Skip to content

[ENH] Add NAC to the write path #4462

[ENH] Add NAC to the write path

[ENH] Add NAC to the write path #4462

Workflow file for this run

name: PR checks
on:
pull_request:
branches:
- main
- '**'
jobs:
# GitHub only provides a way to do path filtering at the workflow level rather than the job level.
# This allows us to selectively run jobs based on changed paths.
paths-filter:
name: Get changed paths
runs-on: ubuntu-latest
outputs:
outside-docs: ${{ steps.changes.outputs.outside-docs }}
docs: ${{ steps.changes.outputs.docs }}
steps:
- name: Get changed paths
id: changes
uses: dorny/paths-filter@v3
with:
predicate-quantifier: 'every'
filters: |
outside-docs:
- '!docs/**'
docs:
- 'docs/**'
deploy-docs-preview:
name: Deploy preview of docs
needs: paths-filter
if: needs.paths-filter.outputs.docs == 'true'
runs-on: depot-ubuntu-22.04-small
environment:
name: Preview
url: ${{ steps.deploy.outputs.url }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v3
with:
node-version: "18.x"
registry-url: "https://registry.npmjs.org"
- name: Install vercel
run: npm install -g vercel
- name: Deploy
id: deploy
run: echo "url=$(vercel deploy --token ${{ secrets.VERCEL_TOKEN }})" >> $GITHUB_OUTPUT
env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_DOCS_PROJECT_ID }}
python-tests:
name: Python tests
needs: paths-filter
if: needs.paths-filter.outputs.outside-docs == 'true'
uses: ./.github/workflows/_python-tests.yml
with:
property_testing_preset: 'fast'
python-vulnerability-scan:
name: Python vulnerability scan
needs: paths-filter
if: needs.paths-filter.outputs.outside-docs == 'true'
uses: ./.github/workflows/_python-vulnerability-scan.yml
javascript-client-tests:
name: JavaScript client tests
needs: paths-filter
if: needs.paths-filter.outputs.outside-docs == 'true'
uses: ./.github/workflows/_javascript-client-tests.yml
rust-tests:
name: Rust tests
needs: paths-filter
if: needs.paths-filter.outputs.outside-docs == 'true'
uses: ./.github/workflows/_rust-tests.yml
go-tests:
name: Go tests
needs: paths-filter
if: needs.paths-filter.outputs.outside-docs == 'true'
uses: ./.github/workflows/_go-tests.yml
check-title:
name: Check PR Title
runs-on: ubuntu-latest
steps:
- name: Check PR Title
uses: Slashgear/action-check-pr-title@v4.3.0
with:
regexp: '\[(ENH|BUG|DOC|TST|BLD|PERF|TYP|CLN|CHORE|RELEASE|HOTFIX)\].*'
helpMessage: "Please tag your PR title. See https://docs.trychroma.com/contributing#contributing-code-and-ideas. You must push new code to this PR for this check to run again."
- name: Comment explaining failure
if: failure()
uses: actions/github-script@v6
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Please tag your PR title with one of: \\[ENH | BUG | DOC | TST | BLD | PERF | TYP | CLN | CHORE\\]. See https://docs.trychroma.com/contributing#contributing-code-and-ideas'
})
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: ./.github/actions/python
with:
python-version: "3.11"
- name: Setup Rust
uses: ./.github/actions/rust
- name: Run pre-commit
shell: bash
run: |
pre-commit run --all-files trailing-whitespace
pre-commit run --all-files mixed-line-ending
pre-commit run --all-files end-of-file-fixer
pre-commit run --all-files requirements-txt-fixer
pre-commit run --all-files check-xml
pre-commit run --all-files check-merge-conflict
pre-commit run --all-files check-case-conflict
pre-commit run --all-files check-docstring-first
pre-commit run --all-files black
pre-commit run --all-files flake8
pre-commit run --all-files prettier
pre-commit run --all-files check-yaml
continue-on-error: true
- name: Cargo fmt check
shell: bash
run: cargo fmt -- --check
continue-on-error: true
- name: Clippy
run: cargo clippy --all-targets --all-features --keep-going -- -D warnings
# This job exists for our branch protection rule.
# We want to require status checks to pass before merging, but the set of
# checks that run for any given PR is dynamic based on the files changed.
# When creating a branch protection rule, you have to specify a static list
# of checks.
# So since this job always runs, we can specify it in the branch protection rule.
all-required-pr-checks-passed:
if: always()
needs:
- python-tests
- python-vulnerability-scan
- javascript-client-tests
- rust-tests
- go-tests
- check-title
- lint
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
allowed-skips: python-tests,python-vulnerability-scan,javascript-client-tests,rust-tests,go-tests