nightly #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# A workflow containing jobs we run only on nightly. This is called by | |
# `tests.yaml` on a schedule and on request with a `pr-nightly` label. | |
name: nightly | |
on: | |
workflow_call: | |
workflow_dispatch: | |
jobs: | |
cargo-audit: | |
runs-on: ubuntu-latest | |
# We can't read PRQL repo security events on forks, which causes this to | |
# incorrectly fail ( | |
# https://github.com/PRQL/prql/actions/runs/5718693342/job/15495030808?pr=3195#step:3:28 | |
# ). So we disable. If we wanted to run checks on PRs, we could move this to | |
# `pull-request-target`. And note that it does suggest that it can run on | |
# forks at https://github.com/rustsec/audit-check#limitations | |
# | |
# We also disable on dependabot, since dependabot doesn't have permissions | |
# even when running on the main repo. Would be better if we could only run | |
# when we know we have permissions. But this will do... | |
# | |
# Note also that we seem to need `== false` rather than just a `!` prefix | |
# once we combine with another expression (but not confident) | |
if: | |
${{ github.event.pull_request.head.repo.fork == false && github.actor != | |
'dependabot[bot]' }} | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
issues: write | |
checks: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: rustsec/audit-check@v1.4.1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
# Only used in tests. Waiting for tiberius to publish a new release. | |
ignore: "RUSTSEC-2024-0336" | |
cargo-bench: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: clechasseur/rs-cargo@v2 | |
with: | |
command: bench | |
args: --timings --all-targets | |
time-compilation: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
use_cache: [true, false] | |
steps: | |
- name: 📂 Checkout code | |
uses: actions/checkout@v4 | |
- uses: ./.github/actions/time-compilation | |
with: | |
use_cache: ${{ matrix.use_cache }} | |
update-rust-toolchain: | |
runs-on: ubuntu-latest | |
# Currently turned off, as I can't get the token to work correctly in this | |
# workflow, despite it working well in other workflows... Contributions | |
# welcome | |
# https://github.com/PRQL/prql/actions/runs/7351852156/job/20017282449#step:3:14 | |
if: false | |
# # See notes in `cargo-audit` for why we disable on forks and dependabot. | |
# if: | |
# ${{ github.event.pull_request.head.repo.fork == false && github.actor != | |
# 'dependabot[bot]' }} | |
# Note that this doesn't change the minimum supported version, only the | |
# default to run on. The minimum is defined by Cargo.toml's metadata.msrv | |
# and is updated manually based on when build environments such as debian & | |
# winget are updated. | |
steps: | |
- name: 📂 Checkout code | |
uses: actions/checkout@v4 | |
- uses: a-kenji/update-rust-toolchain@main | |
with: | |
# Discussion in #1561 | |
minor-version-delta: 1 | |
toolchain-path: "./rust-toolchain.toml" | |
pr-title: "build: Update rust toolchain version" | |
token: ${{ secrets.PRQL_BOT_GITHUB_TOKEN }} | |
check-unused-dependencies: | |
runs-on: ubuntu-latest | |
steps: | |
- name: 📂 Checkout code | |
uses: actions/checkout@v4 | |
- run: rustup override set nightly-2023-11-22 | |
- uses: baptiste0928/cargo-install@v3 | |
with: | |
crate: cargo-udeps | |
# Once with all targets, once without, to find anything that should be in | |
# `dev` but is more general. | |
- uses: clechasseur/rs-cargo@v2 | |
with: | |
command: udeps | |
args: --all-targets | |
- uses: clechasseur/rs-cargo@v2 | |
with: | |
command: udeps | |
# We now use the devcontainer. TODO: is it possible to have a similar test for | |
# that? Or that would require VSCode to install the dependencies? | |
# test-docker: | |
# # We only test the build in `test-all`; this also runs tests. | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: 📂 Checkout code | |
# uses: actions/checkout@v4 | |
# - uses: docker/setup-buildx-action@v2 | |
# - name: Build | |
# uses: docker/build-push-action@v4 | |
# with: | |
# tags: prql:latest | |
# # Use the GHA cache | |
# load: true | |
# cache-from: type=gha | |
# cache-to: type=gha,mode=max | |
# # https://aschmelyun.com/blog/using-docker-run-inside-of-github-actions/ | |
# - name: Test | |
# uses: addnab/docker-run-action@v3 | |
# with: | |
# image: prql:latest | |
# options: -v ${{ github.workspace }}/:/src | |
# run: task test-rust | |
code-ql: | |
# Currently almost the default code-ql config | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: ["javascript", "python"] | |
# We could add java, but it require a custom build step and we have very little java... | |
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | |
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: ${{ matrix.language }} | |
# If you wish to specify custom queries, you can do so here or in a config file. | |
# By default, queries listed here will override any specified in a config file. | |
# Prefix the list here with "+" to use these queries and those in the config file. | |
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | |
# queries: security-extended,security-and-quality | |
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | |
# If this step fails, then you should remove it and run the build manually (see below) | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
# ℹ️ Command-line programs to run using the OS shell. | |
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | |
# If the Autobuild fails above, remove it and uncomment the following three lines. | |
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. | |
# - run: | | |
# echo "Run, Build Application using script" | |
# ./location_of_script_within_repo/buildscript.sh | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
nightly-release: | |
# Test release workflow | |
uses: ./.github/workflows/release.yaml |