mirror of
https://github.com/element-hq/matrix-authentication-service.git
synced 2026-05-14 16:55:21 +00:00
Andrew Morgan
364 lines
9.4 KiB
YAML
364 lines
9.4 KiB
YAML
# Copyright 2025 New Vector Ltd.
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
|
|
# Please see LICENSE files in the repository root for full details.
|
|
|
|
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "release/**"
|
|
tags:
|
|
- "v*"
|
|
pull_request:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
CARGO_NET_GIT_FETCH_WITH_CLI: "true"
|
|
SCCACHE_GHA_ENABLED: "true"
|
|
RUSTC_WRAPPER: "sccache"
|
|
|
|
jobs:
|
|
opa-lint:
|
|
name: Lint and test OPA policies
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- uses: ./.github/actions/build-policies
|
|
|
|
- name: Setup Regal
|
|
uses: StyraInc/setup-regal@33a142b1189004e0f14bf42b15972c67eecce776 # v1
|
|
with:
|
|
# Keep in sync with policies/Makefile
|
|
version: 0.38.1
|
|
|
|
- name: Lint policies
|
|
working-directory: ./policies
|
|
run: make lint
|
|
|
|
- name: Run OPA tests
|
|
working-directory: ./policies
|
|
run: make test
|
|
|
|
frontend-lint:
|
|
name: Check frontend style
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Node
|
|
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
|
with:
|
|
node-version: 24
|
|
|
|
- name: Install Node dependencies
|
|
working-directory: ./frontend
|
|
run: npm ci
|
|
|
|
- name: Lint
|
|
working-directory: ./frontend
|
|
run: npm run lint
|
|
|
|
frontend-test:
|
|
name: Run the frontend test suite
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Node
|
|
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
|
with:
|
|
node-version: 24
|
|
|
|
- name: Install Node dependencies
|
|
working-directory: ./frontend
|
|
run: npm ci
|
|
|
|
- name: Test
|
|
working-directory: ./frontend
|
|
run: npm test
|
|
|
|
frontend-knip:
|
|
name: Check the frontend for unused dependencies
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Node
|
|
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
|
with:
|
|
node-version: 24
|
|
|
|
- name: Install Node dependencies
|
|
working-directory: ./frontend
|
|
run: npm ci
|
|
|
|
- name: Check for unused dependencies
|
|
working-directory: ./frontend
|
|
run: npm run knip
|
|
|
|
rustfmt:
|
|
name: Check Rust style
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Rust toolchain
|
|
# Install the minimal toolchain, which includes rustc, rustdoc, and cargo.
|
|
# Then install rustfmt for `cargo fmt`.
|
|
#
|
|
# --override sets this as the default rust toolchain version in this directory.
|
|
run: |
|
|
rustup toolchain install nightly --profile minimal --component rustfmt --override
|
|
|
|
- name: Check style
|
|
run: cargo fmt --all -- --check
|
|
|
|
cargo-deny:
|
|
name: Run `cargo deny` checks
|
|
runs-on: ubuntu-24.04
|
|
|
|
env:
|
|
# We need to remove the sccache wrapper because we don't install it in this job
|
|
RUSTC_WRAPPER: ""
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Run `cargo-deny`
|
|
uses: EmbarkStudios/cargo-deny-action@175dc7fd4fb85ec8f46948fb98f44db001149081 # v2.0.16
|
|
with:
|
|
rust-version: stable
|
|
|
|
check-schema:
|
|
name: Check schema
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Rust toolchain
|
|
run: |
|
|
rustup toolchain install stable
|
|
|
|
- name: Setup sccache
|
|
uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
|
|
|
|
- uses: ./.github/actions/build-frontend
|
|
|
|
- name: Update the schemas
|
|
run: sh ./misc/update.sh
|
|
|
|
- name: Check that the workspace is clean
|
|
run: |
|
|
if ! [[ -z $(git status -s) ]]; then
|
|
echo "::error title=Workspace is not clean::Please run 'sh ./misc/update.sh' and commit the changes"
|
|
|
|
(
|
|
echo '## Diff after running `sh ./misc/update.sh`:'
|
|
echo
|
|
echo '```diff'
|
|
git diff
|
|
echo '```'
|
|
) >> $GITHUB_STEP_SUMMARY
|
|
|
|
exit 1
|
|
fi
|
|
|
|
clippy:
|
|
name: Run Clippy
|
|
needs: [rustfmt, opa-lint]
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Rust toolchain
|
|
# Install the minimal toolchain, which includes rustc, rustdoc, and cargo.
|
|
#
|
|
# --override sets this as the default rust toolchain version in this directory.
|
|
run: rustup toolchain install 1.93.0 --profile minimal --component clippy --override
|
|
|
|
- uses: ./.github/actions/build-policies
|
|
|
|
- name: Setup sccache
|
|
uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
|
|
|
|
- name: Run clippy
|
|
run: |
|
|
cargo clippy --workspace --tests --bins --lib -- -D warnings
|
|
|
|
compile-test-artifacts:
|
|
name: Compile test artifacts
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Rust toolchain
|
|
# Install the minimal toolchain, which includes rustc, rustdoc, and cargo.
|
|
run: rustup toolchain install stable --profile minimal
|
|
|
|
- name: Install nextest
|
|
uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2
|
|
with:
|
|
tool: cargo-nextest
|
|
|
|
- name: Setup sccache
|
|
uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
|
|
|
|
- name: Build and archive tests
|
|
run: cargo nextest archive --workspace --archive-file nextest-archive.tar.zst
|
|
env:
|
|
SQLX_OFFLINE: "1"
|
|
|
|
- name: Upload archive to workflow
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
|
with:
|
|
name: nextest-archive
|
|
path: nextest-archive.tar.zst
|
|
|
|
test:
|
|
name: Run test suite with Rust stable
|
|
needs: [rustfmt, opa-lint, compile-test-artifacts]
|
|
runs-on: ubuntu-24.04
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
strategy:
|
|
matrix:
|
|
partition: [1, 2, 3]
|
|
|
|
services:
|
|
postgres:
|
|
image: docker.io/library/postgres:15.3
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: postgres
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
ports:
|
|
- "5432:5432"
|
|
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Install Rust toolchain
|
|
# Install the minimal toolchain, which includes rustc, rustdoc, and cargo.
|
|
run: rustup toolchain install stable --profile minimal
|
|
|
|
- name: Install nextest
|
|
uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2
|
|
with:
|
|
tool: cargo-nextest
|
|
|
|
- uses: ./.github/actions/build-frontend
|
|
- uses: ./.github/actions/build-policies
|
|
|
|
- name: Download archive
|
|
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
|
|
with:
|
|
name: nextest-archive
|
|
|
|
- name: Test
|
|
env:
|
|
DATABASE_URL: postgresql://postgres:postgres@localhost/postgres
|
|
run: |
|
|
~/.cargo/bin/cargo-nextest nextest run \
|
|
--archive-file nextest-archive.tar.zst \
|
|
--partition count:${{ matrix.partition }}/3
|
|
|
|
tests-done:
|
|
name: Tests done
|
|
if: ${{ always() }}
|
|
needs:
|
|
- opa-lint
|
|
- frontend-lint
|
|
- frontend-test
|
|
- frontend-knip
|
|
- rustfmt
|
|
- cargo-deny
|
|
- clippy
|
|
- check-schema
|
|
- test
|
|
runs-on: ubuntu-24.04
|
|
|
|
steps:
|
|
- uses: matrix-org/done-action@3409aa904e8a2aaf2220f09bc954d3d0b0a2ee67 # v3
|
|
with:
|
|
needs: ${{ toJSON(needs) }}
|