name: CI
on:
push:
branches: [main, develop]
pull_request:
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
jobs:
check:
name: ${{ matrix.name }}
runs-on: ${{ fromJSON(matrix.runner) }}
strategy:
fail-fast: false
matrix:
include:
- name: linux-self-hosted
runner: '["self-hosted", "ops-linux"]'
- name: macos-self-hosted
runner: '["self-hosted", "dragon-macos"]'
steps:
- uses: actions/checkout@v6
- name: Ensure unzip on self-hosted Linux
if: runner.os == 'Linux'
run: |
if command -v unzip >/dev/null 2>&1; then
exit 0
fi
if command -v apt-get >/dev/null 2>&1; then
sudo apt-get update
sudo apt-get install --yes unzip
else
echo "unzip is required on Linux runners for setup-protoc" >&2
exit 1
fi
- name: Install protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-python@v6
if: runner.os == 'Linux'
with:
python-version: '3.x'
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- uses: actions/cache@v5
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: semgrep
if: runner.os == 'Linux'
run: |
python -m pip install --upgrade pip semgrep
semgrep --config auto --error --quiet
- name: cargo check
run: cargo check --locked
- name: cargo clippy
run: cargo clippy --locked --all-features --all-targets -- -D warnings
- name: cargo test
run: cargo test --locked --all-targets
- name: cargo fmt
run: cargo fmt -- --check
- name: cargo publish --dry-run
if: runner.os == 'Linux'
run: cargo publish --locked --dry-run