Skip to content

CI

CI #2393

Workflow file for this run

name: CI
on:
- merge_group
- push
- pull_request
# Only build for latest push/PR unless it's main or release/
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }}
defaults:
run:
shell: bash
jobs:
lint-apparmor:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make apparmor
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Lint AppArmor profiles
run: |
make lint-apparmor
lint-desktop:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make desktop-file-utils
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Lint .desktop files
run: |
make lint-desktop
lint:
strategy:
matrix:
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make file python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
poetry install
- name: Run lint
run: make lint
# Run `make lint` across all components
component-lint:
strategy:
fail-fast: false
matrix:
# proxy has no `make lint` because it is covered by `rust-lint`.
# qubesdb-tools has no `make lint` because it is covered by `lint`.
component:
- client
- export
- log
debian_version:
- bookworm
runs-on: ubuntu-latest
container: debian:${{ matrix.debian_version }}
steps:
- run: |
apt-get update && apt-get install --yes git make gnupg python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
poetry -C ${{ matrix.component }} install
if [[ "${{ matrix.component }}" == "client" || "${{ matrix.component }}" == "export" ]]; then
make -C ${{ matrix.component }} ci-install-deps
fi
- name: Run lint
run: make -C ${{ matrix.component }} lint
safety:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- run: |
apt-get update && apt-get install --yes git make python3-poetry
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Run safety
run: |
poetry install
poetry update safety
make safety
rust:
runs-on: ubuntu-latest
# Keep version in sync with rust-toolchain.toml
container: rust:1.81.0
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Configure Qubes repository
run: |
cp scripts/qubes_42.sources /etc/apt/sources.list.d/
source /etc/os-release
sed -i s/##VERSION_CODENAME##/${VERSION_CODENAME}/ /etc/apt/sources.list.d/qubes_42.sources
apt-get update && apt-get install --yes libclang-dev qubesdb-dev
- name: Install dependencies
run: |
rustup component add rustfmt
rustup component add clippy
- name: Lint and test Rust code
run: |
make rust-lint
make rust-test