Bump actions/attest-build-provenance from 1 to 2 #1273
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: oxipng | |
on: | |
push: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
workflow_dispatch: | |
jobs: | |
ci: | |
name: CI | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 60 | |
# Prevent tags and in-repo PRs from triggering this workflow more than once for a commit | |
if: github.ref_type != 'tag' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork) | |
strategy: | |
fail-fast: false | |
matrix: | |
target: | |
- x86_64-unknown-linux-gnu | |
- x86_64-unknown-linux-musl | |
- aarch64-unknown-linux-gnu | |
- aarch64-unknown-linux-musl | |
- x86_64-pc-windows-msvc | |
- i686-pc-windows-msvc | |
- x86_64-apple-darwin | |
- aarch64-apple-darwin | |
include: | |
- target: x86_64-unknown-linux-gnu | |
os: ubuntu-22.04 | |
target-apt-arch: amd64 | |
- target: x86_64-unknown-linux-musl | |
os: ubuntu-22.04 | |
target-apt-arch: amd64 | |
- target: aarch64-unknown-linux-gnu | |
os: ubuntu-22.04 | |
target-apt-arch: arm64 | |
- target: aarch64-unknown-linux-musl | |
os: ubuntu-22.04 | |
target-apt-arch: arm64 | |
- target: x86_64-pc-windows-msvc | |
os: windows-latest | |
- target: i686-pc-windows-msvc | |
os: windows-latest | |
- target: x86_64-apple-darwin | |
os: macos-13 # x86_64 runner | |
- target: aarch64-apple-darwin | |
os: macos-14 # ARM64 runner | |
env: | |
CARGO_BUILD_TARGET: ${{ matrix.target }} | |
# Hopefully temporary workaround for https://github.com/rust-lang/rust/issues/128401 | |
# See the comments for similar rustflag settings at .cargo/config.toml for more context | |
RUSTFLAGS: ${{ matrix.target == 'aarch64-unknown-linux-musl' && '-Zlocation-detail=none -Clink-args=-lgcc' || '-Zlocation-detail=none' }} | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Set up Ubuntu multiarch | |
if: startsWith(matrix.os, 'ubuntu') && matrix.target-apt-arch != 'amd64' | |
run: | | |
readonly DISTRO_CODENAME=jammy | |
sudo dpkg --add-architecture "${{ matrix.target-apt-arch }}" | |
sudo sed -i "s/^deb http/deb [arch=$(dpkg-architecture -q DEB_HOST_ARCH)] http/" /etc/apt/sources.list | |
sudo sed -i "s/^deb mirror/deb [arch=$(dpkg-architecture -q DEB_HOST_ARCH)] mirror/" /etc/apt/sources.list | |
for suite in '' '-updates' '-backports' '-security'; do | |
echo "deb [arch=${{ matrix.target-apt-arch }}] http://ports.ubuntu.com/ $DISTRO_CODENAME$suite main universe multiverse" | \ | |
sudo tee -a /etc/apt/sources.list >/dev/null | |
done | |
- name: Install musl development files | |
if: endsWith(matrix.target, '-musl') | |
run: | | |
sudo apt-get -yq update | |
sudo apt-get -yq install musl-tools musl-dev:${{ matrix.target-apt-arch }} | |
- name: Install QEMU and AArch64 cross compiler | |
if: startsWith(matrix.target, 'aarch64-unknown-linux') | |
run: | | |
sudo apt-get -yq update | |
# libc6 must be present to run executables dynamically linked | |
# against glibc for the target architecture | |
sudo apt-get -yq install qemu-user gcc-aarch64-linux-gnu libc6:arm64 | |
- name: Cache Cargo artifacts | |
uses: Swatinem/rust-cache@v2 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@v1 | |
with: | |
toolchain: nightly | |
targets: ${{ env.CARGO_BUILD_TARGET }} | |
components: clippy, rustfmt | |
- name: Install nextest | |
uses: taiki-e/install-action@nextest | |
- name: Install cargo-hack | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
uses: taiki-e/install-action@cargo-hack | |
- name: Install clippy-sarif | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: clippy-sarif | |
- name: Install sarif-fmt | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
uses: taiki-e/install-action@v2 | |
with: | |
tool: sarif-fmt | |
- name: Run rustfmt | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: cargo fmt --check | |
- name: Run Clippy for all feature combinations | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: > | |
set -o pipefail; | |
cargo hack clippy --no-deps --all-targets --feature-powerset --exclude-features sanity-checks --message-format=json -- -D warnings | |
| clippy-sarif | |
| tee clippy-results.sarif | |
| sarif-fmt | |
- name: Run tests | |
run: | | |
cargo nextest run --release --features sanity-checks | |
cargo test --doc --release --features sanity-checks | |
- name: Build benchmarks | |
run: cargo bench --no-run | |
- name: Build docs | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: cargo doc --release --no-deps | |
- name: Build CLI binary | |
run: cargo build --release | |
- name: Upload CLI binary as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Oxipng binary (${{ matrix.target }}) | |
path: | | |
target/${{ env.CARGO_BUILD_TARGET }}/release/oxipng | |
target/${{ env.CARGO_BUILD_TARGET }}/release/oxipng.exe | |
- name: Upload analysis results to GitHub | |
uses: github/codeql-action/upload-sarif@v3 | |
if: always() && matrix.target == 'x86_64-unknown-linux-gnu' | |
continue-on-error: true | |
with: | |
sarif_file: clippy-results.sarif | |
category: clippy | |
msrv-check: | |
name: MSRV check | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
# Prevent tags and in-repo PRs from triggering this workflow more than once for a commit | |
if: github.ref_type != 'tag' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork) | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Cache Cargo artifacts | |
uses: Swatinem/rust-cache@v2 | |
- name: Install MSRV Rust toolchain | |
uses: dtolnay/rust-toolchain@1.74.0 | |
- name: Install nextest | |
uses: taiki-e/install-action@nextest | |
- name: Run tests | |
run: | | |
cargo nextest run --release --features sanity-checks | |
cargo test --doc --release --features sanity-checks |