-
Notifications
You must be signed in to change notification settings - Fork 42
140 lines (132 loc) Β· 3.88 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: CI
on:
- merge_group
- push
- pull_request
# Only build for latest push/PR unless it's main or release/
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }}
defaults:
run:
shell: bash
jobs:
lint-apparmor:
strategy:
matrix:
debian_version:
- bookworm
- trixie
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make apparmor
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Lint AppArmor profiles
run: |
make lint-apparmor
lint-desktop:
strategy:
matrix:
debian_version:
- bookworm
- trixie
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make desktop-file-utils
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Lint .desktop files
run: |
make lint-desktop
lint:
strategy:
matrix:
debian_version:
- bookworm
- trixie
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make file python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
poetry install --no-root
- name: Run lint
run: make lint
# Run `make lint` across all components
component-lint:
strategy:
fail-fast: false
matrix:
# proxy has no `make lint` because it is covered by `rust-lint`.
# qubesdb-tools has no `make lint` because it is covered by `lint`.
component:
- client
- export
- log
debian_version:
- bookworm
- trixie
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make gnupg python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
poetry -C ${{ matrix.component }} install --no-root
if [[ "${{ matrix.component }}" == "client" || "${{ matrix.component }}" == "export" ]]; then
make -C ${{ matrix.component }} ci-install-deps
fi
- name: Run lint
run: make -C ${{ matrix.component }} lint
safety:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- run: |
apt-get update && apt-get install --yes git make python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Run safety
run: |
poetry install --no-root
poetry update safety
make safety
rust:
runs-on: ubuntu-latest
# Keep version in sync with rust-toolchain.toml
container: rust:1.84.1
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Configure Qubes repository
run: |
cp scripts/qubes_42.sources /etc/apt/sources.list.d/
source /etc/os-release
sed -i s/##VERSION_CODENAME##/${VERSION_CODENAME}/ /etc/apt/sources.list.d/qubes_42.sources
apt-get update && apt-get install --yes libclang-dev qubesdb-dev
- name: Install dependencies
run: |
rustup component add rustfmt
rustup component add clippy
- name: Lint and test Rust code
run: |
make rust-lint
make rust-test