[ENH] Add NAC to the write path #4462
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR checks | |
on: | |
pull_request: | |
branches: | |
- main | |
- '**' | |
jobs: | |
# GitHub only provides a way to do path filtering at the workflow level rather than the job level. | |
# This allows us to selectively run jobs based on changed paths. | |
paths-filter: | |
name: Get changed paths | |
runs-on: ubuntu-latest | |
outputs: | |
outside-docs: ${{ steps.changes.outputs.outside-docs }} | |
docs: ${{ steps.changes.outputs.docs }} | |
steps: | |
- name: Get changed paths | |
id: changes | |
uses: dorny/paths-filter@v3 | |
with: | |
predicate-quantifier: 'every' | |
filters: | | |
outside-docs: | |
- '!docs/**' | |
docs: | |
- 'docs/**' | |
deploy-docs-preview: | |
name: Deploy preview of docs | |
needs: paths-filter | |
if: needs.paths-filter.outputs.docs == 'true' | |
runs-on: depot-ubuntu-22.04-small | |
environment: | |
name: Preview | |
url: ${{ steps.deploy.outputs.url }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "18.x" | |
registry-url: "https://registry.npmjs.org" | |
- name: Install vercel | |
run: npm install -g vercel | |
- name: Deploy | |
id: deploy | |
run: echo "url=$(vercel deploy --token ${{ secrets.VERCEL_TOKEN }})" >> $GITHUB_OUTPUT | |
env: | |
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} | |
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_DOCS_PROJECT_ID }} | |
python-tests: | |
name: Python tests | |
needs: paths-filter | |
if: needs.paths-filter.outputs.outside-docs == 'true' | |
uses: ./.github/workflows/_python-tests.yml | |
with: | |
property_testing_preset: 'fast' | |
python-vulnerability-scan: | |
name: Python vulnerability scan | |
needs: paths-filter | |
if: needs.paths-filter.outputs.outside-docs == 'true' | |
uses: ./.github/workflows/_python-vulnerability-scan.yml | |
javascript-client-tests: | |
name: JavaScript client tests | |
needs: paths-filter | |
if: needs.paths-filter.outputs.outside-docs == 'true' | |
uses: ./.github/workflows/_javascript-client-tests.yml | |
rust-tests: | |
name: Rust tests | |
needs: paths-filter | |
if: needs.paths-filter.outputs.outside-docs == 'true' | |
uses: ./.github/workflows/_rust-tests.yml | |
go-tests: | |
name: Go tests | |
needs: paths-filter | |
if: needs.paths-filter.outputs.outside-docs == 'true' | |
uses: ./.github/workflows/_go-tests.yml | |
check-title: | |
name: Check PR Title | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check PR Title | |
uses: Slashgear/action-check-pr-title@v4.3.0 | |
with: | |
regexp: '\[(ENH|BUG|DOC|TST|BLD|PERF|TYP|CLN|CHORE|RELEASE|HOTFIX)\].*' | |
helpMessage: "Please tag your PR title. See https://docs.trychroma.com/contributing#contributing-code-and-ideas. You must push new code to this PR for this check to run again." | |
- name: Comment explaining failure | |
if: failure() | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: 'Please tag your PR title with one of: \\[ENH | BUG | DOC | TST | BLD | PERF | TYP | CLN | CHORE\\]. See https://docs.trychroma.com/contributing#contributing-code-and-ideas' | |
}) | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: ./.github/actions/python | |
with: | |
python-version: "3.11" | |
- name: Setup Rust | |
uses: ./.github/actions/rust | |
- name: Run pre-commit | |
shell: bash | |
run: | | |
pre-commit run --all-files trailing-whitespace | |
pre-commit run --all-files mixed-line-ending | |
pre-commit run --all-files end-of-file-fixer | |
pre-commit run --all-files requirements-txt-fixer | |
pre-commit run --all-files check-xml | |
pre-commit run --all-files check-merge-conflict | |
pre-commit run --all-files check-case-conflict | |
pre-commit run --all-files check-docstring-first | |
pre-commit run --all-files black | |
pre-commit run --all-files flake8 | |
pre-commit run --all-files prettier | |
pre-commit run --all-files check-yaml | |
continue-on-error: true | |
- name: Cargo fmt check | |
shell: bash | |
run: cargo fmt -- --check | |
continue-on-error: true | |
- name: Clippy | |
run: cargo clippy --all-targets --all-features --keep-going -- -D warnings | |
# This job exists for our branch protection rule. | |
# We want to require status checks to pass before merging, but the set of | |
# checks that run for any given PR is dynamic based on the files changed. | |
# When creating a branch protection rule, you have to specify a static list | |
# of checks. | |
# So since this job always runs, we can specify it in the branch protection rule. | |
all-required-pr-checks-passed: | |
if: always() | |
needs: | |
- python-tests | |
- python-vulnerability-scan | |
- javascript-client-tests | |
- rust-tests | |
- go-tests | |
- check-title | |
- lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
allowed-skips: python-tests,python-vulnerability-scan,javascript-client-tests,rust-tests,go-tests |