name: CI
on:
pull_request:
branches: [main]
push:
branches: [main]
permissions:
contents: read
pull-requests: read
packages: write
actions: write
jobs:
filter:
name: Filter changed files
runs-on: ubuntu-latest
permissions:
pull-requests: read
contents: read
outputs:
rust: ${{ steps.filter.outputs.rust }}
docker: ${{ steps.filter.outputs.docker }}
steps:
- uses: actions/checkout@v6
- uses: dorny/paths-filter@v4
id: filter
with:
filters: |
rust:
- 'src/**'
- 'tests/**'
- 'xtask/**'
- 'locket_derive/**'
- 'Cargo.toml'
- 'Cargo.lock'
- 'rust-toolchain.*'
docker:
- 'docker/**'
- '!docker/tests/**'
- 'compose*.yml'
- 'compose*.yaml'
locket:
name: Build, clippy, test
needs: filter
if: needs.filter.outputs.rust == 'true'
runs-on: ubuntu-latest
env:
RUSTFLAGS: -D warnings
CARGO_TERM_COLOR: always
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- uses: swatinem/rust-cache@v2
- run: cargo fmt -- --check
- run: cargo build --locked
- run: cargo test --locked
- run: cargo clippy --all-targets
- run: cargo xtask docs --check
docker:
name: Docker build
needs: filter
if: needs.filter.outputs.docker == 'true' || needs.filter.outputs.rust == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Setup Buildx
uses: docker/setup-buildx-action@v4
with:
driver: docker-container
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build images
working-directory: docker
env:
CI: true
run: |
docker buildx bake --allow=fs.read=.. -f docker-bake.hcl --set "*.output=type=cacheonly" release