ci: move to GH actions

robjtede · robjtede · commit 644c7f608f50 · 2025-05-02T12:31:59.000+01:00
diff --git a/.cspell.yml b/.cspell.yml
@@ -0,0 +1,4 @@
+version: "0.2"
+words:
+  - clippy
+  - direnv
diff --git a/.envrc b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: [robjtede]
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: weekly
+    versioning-strategy: lockfile-only
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,61 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main]
+  merge_group:
+    types: [checks_requested]
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  read_msrv:
+    name: Read MSRV
+    uses: actions-rust-lang/msrv/.github/workflows/msrv.yml@main
+
+  test:
+    needs: read_msrv
+
+    strategy:
+      fail-fast: false
+      matrix:
+        toolchain:
+          - { name: msrv, version: "${{ needs.read_msrv.outputs.msrv }}" }
+          - { name: stable, version: stable }
+
+    runs-on: ubuntu-latest
+
+    name: Test / ${{ matrix.toolchain.name }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+
+      - name: Install Rust (${{ matrix.toolchain.name }})
+        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        with:
+          toolchain: ${{ matrix.toolchain.version }}
+
+      - name: Install cargo-nextest
+        uses: taiki-e/install-action@v2.49.28
+        with:
+          tool: cargo-nextest
+
+      - name: Enter Nix devshell
+        uses: nicknovitski/nix-develop@v1.2.1
+
+      - name: Downgrade for MSRV
+        if: matrix.toolchain.name == 'msrv'
+        run: just downgrade-for-msrv
+
+      - name: Test
+        run: just test-no-coverage
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
@@ -0,0 +1,46 @@
+name: Coverage
+
+on:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+    name: Coverage
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        with:
+          components: llvm-tools-preview
+
+      - name: Enter Nix devshell
+        uses: nicknovitski/nix-develop@v1.2.1
+
+      - name: Install cargo-llvm-cov
+        uses: taiki-e/install-action@v2.49.28
+        with:
+          tool: cargo-llvm-cov
+
+      - name: Generate code coverage
+        run: just test-coverage-codecov
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5.4.0
+        with:
+          files: codecov.json
+          fail_ci_if_error: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/dependabot-reviewer.yml b/.github/workflows/dependabot-reviewer.yml
@@ -0,0 +1,39 @@
+name: Dependabot Reviewer
+
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  review-dependabot-pr:
+    name: Approve PR
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    env:
+      PR_URL: ${{ github.event.pull_request.html_url }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Fetch Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2.3.0
+
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --squash "$PR_URL"
+
+      - name: Approve patch and minor updates
+        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'|| steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: |
+          gh pr review "$PR_URL" --approve --body "I'm **approving** this pull request because **it only includes patch or minor updates**."
+
+      - name: Approve major updates of dev dependencies
+        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
+        run: |
+          gh pr review "$PR_URL" --approve --body "I'm **approving** this pull request because **it only includes major updates of dev dependencies**."
+
+      - name: Comment on major updates of normal dependencies
+        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
+        run: |
+          gh pr comment "$PR_URL" --body "I'm **not approving** this PR because **it includes major updates of normal dependencies**."
+          gh pr edit "$PR_URL" --add-label "requires-manual-qa"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,85 @@
+name: Lint
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          components: rustfmt
+
+      - name: Format Check
+        uses: actions-rust-lang/rustfmt@v1
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      checks: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          components: clippy
+
+      - name: Clippy Check
+        uses: giraffate/clippy-action@v1
+        with:
+          clippy_flags: --workspace --all-targets --all-features
+          reporter: github-pr-check
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  docs:
+    name: Docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1.5.0
+        with:
+          components: rust-docs
+
+      - name: Validate Intra-doc Links
+        env:
+          RUSTDOCFLAGS: -D warnings
+        run: cargo doc --workspace --no-deps --all-features
+
+  audit:
+    name: Audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: Install cargo-deny
+        uses: taiki-e/install-action@v2.49.28
+        with:
+          tool: cargo-deny
+
+      - name: Audit check
+        run: cargo deny --all-features check advisories
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,12 @@
 /target
+
+# rust
+/target/
 **/*.rs.bk
-Cargo.lock
-.idea
+
+# direnv
+/.direnv/
+
+# code coverage
+/codecov.json
+/lcov.info
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
diff --git a/.prettierrc.yml b/.prettierrc.yml
@@ -0,0 +1,5 @@
+overrides:
+  - files: "*.md"
+    options:
+      printWidth: 9999
+      proseWrap: never
diff --git a/.rustfmt.toml b/.rustfmt.toml
@@ -0,0 +1,3 @@
+group_imports = "StdExternalCrate"
+imports_granularity = "Crate"
+use_field_init_shorthand = true
diff --git a/.taplo.toml b/.taplo.toml
@@ -0,0 +1,19 @@
+exclude = ["target/*"]
+include = ["**/*.toml"]
+
+[formatting]
+column_width = 100
+
+[[rule]]
+include = ["**/Cargo.toml"]
+keys = ["dependencies", "*-dependencies"]
+
+[rule.formatting]
+reorder_keys = true
+
+[[rule]]
+include = ["**/Cargo.toml"]
+keys = ["dependencies.*", "*-dependencies.*"]
+
+[rule.formatting]
+reorder_keys = false
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/flake.nix b/flake.nix
diff --git a/justfile b/justfile

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +version: "0.2"
 +words:
 +  - clippy
 +  - direnv
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# These are supported funding model platforms`
	`2`	`+`
	`3`	`+github: [robjtede]`