Skip to content

Silence RUSTSEC-2023-0086 #12800

Silence RUSTSEC-2023-0086

Silence RUSTSEC-2023-0086 #12800

Workflow file for this run

# Jobs that only run for developers on the `rerun` team.
# We have to ensure that these jobs _only_ run for PRs inside the `rerun-io` organization
# this is done using the following check, added to every job:
# if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
# (unfortunately this does not work on the trigger or the entire `jobs` category)
name: Pull-Request
on:
pull_request:
types:
- opened
- synchronize
permissions: write-all
# These jobs use fairly short names as they are a prefix in the display hierarchy
jobs:
checks:
name: Checks
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
uses: ./.github/workflows/reusable_checks.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
CHANNEL: pr
secrets: inherit
cpp-paths-filter:
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
runs-on: ubuntu-latest
outputs:
cpp_changes: ${{ steps.filter.outputs.cpp_changes }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
cpp_changes:
# - .github/**/*.yml - this is tempting, but leads to constant rebuilds
- pixi.lock # maybe out build commands have changed
- pixi.toml # maybe out build commands have changed
- scripts/ci/*
- '**/*.hpp'
- '**/*.cpp'
- '**/CMakeLists.txt'
- '**/*cmake'
docs-paths-filter:
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
runs-on: ubuntu-latest
outputs:
docs_changes: ${{ steps.filter.outputs.docs_changes }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
docs_changes:
# - .github/**/*.yml - this is tempting, but leads to constant rebuilds
- pixi.lock # maybe out build commands have changed
- pixi.toml # maybe out build commands have changed
- scripts/ci/*
- 'docs/content/**/*.md'
- 'examples/**/*.md'
- 'examples/manifest.toml'
python-paths-filter:
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
runs-on: ubuntu-latest
outputs:
python_changes: ${{ steps.filter.outputs.python_changes }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
python_changes:
# - .github/**/*.yml - this is tempting, but leads to constant rebuilds
- pixi.lock # maybe out build commands have changed
- pixi.toml # maybe out build commands have changed
- scripts/ci/*
- '**/*.py'
- '**/requirements.txt'
- '**/pyproject.toml'
rust-paths-filter:
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
runs-on: ubuntu-latest
outputs:
rust_changes: ${{ steps.filter.outputs.rust_changes }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
rust_changes:
# - .github/**/*.yml - this is tempting, but leads to constant rebuilds
- Cargo.lock
- pixi.lock # maybe out build commands have changed
- pixi.toml # maybe out build commands have changed
- scripts/ci/*
- "**/*.rs"
- "**/*.toml"
web-paths-filter:
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
runs-on: ubuntu-latest
outputs:
web_changes: ${{ steps.filter.outputs.web_changes }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
web_changes:
# - .github/**/*.yml - this is tempting, but leads to constant rebuilds
- Cargo.lock
- pixi.lock # maybe out build commands have changed
- pixi.toml # maybe out build commands have changed
- scripts/ci/*
- "**/*.html"
- "**/*.js"
- "**/*.json"
- "**/*.rs"
- "**/*.toml"
- "**/yarn.lock"
- "crates/viewer/re_ui/data/**"
rust-checks:
name: "Rust Checks"
needs: rust-paths-filter
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && needs.rust-paths-filter.outputs.rust_changes == 'true'
uses: ./.github/workflows/reusable_checks_rust.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
CHANNEL: pr
secrets: inherit
python-checks:
name: "Python Checks"
needs: python-paths-filter
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && needs.python-paths-filter.outputs.python_changes == 'true'
uses: ./.github/workflows/reusable_checks_python.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
secrets: inherit
cpp-tests:
name: "C++ tests"
needs: cpp-paths-filter
if: needs.cpp-paths-filter.outputs.cpp_changes == 'true'
uses: ./.github/workflows/reusable_checks_cpp.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
CHANNEL: pr
secrets: inherit
min-cli-build:
name: "Minimum CLI Build"
needs: [python-paths-filter, rust-paths-filter]
if: needs.python-paths-filter.outputs.python_changes == 'true' || needs.rust-paths-filter.outputs.rust_changes == 'true'
uses: ./.github/workflows/reusable_build_and_upload_rerun_cli.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
PLATFORM: linux-x64
secrets: inherit
# Build and test a single wheel to limit CI cost. We use linux-x64 because it's fast. linux-arm64 would also be a good
# choice, but reusable_test_wheels.yml is broken for that target (https://github.com/rerun-io/rerun/issues/5525)
min-wheel-build:
name: "Minimum Wheel Build"
needs: [min-cli-build, python-paths-filter, rust-paths-filter]
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && (needs.python-paths-filter.outputs.python_changes == 'true' || needs.rust-paths-filter.outputs.rust_changes == 'true')
uses: ./.github/workflows/reusable_build_and_upload_wheels.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
MODE: "pr"
PLATFORM: linux-x64
WHEEL_ARTIFACT_NAME: "linux-x64-wheel-fast"
secrets: inherit
min-wheel-test:
name: "Minimum Wheel Test"
needs: [min-wheel-build, python-paths-filter, rust-paths-filter]
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && (needs.python-paths-filter.outputs.python_changes == 'true' || needs.rust-paths-filter.outputs.rust_changes == 'true')
uses: ./.github/workflows/reusable_test_wheels.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
PLATFORM: linux-x64
WHEEL_ARTIFACT_NAME: "linux-x64-wheel-fast"
FAST: true
secrets: inherit
build-js:
name: "Build rerun_js"
needs: [web-paths-filter]
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && needs.web-paths-filter.outputs.web_changes == 'true'
uses: ./.github/workflows/reusable_build_js.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
secrets: inherit
build-web:
name: "Build web viewer"
needs: [web-paths-filter]
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && needs.web-paths-filter.outputs.web_changes == 'true'
uses: ./.github/workflows/reusable_build_web.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
CHANNEL: main
secrets: inherit
upload-web:
name: "Upload Web"
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
needs: [build-web]
uses: ./.github/workflows/reusable_upload_web.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
PR_NUMBER: ${{ github.event.pull_request.number }}
secrets: inherit
save-pr-summary:
name: "Save PR Summary"
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
needs: [upload-web]
uses: ./.github/workflows/reusable_pr_summary.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
PR_NUMBER: ${{ github.event.pull_request.number }}
secrets: inherit
update-pr-body:
name: "Update PR Body"
if: github.event.pull_request.head.repo.owner.login == 'rerun-io'
uses: ./.github/workflows/reusable_update_pr_body.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
PR_NUMBER: ${{ github.event.pull_request.number }}
secrets: inherit
deploy-landing-preview:
name: "Deploy Landing Preview"
if: github.event.pull_request.head.repo.owner.login == 'rerun-io' && needs.docs-paths-filter.outputs.docs_changes == 'true'
needs: docs-paths-filter
uses: ./.github/workflows/reusable_deploy_landing_preview.yml
with:
CONCURRENCY: pr-${{ github.event.pull_request.number }}
PR_NUMBER: ${{ github.event.pull_request.number }}
secrets: inherit