-
-
Notifications
You must be signed in to change notification settings - Fork 773
148 lines (134 loc) · 5.64 KB
/
prebuild.yml
File metadata and controls
148 lines (134 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: "Prebuild checks"
on:
pull_request:
workflow_dispatch:
schedule:
- cron: '13 23 * * *' # every day @ 23:13
push:
branches:
- 'release/**'
- 'secfix/**'
# cancel any previous runs on the same PR
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
CARGOLOCK_COMMENT: Looks like you changed `Cargo.lock`. Please make sure to review the dependencies and update [internal version list](https://www.notion.so/satoshilabs/Rust-dependencies-a9cc6e8dab934def8eb27896c001e6e2).
jobs:
block-fixup:
name: Block fixup
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
- name: Block Fixup Commit Merge
uses: 13rac1/block-fixup-merge-action@bd5504fb9ca0253e109d98eb86b7debc01970cdc # 13rac1/block-fixup-merge-action@v2.0.0
# Check the code for style correctness and perform some static code analysis.
# Biggest part is the python one - using `flake8`, `isort`, `black`, `pylint` and `pyright`,
# also checking Rust files by `rustfmt` and C files by `clang-format`.
# Changelogs formats are checked.
style_check:
name: Style check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
- name: Initialize and update ts-tvl
run: |
git submodule update --init --recursive vendor/ts-tvl
- name: Initialize and update QR-Code-generator (needed for cargo fmt)
run: git submodule update --init --recursive vendor/QR-Code-generator
- uses: ./.github/actions/environment
- name: "Run style check"
run: nix-shell --run "uv run make style_check BLACK_FAST=0"
- name: "Run .editorconfig check"
run: nix-shell --run "uv run make editor_check"
# Check validity of coin definitions and protobuf files.
defs_check:
name: Defs check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
with:
submodules: "recursive"
- uses: ./.github/actions/environment
- name: "Run defs check"
run: nix-shell --run "uv run make defs_check"
# Check validity of auto-generated files.
gen_check:
name: Gen check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
with:
submodules: "recursive"
- uses: ./.github/actions/environment
- name: "Run gen check"
run: nix-shell --run "uv run make gen_check"
# Check uv.lock is up-to-date
uvlock_check:
name: uv.lock check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
with:
submodules: "recursive"
- name: Install nix
uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # cachix/install-nix-action@v31.10.6
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: "Run uv.lock check"
run: nix-shell --run "make uvlock_check"
# Verifying that all commits changing some functionality have a changelog entry
# or contain `[no changelog]` in the commit message.
changelog_check:
name: Changelog check
if: ${{ github.ref != 'main' && github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: "Run changelog check"
run: ./ci/check_changelog.sh
# Checking the format of release commit messages.
release_commit_msg_check:
name: Release commit message check
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
- uses: ./.github/actions/environment
- name: "Check release commit message format"
run: ./ci/check_release_commit_messages.sh
# Warn if core/embed/rust/Cargo.lock changed
cargolock_check:
name: Cargo.lock check
if: ${{ github.ref != 'main' && github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # actions/checkout@v6.0.2
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Ask git
run: |
git diff --exit-code origin/${{ github.base_ref }}...HEAD -- core/embed/rust/Cargo.lock || echo cargo_modified=1 > $GITHUB_ENV
cat $GITHUB_OUTPUT
- name: Find Comment
uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # peter-evans/find-comment@v4
if: ${{ env.cargo_modified == '1' }}
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: cargolock-comment-${{ github.workflow }}
- name: Create comment
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # peter-evans/create-or-update-comment@v5
if: ${{ env.cargo_modified == '1' && steps.fc.outputs.comment-id == '' }}
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
<!-- cargolock-comment-${{ github.workflow }} -->
${{ env.CARGOLOCK_COMMENT }}
edit-mode: replace