Skip to content

Latest commit

 

History

History
89 lines (57 loc) · 4.34 KB

ci.md

File metadata and controls

89 lines (57 loc) · 4.34 KB
Raw

CI

GitHub Actions

Workflows

Workflow Trigger Role
audit Schedule Audit security
ci Push, PR Test, Lint, Coverage
release TagPush Distribution, GitHub Release
release_image TagPush PushDockerImage
terraform_apply PR Run terraform apply
terraform_plan Push Run terraform paln
website Push, PR Update website

audit

It is scheduled to run periodically, updating the advisory database for cargo audit to the latest version before executing cargo audit

ci

Continuous integration is executed, and test coverage is uploaded to Codecov.
When Dependabot updates dependencies and it is a patch version, it automatically merges the changes.

release

The workflow generated by cargo dist crates binaries and a GitHub release when a tag is pushed.
Whether a package is included in this workflow is controlled by the [package.metadata.dist.dist] section in the Cargo.toml file.

release_image

Build the package's docker image and push it to the registry

terraform_apply

This workflow is triggered when a PR is marged into the main branch.
It runs terraform apply and posts the result as a comment on the PR.
The terraform state is stored on Hashicorp Cloud.

terraform_plan

This workflow will be griggered when terraform-related files are modified.
It runs terraform plan and posts the result as a comment on the PR.
The terraform state is stored on Hashicorp Cloud.

website

The workflow generated by oranda generate ci uploads the project's website to GitHub Pages.

Secrets

Secret Usage GeneratedAt ManagedBy
CACHIX_AUTH_TOKEN Read and Write cachix cache cachix @ymgyt
CODECOV_TOKEN Upload test coverage to codecov codecov @ymgyt
HOMEBREW_TAP_TOKEN Push to homebrew repo by cargo-dist github @ymgyt
NPM_TOKEN Push to npm registry by cargo-dist npm @ymgyt
TF_TOKEN_APP_TERRAFORM_IO Authenticate with terraform cloud to store state terraform cloud @ymgyt
GRAFANA_SA_TOKEN Service account token for grafana cloud grafana cloud @ymgyt

HOMEBREW_TAP_TOKEN

NPM_TOKEN

  • cargo-dist doc
  • Packages and scopes: Read and write
    • Select packages: All packages (NOTE: because the package does not yet exist, you must pick this. However, you can (and probably should!) update this to scope the token to a single package after publish. This is sadly a limitation of the npm token system.)
    • Organizations: No access