-
Notifications
You must be signed in to change notification settings - Fork 42
124 lines (116 loc) · 3.48 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: CI
on:
- merge_group
- push
- pull_request
# Only build for latest push/PR unless it's main or release/
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }}
defaults:
run:
shell: bash
jobs:
lint-apparmor:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make apparmor
- uses: actions/checkout@v4
- name: Lint AppArmor profiles
run: |
make lint-apparmor
lint-desktop:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make desktop-file-utils
- uses: actions/checkout@v4
- name: Lint .desktop files
run: |
make lint-desktop
lint:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make file python3-poetry
- uses: actions/checkout@v4
- name: Install dependencies
run: |
poetry install
- name: Run lint
run: make lint
# Run `make lint` across all components
component-lint:
strategy:
fail-fast: false
matrix:
# proxy has no `make lint` because it is covered by `rust-lint`.
# qubesdb-tools has no `make lint` because it is covered by `lint`.
component:
- client
- export
- log
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make gnupg python3-poetry
- uses: actions/checkout@v4
- name: Install dependencies
run: |
poetry -C ${{ matrix.component }} install
if [[ "${{ matrix.component }}" == "client" || "${{ matrix.component }}" == "export" ]]; then
make -C ${{ matrix.component }} ci-install-deps
fi
- name: Run lint
run: make -C ${{ matrix.component }} lint
safety:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- run: |
apt-get update && apt-get install --yes git make python3-poetry
- uses: actions/checkout@v4
- name: Run safety
run: |
poetry install
poetry update safety
make safety
rust:
runs-on: ubuntu-latest
# Keep version in sync with rust-toolchain.toml
container: rust:1.81.0
steps:
- uses: actions/checkout@v4
- name: Configure Qubes repository
run: |
cp scripts/qubes_42.sources /etc/apt/sources.list.d/
source /etc/os-release
sed -i s/##VERSION_CODENAME##/${VERSION_CODENAME}/ /etc/apt/sources.list.d/qubes_42.sources
apt-get update && apt-get install --yes libclang-dev qubesdb-dev
- name: Install dependencies
run: |
rustup component add rustfmt
rustup component add clippy
- name: Lint and test Rust code
run: |
make rust-lint
make rust-test