clippy
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/main' }}
- run: cargo fmt --check --all
- run: cargo clippy --all-targets --all-features --workspace
- run: cargo doc --no-deps --document-private-items
backend-deps:
name: Backend / dependencies
runs-on: ubuntu-24.04
needs: changed-files
if: github.event_name != 'pull_request' || needs.changed-files.outputs.rust-lockfile == 'true'
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/main' }}
- run: cargo install cargo-deny --vers ${CARGO_DENY_VERSION}
- run: cargo deny check
- run: cargo install cargo-machete --vers ${CARGO_MACHETE_VERSION}
- run: cargo machete
backend-test:
name: Backend / Test
runs-on: ubuntu-24.04
needs: changed-files
if: needs.changed-files.outputs.non-js == 'true'
env:
RUST_BACKTRACE: 1
TEST_DATABASE_URL: postgres://postgres:postgres@localhost/postgres
RUSTFLAGS: "-D warnings -Cinstrument-coverage"
MALLOC_CONF: "background_thread:true,abort_conf:true,abort:true,junk:true"
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
# Remove the Android SDK to free up space
- run: sudo rm -rf /usr/local/lib/android
- name: Install Typst
run: |
wget -q "https://github.com/typst/typst/releases/download/v${TYPST_VERSION}/typst-x86_64-unknown-linux-musl.tar.xz"
tar -xf "typst-x86_64-unknown-linux-musl.tar.xz"
sudo mv "typst-x86_64-unknown-linux-musl/typst" /usr/local/bin/
rm -rf "typst-x86_64-unknown-linux-musl" "typst-x86_64-unknown-linux-musl.tar.xz"
typst --version
- name: Install oxipng
run: |
wget -q "https://github.com/shssoichiro/oxipng/releases/download/v${OXIPNG_VERSION}/oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"
tar -xf "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"
sudo mv "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl/oxipng" /usr/local/bin/
rm -rf "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl" "oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"
oxipng --version
- name: Download Fira Sans font
run: |
wget -q "https://github.com/mozilla/Fira/archive/4.202.zip"
unzip -q "4.202.zip"
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/main' }}
- name: Install cargo-insta
run: curl -LsSf https://github.com/mitsuhiko/insta/releases/download/${CARGO_INSTA_VERSION}/cargo-insta-installer.sh | sh
- run: sudo systemctl start postgresql.service
- run: sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'"
- run: cargo fetch --locked
- run: cargo build --tests --workspace
- run: cargo insta test --require-full-match --unreferenced=reject --workspace
env:
# Set the path to the Fira Sans font for Typst.
TYPST_FONT_PATH: ${{ github.workspace }}/Fira-4.202/otf
frontend-lint:
name: Frontend / Lint
runs-on: ubuntu-24.04
needs: changed-files
if: needs.changed-files.outputs.non-rust == 'true'
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
cache: pnpm
node-version-file: package.json
- run: pnpm install
- run: pnpm lint:hbs
- run: pnpm lint:js
- run: pnpm lint:deps
- run: pnpm prettier:check
frontend-test:
name: Frontend / Test
runs-on: ubuntu-24.04
needs: [changed-files, percy-nonce]
if: needs.changed-files.outputs.non-rust == 'true'
env:
JOBS: 1 # See https://git.io/vdao3 for details.
# Percy secrets are included here to enable Percy's GitHub integration
# on community-submitted PRs
PERCY_TOKEN: web_0a783d8086b6f996809f3e751d032dd6d156782082bcd1423b9b860113c75054
PERCY_PARALLEL_NONCE: ${{ needs.percy-nonce.outputs.nonce }}
PERCY_PARALLEL_TOTAL: 2
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
cache: pnpm
node-version-file: package.json
- run: pnpm install
- if: github.repository == 'rust-lang/crates.io'
run: pnpm percy exec --parallel -- pnpm test
- if: github.repository != 'rust-lang/crates.io'
run: pnpm test
msw-test:
name: Frontend / Test (@crates-io/msw)
runs-on: ubuntu-24.04
needs: [changed-files]
if: needs.changed-files.outputs.non-rust == 'true'
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
cache: pnpm
node-version-file: package.json
- run: pnpm install
- run: pnpm --filter "@crates-io/msw" test
e2e-test:
name: Frontend / Test (playwright)
runs-on: ubuntu-24.04
needs: [changed-files, percy-nonce]
timeout-minutes: 60
if: needs.changed-files.outputs.non-rust == 'true'
env:
JOBS: 1 # See https://git.io/vdao3 for details.
# Percy secrets are included here to enable Percy's GitHub integration
# on community-submitted PRs
PERCY_TOKEN: web_0a783d8086b6f996809f3e751d032dd6d156782082bcd1423b9b860113c75054
PERCY_PARALLEL_NONCE: ${{ needs.percy-nonce.outputs.nonce }}
PERCY_PARALLEL_TOTAL: 2
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
cache: pnpm
node-version-file: package.json
- run: pnpm install
- run: pnpm playwright install chromium
- if: github.repository == 'rust-lang/crates.io'
run: pnpm percy exec --parallel -- pnpm e2e
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ !cancelled() }}
with:
name: playwright-report
path: playwright-report/
retention-days: 14
zizmor:
name: CI / Lint
runs-on: ubuntu-24.04
needs: changed-files
if: needs.changed-files.outputs.ci == 'true'
permissions:
security-events: write
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
- run: uvx zizmor@${ZIZMOR_VERSION} --format=sarif . > results.sarif
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
with:
sarif_file: results.sarif
category: zizmor