Added bulk reassignment of workspaces roles #10611
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| workflow_dispatch: | |
| merge_group: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - releases/* | |
| # We set `concurrency` to prevent having this workflow being run on code that is not up-to-date on a PR (a user make multiple push in a quick manner). | |
| # But on the main branch, we don't want that behavior. | |
| # Having the workflow run on each merge commit is something we would like, that could help us where a regression was made and missed by previous checks. | |
| # | |
| # For that we use `head_ref` that is only defined on `pull-request` and fallback to `run_id` (this is a counter, so it's value is unique between workflow call). | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| dispatch: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| rust: ${{ steps.need-check.outputs.rust }} | |
| python: ${{ steps.need-check.outputs.python }} | |
| web: ${{ steps.need-check.outputs.web }} | |
| docs: ${{ steps.need-check.outputs.docs }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # pin v3.5.2 | |
| timeout-minutes: 5 | |
| - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # pin v2.11.1 | |
| id: changes | |
| with: | |
| list-files: shell | |
| filters: .github/filters/ci.yml | |
| timeout-minutes: 5 | |
| - name: Determine which workflows need to be run | |
| id: need-check | |
| run: | | |
| set -eux -o pipefail | |
| for check in $(env | grep -o 'NEED_CHECK_\w*' ); do | |
| env_value=$(eval "echo \$$check") | |
| echo "${check#NEED_CHECK_}=$env_value" | |
| done | tee -a $GITHUB_OUTPUT | |
| env: | |
| NEED_CHECK_rust: ${{ github.ref == 'refs/heads/master' || steps.changes.outputs.rust-jobs == 'true' }} | |
| NEED_CHECK_web: ${{ github.ref == 'refs/heads/master' || steps.changes.outputs.web-jobs == 'true' }} | |
| NEED_CHECK_python: ${{ github.ref == 'refs/heads/master' || steps.changes.outputs.python-jobs == 'true' }} | |
| NEED_CHECK_docs: ${{ steps.changes.outputs.docs-jobs == 'true' }} | |
| # Github PR merging is configured to only require this job to pass | |
| ci-is-happy: | |
| name: ⭐ CI is happy ⭐ | |
| needs: | |
| - dispatch | |
| - quality-assurance | |
| - python | |
| - rust | |
| - web | |
| - spelling | |
| - docs | |
| runs-on: ubuntu-latest | |
| if: always() | |
| # Just a fail-safe timeout, see the fine grain per-task timeout instead | |
| timeout-minutes: 2 | |
| steps: | |
| - name: Requirement fullfiled | |
| run: | | |
| #!python3 | |
| import os | |
| import json | |
| needs = json.loads(os.environ["NEEDS"]) | |
| print("NEEDS:", json.dumps(needs, indent=4), sep="\n") | |
| # Check jobs aren't failed or cancelled. | |
| for name, job in needs.items(): | |
| if job["result"] in ("cancelled", "failure"): | |
| raise ValueError(f"The job `{name}` is in a invalid state: {job['result']}") | |
| # Check required jobs, here we just need to check that the state is `success` and not `skipped`. | |
| for job_name, required in needs["dispatch"]["outputs"].items(): | |
| if job_name not in needs: | |
| print(f"Job: `{job_name}` isn't required!") | |
| continue | |
| assert required in ("true", "false") | |
| job_result = needs[job_name]["result"] | |
| if required == "true" and job_result != "success": | |
| raise ValueError( | |
| f"The required job `{job_name}` should be in a success state but is not (state={job_result})" | |
| ) | |
| env: | |
| NEEDS: ${{ toJSON(needs) }} | |
| shell: python | |
| spelling: | |
| uses: ./.github/workflows/cspell.yml | |
| ############################################################################## | |
| # 📊 Q&A # | |
| ############################################################################## | |
| quality-assurance: | |
| name: 📊 Q&A | |
| # All linux jobs must run the same ubuntu version to avoid Rust caching issues ! | |
| runs-on: ubuntu-20.04 | |
| # Just a fail-safe timeout, see the fine grain per-task timeout instead | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # pin v3.5.2 | |
| timeout-minutes: 5 | |
| - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # pin v2.11.1 | |
| id: newsfragment-have-changed | |
| with: | |
| list-files: shell | |
| filters: | | |
| all: | |
| - added|modified: '**' | |
| newsfragments: | |
| - newsfragments/** | |
| - name: Check tools version | |
| run: | | |
| echo "::add-matcher::.github/custom-problem-matchers/version-updater.json" | |
| python3 --version | |
| python3 misc/version_updater.py --check | |
| echo "::remove-matcher owner=version-updater::" | |
| timeout-minutes: 2 | |
| - name: Check Commit Signature | |
| run: python .github/scripts/check_commit_signature.py | |
| - name: Check News fragments | |
| if: | | |
| github.event_name == 'pull_request' | |
| && !( | |
| startsWith(github.head_ref, 'releases/') | |
| || startsWith(github.head_ref, 'revert') | |
| || startsWith(github.head_ref, 'acknowledge') | |
| ) | |
| && steps.newsfragment-have-changed.outputs.newsfragments == 'true' | |
| run: | | |
| whereis git | |
| git fetch origin ${{ github.base_ref }} | |
| python .github/scripts/check_newsfragments.py --base=${{ github.base_ref }} | |
| timeout-minutes: 5 | |
| - name: Patch pre-commit for line-ending | |
| id: patched-pre-commit-config | |
| run: | | |
| TEMP_FILE=$(mktemp) | |
| sed '/id: mixed-line-ending/a\ args: [ --fix=lf ]' .pre-commit-config.yaml > $TEMP_FILE | |
| diff --unified .pre-commit-config.yaml $TEMP_FILE || true | |
| echo "path=$TEMP_FILE" >> $GITHUB_OUTPUT | |
| # Clippy basically compile the project, hence it's faster to run it in | |
| # the test-rust-matrix job where compilation cache is reused ! | |
| - uses: ./.github/actions/use-pre-commit | |
| with: | |
| # On main branch or in the merge queue we provide an empty string for the changes files, | |
| # thus running pre-commit on all files | |
| changed-files: >- | |
| ${{ | |
| (github.ref == 'refs/heads/master' | |
| || contains(github.ref, 'gh-readonly-queue')) && '' || steps.changes.outputs.all_files | |
| }} | |
| config-file: ${{ steps.patched-pre-commit-config.outputs.path }} | |
| env: | |
| SKIP: clippy,fmt,cspell,ruff,black,mypy,eslint | |
| timeout-minutes: 5 | |
| python: | |
| needs: | |
| - dispatch | |
| if: needs.dispatch.outputs.python == 'true' | |
| uses: ./.github/workflows/ci-python.yml | |
| rust: | |
| needs: | |
| - dispatch | |
| if: needs.dispatch.outputs.rust == 'true' | |
| uses: ./.github/workflows/ci-rust.yml | |
| web: | |
| needs: | |
| - dispatch | |
| if: needs.dispatch.outputs.web == 'true' | |
| uses: ./.github/workflows/ci-web.yml | |
| docs: | |
| needs: | |
| - dispatch | |
| if: needs.dispatch.outputs.docs == 'true' | |
| uses: ./.github/workflows/ci-docs.yml |