Skip to content

Update goal-owners #7580

Update goal-owners

Update goal-owners #7580

Workflow file for this run

name: CI
on:
pull_request:
merge_group:
workflow_dispatch:
schedule:
# Run at 4 AM UTC daily to make sure that all changes are up-to-date.
# We run the cron job at a time where merges don't usually happen, in order to avoid race
# conditions with the `merge_group` workflow execution.
- cron: 0 4 * * *
concurrency:
# We want to make sure that parallel executions (merge queue, cron, manual) of this workflow
# do not perform the `deploy` job in parallel.
# At the same time, we want to avoid this workflow running in parallel for multiple PRs
# (where it only runs tests, without deploy).
# If we're in a PR, `head_ref` is set, so we allow parallel runs for different PR HEAD refs.
# If we're elsewhere, we use a constant string to use the same concurrency group.
group: ${{ github.workflow }}-${{ github.head_ref || 'deploy' }}
cancel-in-progress: false
permissions: {}
jobs:
test:
name: Test
runs-on: ubuntu-latest
if: github.repository == 'rust-lang/team'
permissions:
contents: read
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 50
persist-credentials: false
- name: Setup Rust
uses: ./.github/actions/setup-rust
with:
components: rustfmt clippy
- name: Build the team binary
run: RUSTFLAGS="--deny warnings" cargo build
- name: Validate the repository contents
run: cargo run -- check --strict
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
- name: Run rustfmt
run: cargo fmt -- --check
- name: Run clippy
run: cargo clippy --workspace --all-targets --all-features -- -D warnings
- name: Run tests
run: cargo test --workspace --all-features
- name: Check CODEOWNERS
run: cargo run ci check-codeowners
- name: Build the contents of the static API
run: |
cargo run -- static-api build
echo "team-api.infra.rust-lang.org" > build/CNAME
- name: Write PR number into the uploaded archive
if: ${{ github.event_name == 'pull_request' }}
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: echo "$PR_NUMBER" > build/pr.txt
- name: Upload the built JSON as a GitHub artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: team-api-output
path: build
deploy:
name: Deploy
needs: [ test ]
runs-on: ubuntu-latest
environment: deploy
permissions:
contents: read
id-token: write # Needed for GitHub Pages OIDC authentication in `actions/deploy-pages`
pages: write # Needed to deploy the built static API to GitHub Pages
if: github.event_name != 'pull_request'
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Setup Rust
uses: ./.github/actions/setup-rust
- name: Download built JSON API and sync-team
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: team-api-output
path: build
- name: Sync changes
env:
GITHUB_TOKEN: ${{ secrets.WRITE_GITHUB_TOKEN }}
MAILGUN_API_TOKEN: ${{ secrets.MAILGUN_API_TOKEN }}
EMAIL_PRIVATE_KEY: ${{ secrets.EMAIL_PRIVATE_KEY }}
ZULIP_API_TOKEN: ${{ secrets.ZULIP_API_TOKEN }}
ZULIP_USERNAME: ${{ secrets.ZULIP_USERNAME }}
CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
CRATES_IO_USERNAME: "rust-lang-owner"
run: |
cargo run sync apply --src build
- name: Disable Jekyll
run: touch build/.nojekyll
- name: Upload GitHub pages artifact
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
with:
path: build
# Upload the pages only if the sync succeeded, to always keep the
# most up-to-date state in the web endpoint.
- name: Deploy to GitHub Pages
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
zizmor:
name: Run zizmor
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7
with:
persona: pedantic
advanced-security: false
# Summary job for the merge queue.
# ALL THE PREVIOUS JOBS NEED TO BE ADDED TO THE `needs` SECTION OF THIS JOB!
CI:
# Keep `name` matching the status check.
name: CI
needs: [ test, deploy, zizmor ]
# We need to ensure this job does *not* get skipped if its dependencies fail,
# because a skipped job is considered a success by GitHub. So we have to
# overwrite `if:`. We use `!cancelled()` to ensure the job does still not get run
# when the workflow is canceled manually.
if: ${{ !cancelled() }}
runs-on: ubuntu-latest
steps:
# Manually check the status of all dependencies. `if: failure()` does not work.
- name: Conclusion
env:
NEEDS: ${{ toJson(needs) }}
run: |
# Print the dependent jobs to see them in the CI log
jq -C <<< "$NEEDS"
# Check if all jobs that we depend on (in the needs array) were successful.
jq --exit-status 'all(.result == "success" or .result == "skipped")' <<< "$NEEDS"