Support signature verification (minisign) #2092
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| permissions: | |
| contents: read | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| schedule: | |
| - cron: '0 0,6,12,18 * * *' | |
| workflow_dispatch: | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_NET_GIT_FETCH_WITH_CLI: true | |
| CARGO_NET_RETRY: 10 | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| RUSTFLAGS: -D warnings | |
| RUSTUP_MAX_RETRIES: 10 | |
| defaults: | |
| run: | |
| shell: bash | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| jobs: | |
| tidy: | |
| uses: taiki-e/workflows/.github/workflows/tidy.yml@main | |
| test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-20.04 | |
| - os: ubuntu-22.04 | |
| - os: ubuntu-22.04 | |
| tool: major.minor.patch | |
| - os: ubuntu-22.04 | |
| tool: major.minor | |
| - os: ubuntu-22.04 | |
| tool: major | |
| - os: macos-11 | |
| - os: macos-12 | |
| - os: macos-13 | |
| - os: windows-2019 | |
| - os: windows-2022 | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 60 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| # cross attempts to install rust-src when Cargo.toml is available even if `cross --version` | |
| - run: rm Cargo.toml | |
| - name: Generate tool list | |
| id: tool-list | |
| run: tools/ci/tool-list.sh "${{ matrix.tool }}" >>"${GITHUB_OUTPUT}" | |
| - uses: ./ | |
| with: | |
| tool: ${{ steps.tool-list.outputs.tool }} | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
| - name: Test bash | |
| run: just --version; shfmt --version; protoc --version | |
| shell: bash | |
| - name: Test sh | |
| run: just --version; shfmt --version; protoc --version | |
| shell: sh | |
| if: startsWith(matrix.os, 'ubuntu') || startsWith(matrix.os, 'macos') | |
| - name: Test pwsh | |
| run: just --version; shfmt --version; protoc --version | |
| shell: pwsh | |
| - name: Test powershell | |
| run: just --version; shfmt --version; protoc --version | |
| shell: powershell | |
| if: startsWith(matrix.os, 'windows') | |
| - name: Test cmd | |
| run: just --version & shfmt --version & protoc --version | |
| shell: cmd | |
| if: startsWith(matrix.os, 'windows') | |
| # We use the version output to check the version of binstall, but they | |
| # several times change the version output format in the past so we need to | |
| # check it with CI. (e.g., 0.14.0->0.16.0 update change it | |
| # from "cargo-binstall <version>" to "<version>") | |
| - run: | | |
| if [[ "$(cargo binstall -V)" != "$(jq -r '.latest.version' manifests/cargo-binstall.json)" ]]; then | |
| exit 1 | |
| fi | |
| test-container: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| container: | |
| - ubuntu:18.04 # glibc 2.27 | |
| - ubuntu:20.04 # glibc 2.31 | |
| - ubuntu:22.04 # glibc 2.35 | |
| - debian:10-slim # glibc 2.28 | |
| - debian:11-slim # glibc 2.31 | |
| - debian:12-slim # glibc 2.36 | |
| - fedora:latest # glibc 2.37 (as of fedora 38) | |
| - almalinux:8 # glibc 2.28 | |
| - almalinux:8-minimal # glibc 2.28 | |
| - almalinux:9 # glibc 2.34 | |
| - almalinux:9-minimal # glibc 2.34 | |
| - centos:7 # glibc 2.17 | |
| - alpine:latest # musl 1.2.4 (as of alpine 3.18) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| container: ${{ matrix.container }} | |
| steps: | |
| - name: Install requirements (ubuntu/debian) | |
| run: | | |
| set -euxo pipefail | |
| apt-get -o Acquire::Retries=10 -qq update | |
| apt-get -o Acquire::Retries=10 -o Dpkg::Use-Pty=0 install -y --no-install-recommends cargo | |
| if: startsWith(matrix.container, 'ubuntu') || startsWith(matrix.container, 'debian') | |
| - name: Install requirements (fedora/almalinux/centos) | |
| run: | | |
| set -euxo pipefail | |
| if ! type -P dnf &>/dev/null && type -P microdnf &>/dev/null; then | |
| # tar and gzip are required for actions/checkout on *-minimal images | |
| microdnf install -y tar gzip | |
| fi | |
| curl --proto '=https' --tlsv1.2 -fsSL --retry 10 https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain stable | |
| echo "$HOME/.cargo/bin" >>"${GITHUB_PATH}" | |
| if: startsWith(matrix.container, 'fedora') || startsWith(matrix.container, 'almalinux') || startsWith(matrix.container, 'centos') | |
| - name: Install requirements (alpine) | |
| run: | | |
| set -eux | |
| apk --no-cache add bash cargo | |
| shell: sh | |
| if: startsWith(matrix.container, 'alpine') | |
| - uses: actions/checkout@v3 # TODO: actions/checkout@v4 requires glibc 2.28+ | |
| with: | |
| persist-credentials: false | |
| # cross attempts to install rust-src when Cargo.toml is available even if `cross --version` | |
| - run: rm Cargo.toml | |
| - name: Generate tool list | |
| id: tool-list | |
| run: tools/ci/tool-list.sh >>"${GITHUB_OUTPUT}" | |
| - uses: ./ | |
| with: | |
| tool: ${{ steps.tool-list.outputs.tool }} | |
| test-no-cargo: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| container: ubuntu:22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Generate tool list | |
| id: tool-list | |
| run: tools/ci/tool-list.sh >>"${GITHUB_OUTPUT}" | |
| - uses: ./ | |
| with: | |
| tool: ${{ steps.tool-list.outputs.tool }} | |
| manifest: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust | |
| run: rustup toolchain add nightly --no-self-update && rustup default nightly | |
| - run: tools/manifest.sh | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - id: diff | |
| run: tools/ci/manifest.sh | |
| if: github.repository_owner == 'taiki-e' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main') | |
| - uses: peter-evans/create-pull-request@v5 | |
| with: | |
| title: Update manifest | |
| body: | | |
| Auto-generated by [create-pull-request](https://github.com/peter-evans/create-pull-request) | |
| branch: update-manifest | |
| token: ${{ secrets.CREATE_PR_TOKEN }} | |
| if: github.repository_owner == 'taiki-e' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main') && steps.diff.outputs.success == 'false' | |
| - run: git add -N . && git diff --exit-code |