From b0ebdb59eddd033c3a3d842209b417321d5dc2a2 Mon Sep 17 00:00:00 2001 From: Tom Foster Date: Tue, 12 Aug 2025 12:11:33 +0100 Subject: [PATCH] ci: Tidy CI pipeline for readability and performance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pipeline Modernisation: - Update prefligit to prek (same project, renamed to avoid typosquatting) - Replace custom rust-toolchain action with direct uvx rustup invocation - Remove dependency on install scripts in favour of uvx tool execution - Make sccache conditional on GH_APP_ID and GH_APP_PRIVATE_KEY availability Workflow Restructuring: - Rename workflows for improved clarity: * rust-checks.yml → ci-checks.yml (consolidates Rust + prek) * element.yml → deploy-element.yml * documentation.yml → deploy-docs.yml * release-image.yml → release-builds.yml (Docker + binaries) * mirror-images.yml → docker-mirror.yml - Delete obsolete prefligit-checks.yml (merged into ci-checks.yml) - Combine format and prek checks into single fast-checks job Cache Strategy Improvements (release-builds.yml): - Add restore-keys to Rust registry and cargo target caches - Include Cargo.toml files in cargo-target cache key - Consolidate separate apt-cache and apt-lib steps into single step - Version APT cache with Dockerfile hash instead of static keys - Add platform-specific Docker buildcache tags - Simplify Rust registry paths (remove checkouts/src subdirs) CI Execution Improvements: - Add uv cache for faster uvx tool invocations (prek, rustup) - Enable concurrency control with cancel-in-progress - Fix BOM handling in pre-commit Dependency Management: - Add renovate.yml workflow for scheduled dependency checking - Configure renovate.json to monitor .forgejo/ and .github/ dirs - Group non-major GitHub Actions updates into single PRs - Set PR limits: 3 concurrent, 2 per hour --- .forgejo/workflows/ci-checks.yml | 175 ++++++++++++++++++ .../{documentation.yml => deploy-docs.yml} | 2 +- .../{element.yml => deploy-element.yml} | 0 .../{mirror-images.yml => docker-mirror.yml} | 2 +- .forgejo/workflows/prefligit-checks.yml | 22 --- .../{release-image.yml => release-builds.yml} | 142 +++++++------- .forgejo/workflows/renovate.yml | 60 ++++++ .forgejo/workflows/rust-checks.yml | 144 -------------- .pre-commit-config.yaml | 2 +- renovate.json | 21 ++- 10 files changed, 337 insertions(+), 233 deletions(-) create mode 100644 .forgejo/workflows/ci-checks.yml rename .forgejo/workflows/{documentation.yml => deploy-docs.yml} (98%) rename .forgejo/workflows/{element.yml => deploy-element.yml} (100%) rename .forgejo/workflows/{mirror-images.yml => docker-mirror.yml} (97%) delete mode 100644 .forgejo/workflows/prefligit-checks.yml rename .forgejo/workflows/{release-image.yml => release-builds.yml} (66%) create mode 100644 .forgejo/workflows/renovate.yml delete mode 100644 .forgejo/workflows/rust-checks.yml diff --git a/.forgejo/workflows/ci-checks.yml b/.forgejo/workflows/ci-checks.yml new file mode 100644 index 00000000..e6a91c31 --- /dev/null +++ b/.forgejo/workflows/ci-checks.yml @@ -0,0 +1,175 @@ +name: Checks / CI + +on: + push: + workflow_dispatch: + +# Cancel in-progress runs when a new push is made to the same branch +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + fast-checks: + name: Prek & Format + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install uv + uses: https://github.com/astral-sh/setup-uv@v6 + with: + enable-cache: true + ignore-nothing-to-cache: true + cache-dependency-glob: '' + + - name: Run prek (formerly prefligit) + run: uvx prek run --show-diff-on-failure --color=always -v --all-files --hook-stage manual + + - name: Install rust nightly with rustfmt + run: | + uvx rustup override set nightly + uvx rustup component add rustfmt + + - name: Check formatting + run: | + cargo +nightly fmt --all -- --check + + clippy: + name: Clippy + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install uv + uses: https://github.com/astral-sh/setup-uv@v6 + with: + enable-cache: true + ignore-nothing-to-cache: true + cache-dependency-glob: '' # Disable Python dependency tracking for Rust project + + - name: Install Rust toolchain + run: | + # Install toolchain from rust-toolchain.toml + uvx rustup show # This will auto-install from rust-toolchain.toml + + # cache-apt-pkgs-action requires apt lists to be initialised first + - name: Update APT package lists + run: sudo apt-get update + + - name: Cache system packages + uses: https://github.com/awalsh128/cache-apt-pkgs-action@latest + with: + packages: clang liburing-dev + version: 1.0 + + - name: Cache Rust registry + uses: actions/cache@v4 + with: + path: | + ~/.cargo/git + !~/.cargo/git/checkouts + ~/.cargo/registry + !~/.cargo/registry/src + key: rust-registry-${{hashFiles('**/Cargo.lock') }} + + - name: Run Clippy lints + run: | + cargo clippy \ + --workspace \ + --features full \ + --locked \ + --no-deps \ + --profile test \ + -- \ + -D warnings + + tests: + name: Tests + runs-on: ubuntu-latest + env: + SCCACHE_ENABLED: ${{ vars.GH_APP_ID != '' && secrets.GH_APP_PRIVATE_KEY != '' }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install uv + uses: https://github.com/astral-sh/setup-uv@v6 + with: + enable-cache: true + ignore-nothing-to-cache: true + cache-dependency-glob: '' # Disable Python dependency tracking for Rust project + + - name: Install Rust toolchain + run: | + # Install toolchain from rust-toolchain.toml + uvx rustup show # This will auto-install from rust-toolchain.toml + + # cache-apt-pkgs-action requires apt lists to be initialised first + - name: Update APT package lists + run: sudo apt-get update + + - name: Cache system packages + uses: https://github.com/awalsh128/cache-apt-pkgs-action@latest + with: + packages: clang liburing-dev + version: 1.0 + + - name: Cache Rust registry + uses: actions/cache@v4 + with: + path: | + ~/.cargo/git + !~/.cargo/git/checkouts + ~/.cargo/registry + !~/.cargo/registry/src + key: rust-registry-${{hashFiles('**/Cargo.lock') }} + + - name: Create GitHub App token for sccache + if: env.SCCACHE_ENABLED == 'true' + uses: https://github.com/actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + github-api-url: https://api.github.com + owner: ${{ vars.GH_APP_OWNER }} + repositories: "" + + - name: Setup sccache + if: env.SCCACHE_ENABLED == 'true' + uses: ./.forgejo/actions/sccache + with: + token: ${{ steps.app-token.outputs.token }} + + - name: Setup Timelord + if: env.SCCACHE_ENABLED == 'true' + uses: ./.forgejo/actions/timelord + with: + key: sccache-v0 + path: . + + - name: Run Cargo tests + run: | + cargo test \ + --workspace \ + --features full \ + --locked \ + --profile test \ + --all-targets \ + --no-fail-fast + + - name: Display sccache statistics + if: always() && env.SCCACHE_ENABLED == 'true' + run: sccache --show-stats diff --git a/.forgejo/workflows/documentation.yml b/.forgejo/workflows/deploy-docs.yml similarity index 98% rename from .forgejo/workflows/documentation.yml rename to .forgejo/workflows/deploy-docs.yml index 4f3e903c..530a8c0b 100644 --- a/.forgejo/workflows/documentation.yml +++ b/.forgejo/workflows/deploy-docs.yml @@ -1,4 +1,4 @@ -name: Documentation +name: Deploy / Documentation on: pull_request: diff --git a/.forgejo/workflows/element.yml b/.forgejo/workflows/deploy-element.yml similarity index 100% rename from .forgejo/workflows/element.yml rename to .forgejo/workflows/deploy-element.yml diff --git a/.forgejo/workflows/mirror-images.yml b/.forgejo/workflows/docker-mirror.yml similarity index 97% rename from .forgejo/workflows/mirror-images.yml rename to .forgejo/workflows/docker-mirror.yml index 198832db..3d13f08e 100644 --- a/.forgejo/workflows/mirror-images.yml +++ b/.forgejo/workflows/docker-mirror.yml @@ -1,4 +1,4 @@ -name: Mirror Container Images +name: Deploy / Mirror Images on: schedule: diff --git a/.forgejo/workflows/prefligit-checks.yml b/.forgejo/workflows/prefligit-checks.yml deleted file mode 100644 index cc512496..00000000 --- a/.forgejo/workflows/prefligit-checks.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Checks / Prefligit - -on: - push: - pull_request: -permissions: - contents: read - -jobs: - prefligit: - runs-on: ubuntu-latest - env: - FROM_REF: ${{ github.event.pull_request.base.sha || (!github.event.forced && ( github.event.before != '0000000000000000000000000000000000000000' && github.event.before || github.sha )) || format('{0}~', github.sha) }} - TO_REF: ${{ github.sha }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: ./.forgejo/actions/prefligit - with: - extra_args: --all-files --hook-stage manual diff --git a/.forgejo/workflows/release-image.yml b/.forgejo/workflows/release-builds.yml similarity index 66% rename from .forgejo/workflows/release-image.yml rename to .forgejo/workflows/release-builds.yml index 04fc9de9..def5f3d4 100644 --- a/.forgejo/workflows/release-image.yml +++ b/.forgejo/workflows/release-builds.yml @@ -1,6 +1,8 @@ -name: Release Docker Image +name: Release / Builds +# Cancel in-progress runs when a new push is made to the same branch concurrency: - group: "release-image-${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false # Don't cancel release builds on: push: @@ -17,11 +19,11 @@ on: workflow_dispatch: env: - BUILTIN_REGISTRY: forgejo.ellis.link - BUILTIN_REGISTRY_ENABLED: "${{ ((vars.BUILTIN_REGISTRY_USER && secrets.BUILTIN_REGISTRY_PASSWORD) || (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)) && 'true' || 'false' }}" + BUILTIN_REGISTRY_ENABLED: "${{ vars.BUILTIN_REGISTRY != '' && ((vars.BUILTIN_REGISTRY_USER && secrets.BUILTIN_REGISTRY_PASSWORD) || (github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false)) && 'true' || 'false' }}" jobs: - define-variables: + prepare: + name: Prepare Build Matrix runs-on: ubuntu-latest outputs: @@ -30,7 +32,7 @@ jobs: build_matrix: ${{ steps.var.outputs.build_matrix }} steps: - - name: Setting variables + - name: Define build matrix and registries uses: https://github.com/actions/github-script@v7 id: var with: @@ -39,26 +41,39 @@ jobs: const repoId = githubRepo.split('/')[1] core.setOutput('github_repository', githubRepo) - const builtinImage = '${{ env.BUILTIN_REGISTRY }}/' + githubRepo + console.log('GitHub repository:', githubRepo) + + const registry = '${{ vars.BUILTIN_REGISTRY }}' + console.log('Registry:', registry || '(not set)') + + const builtinImage = registry ? `${registry}/${githubRepo}` : '' + console.log('Built-in image:', builtinImage || '(registry not configured)') + let images = [] if (process.env.BUILTIN_REGISTRY_ENABLED === "true") { images.push(builtinImage) } + console.log('Registry enabled:', process.env.BUILTIN_REGISTRY_ENABLED) + console.log('Images:', images.length > 0 ? images : '(none)') + core.setOutput('images', images.join("\n")) core.setOutput('images_list', images.join(",")) const platforms = ['linux/amd64', 'linux/arm64'] - core.setOutput('build_matrix', JSON.stringify({ + const buildMatrix = { platform: platforms, target_cpu: ['base'], include: platforms.map(platform => { return { platform, slug: platform.replace('/', '-') }}) - })) + } + console.log('Build matrix:', JSON.stringify(buildMatrix, null, 2)) + core.setOutput('build_matrix', JSON.stringify(buildMatrix)) - build-image: + build: + name: Build Images & Binaries runs-on: dind - needs: define-variables + needs: prepare permissions: contents: read packages: write @@ -78,16 +93,16 @@ jobs: } steps: - - name: Echo strategy - run: echo '${{ toJSON(fromJSON(needs.define-variables.outputs.build_matrix)) }}' - - name: Echo matrix - run: echo '${{ toJSON(matrix) }}' + - name: Display build matrix + run: | + echo "Strategy: ${{ toJSON(fromJSON(needs.prepare.outputs.build_matrix)) }}" + echo "Matrix: ${{ toJSON(matrix) }}" - name: Checkout repository uses: actions/checkout@v4 with: persist-credentials: false - - name: Install rust + - name: Install Rust toolchain id: rust-toolchain uses: ./.forgejo/actions/rust-toolchain @@ -95,35 +110,34 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Login to builtin registry + - name: Login to container registry + if: vars.BUILTIN_REGISTRY != '' uses: docker/login-action@v3 with: - registry: ${{ env.BUILTIN_REGISTRY }} + registry: ${{ vars.BUILTIN_REGISTRY }} username: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }} password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }} - # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - - name: Extract metadata (labels, annotations) for Docker + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: - images: ${{needs.define-variables.outputs.images}} + images: ${{needs.prepare.outputs.images}} # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509 env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index - # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. - # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. - # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - # It will not push images generated from a pull request - name: Get short git commit SHA id: sha run: | calculatedSha=$(git rev-parse --short ${{ github.sha }}) + echo "Short SHA: $calculatedSha (from full SHA: ${{ github.sha }})" echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV - - name: Get Git commit timestamps - run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV + - name: Get commit timestamp + run: | + timestamp=$(git log -1 --pretty=%ct) + echo "Commit timestamp: $timestamp ($(date -d @$timestamp))" + echo "TIMESTAMP=$timestamp" >> $GITHUB_ENV - uses: ./.forgejo/actions/timelord with: @@ -134,33 +148,33 @@ jobs: uses: actions/cache@v3 with: path: | - .cargo/git - .cargo/git/checkouts .cargo/registry - .cargo/registry/src - key: rust-registry-image-${{hashFiles('**/Cargo.lock') }} + .cargo/git + key: rust-registry-${{ matrix.slug }}-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + rust-registry-${{ matrix.slug }}- + rust-registry- - name: Cache cargo target id: cache-cargo-target uses: actions/cache@v3 with: path: | cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }} - key: cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}} - - name: Cache apt cache + key: cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }}-${{ steps.rust-toolchain.outputs.rustc_version }} + restore-keys: | + cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}- + cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}- + - name: Cache apt packages id: cache-apt uses: actions/cache@v3 with: path: | var-cache-apt-${{ matrix.slug }} - key: var-cache-apt-${{ matrix.slug }} - - name: Cache apt lib - id: cache-apt-lib - uses: actions/cache@v3 - with: - path: | var-lib-apt-${{ matrix.slug }} - key: var-lib-apt-${{ matrix.slug }} - - name: inject cache into docker + key: apt-${{ matrix.slug }}-${{ hashFiles('docker/Dockerfile') }} + restore-keys: | + apt-${{ matrix.slug }}- + - name: Inject build cache uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.1.0 with: cache-map: | @@ -176,43 +190,44 @@ jobs: } skip-extraction: ${{ steps.cache.outputs.cache-hit }} - - name: Build and push Docker image by digest + - name: Build Docker image id: build uses: docker/build-push-action@v6 with: context: . file: "docker/Dockerfile" build-args: | - GIT_COMMIT_HASH=${{ github.sha }}) + GIT_COMMIT_HASH=${{ github.sha }} GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }} GIT_REMOTE_URL=${{github.event.repository.html_url }} GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }} platforms: ${{ matrix.platform }} labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} - cache-from: type=gha - # cache-to: type=gha,mode=max + cache-from: | + type=registry,ref=${{ vars.BUILTIN_REGISTRY }}/${{ github.repository }}:buildcache-${{ matrix.slug }} + type=registry,ref=${{ vars.BUILTIN_REGISTRY }}/${{ github.repository }}:buildcache + cache-to: type=registry,ref=${{ vars.BUILTIN_REGISTRY }}/${{ github.repository }}:buildcache-${{ matrix.slug }},mode=max sbom: true - outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true + outputs: type=image,"name=${{ needs.prepare.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true env: SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }} - # For publishing multi-platform manifests - - name: Export digest + - name: Export image digest run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - - name: Extract binary from container (image) + - name: Create container from image id: extract-binary-image run: | mkdir -p /tmp/binaries digest="${{ steps.build.outputs.digest }}" - echo "container_id=$(docker create --platform ${{ matrix.platform }} ${{ needs.define-variables.outputs.images_list }}@$digest)" >> $GITHUB_OUTPUT - - name: Extract binary from container (copy) + echo "container_id=$(docker create --platform ${{ matrix.platform }} ${{ needs.prepare.outputs.images_list }}@$digest)" >> $GITHUB_OUTPUT + - name: Extract binary from container run: docker cp ${{ steps.extract-binary-image.outputs.container_id }}:/sbin/conduwuit /tmp/binaries/conduwuit-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }} - - name: Extract binary from container (cleanup) + - name: Clean up container run: docker rm ${{ steps.extract-binary-image.outputs.container_id }} - name: Upload binary artifact @@ -230,9 +245,10 @@ jobs: if-no-files-found: error retention-days: 5 - merge: + publish: + name: Publish Multi-platform Manifest runs-on: dind - needs: [define-variables, build-image] + needs: [prepare, build] steps: - name: Download digests uses: forgejo/download-artifact@v4 @@ -240,18 +256,18 @@ jobs: path: /tmp/digests pattern: digests-* merge-multiple: true - # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Login to builtin registry + - name: Login to container registry + if: vars.BUILTIN_REGISTRY != '' uses: docker/login-action@v3 with: - registry: ${{ env.BUILTIN_REGISTRY }} + registry: ${{ vars.BUILTIN_REGISTRY }} username: ${{ vars.BUILTIN_REGISTRY_USER || github.actor }} password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Extract metadata (tags) for Docker + - name: Extract Docker tags id: meta uses: docker/metadata-action@v5 with: @@ -263,15 +279,15 @@ jobs: type=ref,event=pr type=sha,format=long type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }} - images: ${{needs.define-variables.outputs.images}} + images: ${{needs.prepare.outputs.images}} # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509 env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index - - name: Create manifest list and push + - name: Create and push manifest working-directory: /tmp/digests env: - IMAGES: ${{needs.define-variables.outputs.images}} + IMAGES: ${{needs.prepare.outputs.images}} shell: bash run: | IFS=$'\n' @@ -287,7 +303,7 @@ jobs: - name: Inspect image env: - IMAGES: ${{needs.define-variables.outputs.images}} + IMAGES: ${{needs.prepare.outputs.images}} shell: bash run: | IMAGES_LIST=($IMAGES) diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml new file mode 100644 index 00000000..8d2ef4f6 --- /dev/null +++ b/.forgejo/workflows/renovate.yml @@ -0,0 +1,60 @@ +name: Maintenance / Renovate +on: + schedule: + # Run at 2am UTC daily + - cron: '0 2 * * *' + workflow_dispatch: + inputs: + dryRun: + description: 'Dry run mode' + required: false + default: 'false' + type: choice + options: + - 'true' + - 'false' + logLevel: + description: 'Log level' + required: false + default: 'info' + type: choice + options: + - 'debug' + - 'info' + - 'warn' + - 'error' + push: + branches: + - main + paths: + - '.forgejo/workflows/renovate.yml' + - 'renovate.json' + +jobs: + renovate: + name: Renovate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Renovate + uses: renovatebot/github-action@v40.1.0 + with: + token: ${{ secrets.RENOVATE_TOKEN }} + configurationFile: renovate.json + env: + # Platform settings + RENOVATE_PLATFORM: gitea + RENOVATE_ENDPOINT: ${{ github.server_url }}/api/v1 + RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} + + # Repository settings + RENOVATE_REPOSITORIES: '["${{ github.repository }}"]' + + # Behaviour settings + RENOVATE_DRY_RUN: ${{ inputs.dryRun || 'false' }} + LOG_LEVEL: ${{ inputs.logLevel || 'info' }} + + # Forgejo/Gitea specific + RENOVATE_GIT_AUTHOR: '${{ vars.RENOVATE_AUTHOR }}' diff --git a/.forgejo/workflows/rust-checks.yml b/.forgejo/workflows/rust-checks.yml deleted file mode 100644 index c46363a0..00000000 --- a/.forgejo/workflows/rust-checks.yml +++ /dev/null @@ -1,144 +0,0 @@ -name: Checks / Rust - -on: - push: - -jobs: - format: - name: Format - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install rust - uses: ./.forgejo/actions/rust-toolchain - with: - toolchain: "nightly" - components: "rustfmt" - - - name: Check formatting - run: | - cargo +nightly fmt --all -- --check - - clippy: - name: Clippy - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install rust - uses: ./.forgejo/actions/rust-toolchain - - - uses: https://github.com/actions/create-github-app-token@v2 - id: app-token - with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - github-api-url: https://api.github.com - owner: ${{ vars.GH_APP_OWNER }} - repositories: "" - - name: Install sccache - uses: ./.forgejo/actions/sccache - with: - token: ${{ steps.app-token.outputs.token }} - - run: sudo apt-get update - - name: Install system dependencies - uses: https://github.com/awalsh128/cache-apt-pkgs-action@v1 - with: - packages: clang liburing-dev - version: 1 - - name: Cache Rust registry - uses: actions/cache@v3 - with: - path: | - ~/.cargo/git - !~/.cargo/git/checkouts - ~/.cargo/registry - !~/.cargo/registry/src - key: rust-registry-${{hashFiles('**/Cargo.lock') }} - - name: Timelord - uses: ./.forgejo/actions/timelord - with: - key: sccache-v0 - path: . - - name: Clippy - run: | - cargo clippy \ - --workspace \ - --features full \ - --locked \ - --no-deps \ - --profile test \ - -- \ - -D warnings - - - name: Show sccache stats - if: always() - run: sccache --show-stats - - cargo-test: - name: Cargo Test - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install rust - uses: ./.forgejo/actions/rust-toolchain - - - uses: https://github.com/actions/create-github-app-token@v2 - id: app-token - with: - app-id: ${{ vars.GH_APP_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - github-api-url: https://api.github.com - owner: ${{ vars.GH_APP_OWNER }} - repositories: "" - - name: Install sccache - uses: ./.forgejo/actions/sccache - with: - token: ${{ steps.app-token.outputs.token }} - - run: sudo apt-get update - - name: Install system dependencies - uses: https://github.com/awalsh128/cache-apt-pkgs-action@v1 - with: - packages: clang liburing-dev - version: 1 - - name: Cache Rust registry - uses: actions/cache@v3 - with: - path: | - ~/.cargo/git - !~/.cargo/git/checkouts - ~/.cargo/registry - !~/.cargo/registry/src - key: rust-registry-${{hashFiles('**/Cargo.lock') }} - - name: Timelord - uses: ./.forgejo/actions/timelord - with: - key: sccache-v0 - path: . - - name: Cargo Test - run: | - cargo test \ - --workspace \ - --features full \ - --locked \ - --profile test \ - --all-targets \ - --no-fail-fast - - - name: Show sccache stats - if: always() - run: sccache --show-stats diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 68e3a982..da594310 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,7 +9,7 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: - - id: check-byte-order-marker + - id: fix-byte-order-marker - id: check-case-conflict - id: check-symlinks - id: destroyed-symlinks diff --git a/renovate.json b/renovate.json index eecf8532..c41d5f99 100644 --- a/renovate.json +++ b/renovate.json @@ -22,5 +22,24 @@ "tikv-jemalloc-ctl", "opentelemetry-rust", "tracing-opentelemetry" - ] + ], + "github-actions": { + "enabled": true, + "fileMatch": [ + "(^|/)\\.forgejo/workflows/[^/]+\\.ya?ml$", + "(^|/)\\.forgejo/actions/[^/]+/action\\.ya?ml$", + "(^|/)\\.github/workflows/[^/]+\\.ya?ml$", + "(^|/)\\.github/actions/[^/]+/action\\.ya?ml$" + ] + }, + "packageRules": [ + { + "description": "Group all non-major GitHub Actions updates", + "matchManagers": ["github-actions"], + "matchUpdateTypes": ["minor", "patch"], + "groupName": "github-actions-non-major" + } + ], + "prConcurrentLimit": 3, + "prHourlyLimit": 2 }