Skip to content
PR Validation

chore: release #386

Sign in to view logs

chore: release

chore: release #386

Workflow file for this run

.github/workflows/pr.yml at 2d0f760
name: PR Validation
on:
workflow_dispatch:
push:
branches: [main]
pull_request:
branches: [main]
types: [opened, synchronize, reopened, ready_for_review, converted_to_draft]
jobs:
format:
name: Format Check
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.pull_request.draft == false
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
- uses: ./.github/actions/setup-rust
with:
components: rustfmt
- uses: ./.github/actions/install-tools
with:
tools: just
- name: Install ruff
uses: astral-sh/ruff-action@57714a7c8a2e59f32539362ba31877a1957dded1 # ratchet:astral-sh/ruff-action@v3
with:
args: "--version"
- name: Check formatting
run: just format --check
- name: Check documentation
run: just docs-check
lint:
name: Lint
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.pull_request.draft == false
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
- uses: ./.github/actions/setup-rust
with:
components: clippy
- uses: ./.github/actions/install-tools
with:
tools: just
- name: Clippy check
run: just lint
build:
name: Build
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.event.pull_request.draft == false
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
- uses: ./.github/actions/setup-rust
- uses: ./.github/actions/install-tools
with:
tools: just
- name: Debug build
run: just build
- name: Verify package
# Skip for release-plz PRs - bumped workspace deps won't exist on crates.io yet
if: ${{ !startsWith(github.head_ref, 'release-plz-') }}
run: just verify-package
- name: Check for unexpected changes
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "::error::Unexpected changes detected after build:"
git status --short
git diff
exit 1
fi
audit:
name: Security Audit
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.pull_request.draft == false
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
- uses: ./.github/actions/setup-rust
- uses: ./.github/actions/install-tools
with:
# cargo-deny 0.18.6+ required for CVSS 4.0 support
tools: just,cargo-audit,cargo-deny@0.18.9
- name: Security audit
run: just audit
semver:
name: Semver Check (Informational)
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.event.pull_request.draft == false
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
with:
fetch-depth: 0 # Required for cargo-semver-checks
- uses: ./.github/actions/setup-rust
- uses: ./.github/actions/install-tools
with:
tools: just,cargo-semver-checks
- name: Get merge base
id: merge-base
run: |
# Find the merge base between this PR and main
MERGE_BASE=$(git merge-base origin/main HEAD)
echo "sha=$MERGE_BASE" >> "$GITHUB_OUTPUT"
echo "Comparing against merge base: $MERGE_BASE"
- name: Check semver compatibility
id: semver
run: |
set +e
# Compare against the merge base with main, not the last published version
OUTPUT=$(cargo semver-checks --baseline-rev ${{ steps.merge-base.outputs.sha }} --color never 2>&1)
EXIT_CODE=$?
echo "$OUTPUT"
# Save output for comment (escape for multiline)
{
echo "output<<EOF"
echo "$OUTPUT"
echo "EOF"
} >> "$GITHUB_OUTPUT"
echo "has_breaking=$([[ $EXIT_CODE -ne 0 ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
# Always exit 0 - this is informational only, breaking changes are reported via PR comment
exit 0
- name: Comment on PR with breaking changes
if: steps.semver.outputs.has_breaking == 'true'
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # ratchet:marocchino/sticky-pull-request-comment@v2
with:
header: semver-check
message: |
## ⚠️ Semver Breaking Changes Detected
This PR introduces API changes that may be semver-incompatible (compared to main branch):
```
${{ steps.semver.outputs.output }}
```
<details>
<summary>What does this mean?</summary>
These changes may break downstream users if released as a patch or minor version.
Consider whether a major version bump is needed, or if the changes can be made backwards-compatible.
</details>
- name: Remove comment if no breaking changes
if: steps.semver.outputs.has_breaking == 'false'
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # ratchet:marocchino/sticky-pull-request-comment@v2
with:
header: semver-check
delete: true
workspace-consistency:
name: Workspace Consistency
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.pull_request.draft == false
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
- uses: ./.github/actions/setup-rust
- name: Check for duplicate dependencies
run: |
echo "Checking for duplicate dependencies across workspace..."
cargo tree --duplicates --workspace || echo "No duplicates found"
- name: Verify dependency tree
run: |
echo "Analyzing santa-data dependencies..."
cargo tree --edges normal --invert santa-data
echo "Analyzing sickle dependencies..."
cargo tree --edges normal --invert sickle
echo "Analyzing santa-cli dependencies..."
cargo tree -p santa --depth 3
package-isolation:
name: Package Isolation
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
- uses: ./.github/actions/setup-rust
- name: Test packages in isolation
run: |
echo "Testing santa-cli in isolation..."
cargo test -p santa --no-fail-fast
echo "Testing santa-data in isolation..."
cargo test -p santa-data --no-fail-fast
echo "Testing sickle in isolation..."
cargo test -p sickle --no-fail-fast