Skip to content

Improve CI permissions, auto-merge maintainability, and clarity #1668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Nov 12, 2024
Merged

Improve CI permissions, auto-merge maintainability, and clarity #1668

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
7eeeee2
Make YAML style clearer and more consistent
EliahKagan Nov 9, 2024
f41a58c
Make GHA permissions explicit and often narrower
EliahKagan Nov 9, 2024
44ff412
Further improve GitHub Actions workflow code style
EliahKagan Nov 11, 2024
e45ea25
Remove the old disabled Dependabot configuration
EliahKagan Nov 11, 2024
20794ff
Name the steps of the `test-pass` CI job
EliahKagan Nov 11, 2024
4e672ef
Check that all omissions from `tests-pass` are intentional
EliahKagan Nov 11, 2024
7b7a819
Refine the new `check-blocking` job
EliahKagan Nov 11, 2024
eba50ae
Allow the `check-blocking` job to pass (when it should)
EliahKagan Nov 11, 2024
87670a6
Bump cargo-diet and run it slightly more cleanly
EliahKagan Nov 11, 2024
253b716
Have `wasm` job fail the workflow but not block auto-merge
EliahKagan Nov 11, 2024
4564a64
Remove empty pull request template
EliahKagan Nov 11, 2024
5173e9a
update all dependencies to help wtih cargo-deny
Byron Nov 12, 2024
132696d
Also clear the target before running journey tests.
Byron Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Check that all omissions from tests-pass are intentional 
This intentionally fails right now, by omitting `tests-pass` itself
as a job that `tests-pass` should not depend on, in order to ensure
that it is able to fail. Once this is observed (and any other bugs
fixed), this omission should be corrected, and then it should pass.
  • Loading branch information
@EliahKagan
EliahKagan committed Nov 11, 2024
commit 4e672ef9b62287a5940787a3fcf97e97976ccd03
37 changes: 37 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,42 @@ jobs:
git status
git diff --exit-code

# Check that only jobs intended not to block PR auto-merge are omitted as
# dependencies of the `tests-pass` job below, so that whenever a job is
# added, a decision is made about whether it must pass for PRs to merge.
check-blocking:
runs-on: ubuntu-latest

env:
# List all jobs that are intended NOT to block PR auto-merge here.
# FIXME: After ensuring this can fail, add `test-pass` below to fix it.
EXPECTED_NONBLOCKING_JOBS: |-
test-fixtures-windows
# tests-pass

defaults:
run:
shell: bash # Without specifying this, we don't get `-o pipefail`.

steps:
- name: Find this workflow
run: |
relative_workflow_with_ref="${GITHUB_WORKFLOW_REF#"$GITHUB_REPOSITORY/"}"
echo "WORKFLOW_PATH=${relative_workflow_with_ref%@*}" >> "$GITHUB_ENV"
- uses: actions/checkout@v4
with:
sparse-checkout: ${{ env.WORKFLOW_PATH }}
- name: Get all jobs
run: yq '.jobs | keys.[]' -- "$WORKFLOW_PATH" | sort > all-jobs.txt
- name: Get blocking jobs
run: yq '.jobs.tests-pass.needs.[]' -- "$WORKFLOW_PATH" | sort > blocking-jobs.txt
- name: Get jobs we intend do not block
run: sort <<<"$EXPECTED_NONBLOCKING_JOBS" > expected-nonblocking-jobs.txt
- name: Check that each job blocks PRs xor intentionally doesn't
run: |
sort -m blocking-jobs.txt expected-nonblocking-jobs.txt |
diff --color=always -U1000 -- - all-jobs.txt

# Dummy job to have a stable name for the "all tests pass" requirement
tests-pass:
name: Tests pass
Expand All @@ -302,6 +338,7 @@ jobs:
- cargo-deny
- wasm
- check-packetline
- check-blocking

if: always() # always run even if dependencies fail

Expand Down