name: CI on: push: branches: [ main ] tags: - 'v*' pull_request: branches: [ main ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: CARGO_TERM_COLOR: always CARGO_NET_GIT_FETCH_WITH_CLI: "true" SCCACHE_GHA_ENABLED: "true" RUSTC_WRAPPER: "sccache" jobs: opa-lint: name: Lint and test OPA policies runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Setup OPA uses: open-policy-agent/setup-opa@v2.2.0 with: version: 0.64.1 - name: Lint policies working-directory: ./policies run: make lint - name: Run OPA tests working-directory: ./policies run: make test frontend-lint: name: Check frontend style runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install Node uses: actions/setup-node@v4.0.2 with: node-version: 20 - name: Install Node dependencies working-directory: ./frontend run: npm ci - name: Lint working-directory: ./frontend run: npm run lint frontend-test: name: Run the frontend test suite runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install Node uses: actions/setup-node@v4.0.2 with: node-version: 20 - name: Install Node dependencies working-directory: ./frontend run: npm ci - name: Test working-directory: ./frontend run: npm test rustfmt: name: Check Rust style runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install toolchain run: | rustup toolchain install nightly rustup default nightly rustup component add rustfmt - name: Check style run: cargo fmt --all -- --check cargo-deny: name: Run `cargo deny` checks runs-on: ubuntu-latest env: # We need to remove the sccache wrapper because we don't install it in this job RUSTC_WRAPPER: "" permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Run `cargo-deny` uses: EmbarkStudios/cargo-deny-action@v1.6.3 check-schema: name: Check schema runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install Rust toolchain run: | rustup toolchain install stable rustup default stable - name: Setup sccache uses: mozilla-actions/sccache-action@v0.0.5 - name: Install Node uses: actions/setup-node@v4.0.2 with: node-version: 20 - name: Install Node dependencies working-directory: ./frontend run: npm ci - name: Update the schemas run: sh ./misc/update.sh - name: Check that the workspace is clean run: | if ! [[ -z $(git status -s) ]]; then echo "::error title=Workspace is not clean::Please run 'sh ./misc/update.sh' and commit the changes" ( echo '## Diff after running `sh ./misc/update.sh`:' echo echo '```diff' git diff echo '```' ) >> $GITHUB_STEP_SUMMARY exit 1 fi clippy: name: Run Clippy needs: [rustfmt, opa-lint] runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install toolchain run: | rustup toolchain install 1.78.0 rustup default 1.78.0 rustup component add clippy - name: Setup OPA uses: open-policy-agent/setup-opa@v2.2.0 with: version: 0.64.1 - name: Compile OPA policies working-directory: ./policies run: make - name: Setup sccache uses: mozilla-actions/sccache-action@v0.0.5 - name: Run clippy run: | cargo clippy --workspace --tests --bins --lib -- -D warnings test: name: Run test suite with Rust stable needs: [rustfmt, opa-lint] runs-on: ubuntu-latest permissions: contents: read services: postgres: image: docker.io/library/postgres:15.3 env: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: postgres options: >- --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 ports: - "5432:5432" steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install toolchain run: | rustup toolchain install stable rustup default stable - name: Install Node uses: actions/setup-node@v4.0.2 with: node-version: 20 - name: Install Node dependencies working-directory: ./frontend run: npm ci - name: Build the frontend working-directory: ./frontend run: npm run build - name: Setup OPA uses: open-policy-agent/setup-opa@v2.2.0 with: version: 0.64.1 - name: Compile OPA policies working-directory: ./policies run: make - name: Setup sccache uses: mozilla-actions/sccache-action@v0.0.5 - name: Test id: test env: DATABASE_URL: postgresql://postgres:postgres@localhost/postgres SQLX_OFFLINE: '1' run: | cargo test --workspace syn2mas: name: Check syn2mas runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout the code uses: actions/checkout@v4.1.7 - name: Install Node uses: actions/setup-node@v4.0.2 with: node-version-file: ./tools/syn2mas/.nvmrc - name: Install Node dependencies working-directory: ./tools/syn2mas run: npm ci - name: Lint working-directory: ./tools/syn2mas run: npm run lint - name: Build working-directory: ./tools/syn2mas run: npm run build tests-done: name: Tests done if: ${{ always() }} needs: - opa-lint - frontend-lint - frontend-test - rustfmt - cargo-deny - clippy - check-schema - test - syn2mas runs-on: ubuntu-latest steps: - uses: matrix-org/done-action@v2 with: needs: ${{ toJSON(needs) }}