-
Notifications
You must be signed in to change notification settings - Fork 42
136 lines (128 loc) Β· 3.78 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: CI
on:
- merge_group
- push
- pull_request
# Only build for latest push/PR unless it's main or release/
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }}
defaults:
run:
shell: bash
jobs:
lint-apparmor:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make apparmor
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Lint AppArmor profiles
run: |
make lint-apparmor
lint-desktop:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make desktop-file-utils
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Lint .desktop files
run: |
make lint-desktop
lint:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make file python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
poetry install
- name: Run lint
run: make lint
# Run `make lint` across all components
component-lint:
strategy:
fail-fast: false
matrix:
# proxy has no `make lint` because it is covered by `rust-lint`.
# qubesdb-tools has no `make lint` because it is covered by `lint`.
component:
- client
- export
- log
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make gnupg python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
poetry -C ${{ matrix.component }} install
if [[ "${{ matrix.component }}" == "client" || "${{ matrix.component }}" == "export" ]]; then
make -C ${{ matrix.component }} ci-install-deps
fi
- name: Run lint
run: make -C ${{ matrix.component }} lint
safety:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- run: |
apt-get update && apt-get install --yes git make python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Run safety
run: |
poetry install
poetry update safety
make safety
rust:
runs-on: ubuntu-latest
# Keep version in sync with rust-toolchain.toml
container: rust:1.81.0
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Configure Qubes repository
run: |
cp scripts/qubes_42.sources /etc/apt/sources.list.d/
source /etc/os-release
sed -i s/##VERSION_CODENAME##/${VERSION_CODENAME}/ /etc/apt/sources.list.d/qubes_42.sources
apt-get update && apt-get install --yes libclang-dev qubesdb-dev
- name: Install dependencies
run: |
rustup component add rustfmt
rustup component add clippy
- name: Lint and test Rust code
run: |
make rust-lint
make rust-test