chore(deps): bump the cargo-minor-and-patch group across 1 directory with 5 updates #84
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| # callable from release.yml on tag push so the full CI suite runs against | |
| # the tagged sha before any artifact is built or published. | |
| workflow_call: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: "-D warnings" | |
| jobs: | |
| fmt: | |
| name: cargo fmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --all -- --check | |
| clippy: | |
| name: cargo clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| with: | |
| components: clippy | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: workspace | |
| # workspace clippy with `integration` enabled. covers the parse-only | |
| # signal previously carried by the dedicated `cargo check` gate. the | |
| # feature is tests-only (mars: `integration = []`, mars-source-postgres: | |
| # `integration = ["dep:testcontainers"]`); no library code is gated. | |
| - run: cargo clippy --workspace --all-targets --features integration --locked -- -D warnings | |
| # tests/parity is excluded from the root workspace (needs docker for | |
| # testcontainers + an external fixture dump). lint it via path manifest | |
| # so the parity workspace stays parse-checked on every PR. | |
| - run: cargo clippy --manifest-path tests/parity/Cargo.toml --all-targets --locked -- -D warnings | |
| test: | |
| name: cargo nextest | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: workspace | |
| - uses: taiki-e/install-action@v2 | |
| with: | |
| tool: nextest | |
| # nextest runs libtest + integration tests with per-test process isolation | |
| # and parallel scheduling. doctests are not yet supported, so the | |
| # `cargo test --doc` step below covers them. | |
| - run: cargo nextest run --workspace --locked --all-targets | |
| - run: cargo test --doc --workspace --locked | |
| deps: | |
| name: dependency rule + cargo-deny | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: deps | |
| - name: install jq | |
| run: sudo apt-get update -qq && sudo apt-get install -y -qq jq | |
| - name: hexagonal architecture check | |
| run: ./scripts/check-hexagonal-architecture.sh | |
| # split so RUSTSEC advisory failures surface as a distinct step. | |
| # vulnerabilities always error under [advisories] version = 2. | |
| - name: cargo-deny advisories (RUSTSEC) | |
| uses: EmbarkStudios/cargo-deny-action@a531616d8ce3b9177443e48a1159bc945a099823 # v2.0.19 | |
| with: | |
| command: check advisories | |
| arguments: --all-features | |
| - name: cargo-deny bans + licenses + sources | |
| uses: EmbarkStudios/cargo-deny-action@a531616d8ce3b9177443e48a1159bc945a099823 # v2.0.19 | |
| with: | |
| command: check bans licenses sources | |
| arguments: --all-features | |
| cue-schema: | |
| name: cue schema lockstep | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: workspace | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| # repo has no go.mod; go is only used to `go install` the cue CLI, | |
| # so the default module-cache restore has nothing to match and warns. | |
| cache: false | |
| - name: install cue | |
| run: go install cuelang.org/go/cmd/cue@v0.16.1 | |
| - name: check cue schema lockstep | |
| run: | | |
| export PATH="$HOME/go/bin:$PATH" | |
| ./scripts/check-cue-schema.sh | |
| helm: | |
| name: helm lint + kubeconform | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: install helm | |
| uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 | |
| with: | |
| version: v3.16.1 | |
| - name: install kubeconform | |
| run: | | |
| curl -fsSL https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-linux-amd64.tar.gz \ | |
| | tar -xz -C /usr/local/bin kubeconform | |
| - name: helm lint | |
| run: helm lint charts/mars-operator | |
| - name: helm template + kubeconform | |
| run: | | |
| helm template mars-operator charts/mars-operator --namespace mars-system \ | |
| | kubeconform -strict -ignore-missing-schemas -summary | |
| crd-drift: | |
| name: CRD drift check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: workspace | |
| - name: regenerate CRD | |
| run: ./scripts/generate-crd.sh | |
| - name: fail on drift | |
| run: | | |
| if ! git diff --exit-code \ | |
| charts/mars-operator/templates/crd.yaml \ | |
| charts/mars-operator/templates/crd-preserve.yaml; then | |
| echo "::error::CRD drifted. Run scripts/generate-crd.sh and commit the result." | |
| exit 1 | |
| fi | |
| clusterrole-drift: | |
| name: ClusterRole drift check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: workspace | |
| - name: regenerate ClusterRole | |
| run: ./scripts/generate-clusterrole.sh | |
| - name: fail on drift | |
| run: | | |
| if ! git diff --exit-code charts/mars-operator/templates/clusterrole.yaml; then | |
| echo "::error::ClusterRole drifted. Run scripts/generate-clusterrole.sh and commit the result." | |
| exit 1 | |
| fi | |
| no-yaml-load: | |
| name: no production mars_config::load callers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: assert no yaml load callers outside allowlist | |
| run: ./scripts/check-no-yaml-load.sh | |
| rustdoc: | |
| name: rustdoc (broken-intra-doc-links) | |
| runs-on: ubuntu-latest | |
| env: | |
| RUSTDOCFLAGS: "-D rustdoc::broken-intra-doc-links" | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: rustdoc | |
| - run: cargo doc --no-deps --document-private-items --workspace --locked | |
| msrv: | |
| name: msrv check (rust 1.95.0) | |
| runs-on: ubuntu-latest | |
| # hardcoded to the toolchain pinned in rust-toolchain.toml. gates `check`, | |
| # not `test`: dev-dependencies may transitively exceed MSRV. | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| with: | |
| toolchain: 1.95.0 | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: msrv | |
| - run: cargo check --workspace --locked --all-targets | |
| coverage: | |
| name: cargo-llvm-cov (lcov) | |
| runs-on: ubuntu-latest | |
| # non-blocking initially: surface coverage as an artifact without gating | |
| # PRs. promote to required once the signal stabilizes. | |
| continue-on-error: true | |
| timeout-minutes: 45 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable | |
| with: | |
| components: llvm-tools-preview | |
| - uses: rui314/setup-mold@9c9c13bf4c3f1adef0cc596abc155580bcb04444 # v1 | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| shared-key: coverage | |
| - uses: taiki-e/install-action@f48d2f8ba2b452934c948b7be1a768079c3632ff # v2.79.6 | |
| with: | |
| tool: cargo-llvm-cov | |
| - name: collect coverage (lcov) | |
| run: | | |
| cargo llvm-cov --workspace --locked --all-targets \ | |
| --lcov --output-path lcov.info | |
| - name: upload lcov artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: lcov-${{ github.run_id }} | |
| path: lcov.info | |
| if-no-files-found: error | |
| retention-days: 14 |