Skip to content
CI

chore: add CodeQL analysis and ShellCheck linting workflow #140

Sign in to view logs

chore: add CodeQL analysis and ShellCheck linting workflow

chore: add CodeQL analysis and ShellCheck linting workflow #140

Workflow file for this run

.github/workflows/ci.yml at 5747a73
name: CI
on:
push:
branches:
- master
- main
- dev
pull_request:
branches:
- master
- main
- dev
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main' }}
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
check-workspace:
name: Check workspace conventions
runs-on: ubuntu-latest
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
submodules: true
- uses: ./.github/actions/install-base
- uses: ./.github/actions/setup-rust
- name: cargo xtask check-workspace
run: |
cargo xtask check-workspace
format:
name: Format
runs-on: ubuntu-latest
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
submodules: true
- uses: ./.github/actions/install-base
- uses: ./.github/actions/setup-rust
- name: Check formatting
run: |
cargo fmt --all -- --check
lint:
name: Lint (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-15]
runs-on: ${{ matrix.os }}
permissions:
contents: read
actions: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
submodules: true
- uses: ./.github/actions/install-base
- uses: ./.github/actions/setup-rust
- name: Run clippy
run: |
cargo run -p cargo-matrix -- --command clippy
check:
name: Check (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-15]
runs-on: ${{ matrix.os }}
permissions:
contents: read
actions: write
packages: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
submodules: true
- uses: ./.github/actions/install-base
- uses: ./.github/actions/setup-rust
- name: Check
run: |
cargo run -p cargo-matrix -- --command check
build:
name: Build (${{ matrix.os }})
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-15]
runs-on: ${{ matrix.os }}
permissions:
contents: read
actions: write
packages: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
submodules: true
- uses: ./.github/actions/install-base
- uses: ./.github/actions/setup-rust
- name: Build Release
run: |
cargo run -p cargo-matrix -- --command build
basics-checks:
name: Basic checks
needs: [check-workspace, format, lint, check]
if: ${{ !cancelled() }}
runs-on: ubuntu-latest
steps:
- name: Conclusion
run: |
# Print the dependent jobs to see them in the CI log
jq -C <<< '${{ toJson(needs) }}'
# Check if all jobs that we depend on (in the needs array) were successful.
jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'
all-checks:
needs: [basics-checks, build]
# Override the default execution condition to prevent this job from being skipped
# if its dependencies fail. In GitHub Actions, a skipped job is considered successful,
# which is not the desired behavior here. Also, ensure the job does not run when
# the workflow is manually canceled.
if: ${{ !cancelled() }}
runs-on: ubuntu-latest
steps:
# Manually check the status of all dependencies. `if: failure()` does not work.
- name: Conclusion
run: |
# Print the dependent jobs to see them in the CI log
jq -C <<< '${{ toJson(needs) }}'
# Check if all jobs that we depend on (in the needs array) were successful.
jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'