Skip to content

chore(ci): Remove unneeded default permissions #238

chore(ci): Remove unneeded default permissions

chore(ci): Remove unneeded default permissions #238

Workflow file for this run

name: Build
permissions:
contents: read
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_INCREMENTAL: 0
CARGO_PROFILE_DEV_DEBUG: 0
CARGO_TERM_COLOR: always
CHEZMOI_MODIFY_MANAGER_BUILDER: github-ci
RUST_BACKTRACE: 1
RUSTFLAGS: "-D warnings"
RUSTUP_MAX_RETRIES: 10
jobs:
modern-default:
# Test modern compilers on standard platforms on Linux.
name: "Test: ${{ matrix.target }}, Rust ${{ matrix.rust }} (default configuration)"
runs-on: ubuntu-latest
env:
CARGO_PROFILE_DEV_DEBUG: 1
CARGO_PROFILE_DEV_SPLIT_DEBUGINFO: ${{ matrix.debug_info }}
RUSTFLAGS: -D warnings -Clink-arg=-Wl,--compress-debug-sections=zlib
strategy:
fail-fast: false
matrix:
target:
- aarch64-unknown-linux-gnu
- aarch64-unknown-linux-musl
- armv7-unknown-linux-gnueabihf
- armv7-unknown-linux-musleabihf
- i686-unknown-linux-gnu
- i686-unknown-linux-musl
# Unfortunately, As of 1.76 nightly rust uses calls not supported by
# wine, so we can't run the cross-tests any more
#- x86_64-pc-windows-gnu
- x86_64-unknown-linux-gnu
- x86_64-unknown-linux-musl
# Some lower priority targets too (not currently built as releases)
- powerpc-unknown-linux-gnu
- powerpc64-unknown-linux-gnu
rust:
- stable
- nightly
debug_info:
- packed
include:
# RISCV doesn't work with split debug info (see rust-lang/rust#110224)
- target: riscv64gc-unknown-linux-gnu
rust: stable
debug_info: off
- target: riscv64gc-unknown-linux-gnu
rust: nightly
debug_info: off
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Environment info
run: |
echo "rustup --version:"; rustup --version
echo "rustup show:"; rustup show
- name: Install Rust
run: rustup install --profile minimal ${{ matrix.rust }} && rustup default ${{ matrix.rust }}
- name: Install cross
uses: taiki-e/install-action@cross
- name: Cache builds
uses: Swatinem/rust-cache@v2.7.7
with:
key: ${{ matrix.target }}-${{ matrix.rust }}
- name: Cross compile
run: cross test --no-run --locked --target ${{ matrix.target }} --verbose
- name: Cross test
run: cross test --locked --target ${{ matrix.target }} --verbose
- name: Compress binary
if: matrix.rust == 'stable' && matrix.target != 'x86_64-pc-windows-gnu'
run: |
mkdir chezmoi_modify_manager
cp target/${{ matrix.target }}/debug/chezmoi_modify_manager chezmoi_modify_manager/
if [[ -f target/${{ matrix.target }}/debug/chezmoi_modify_manager.dwp ]]; then
# No split debug info for RISCV
cp target/${{ matrix.target }}/debug/chezmoi_modify_manager.dwp chezmoi_modify_manager/
fi
tar cf chezmoi_modify_manager.tar chezmoi_modify_manager
zstd -T0 -6 chezmoi_modify_manager.tar
- uses: actions/upload-artifact@v4
if: matrix.rust == 'stable' && matrix.target != 'x86_64-pc-windows-gnu'
with:
name: chezmoi_modify_manager_${{ matrix.target }}.zst
path: chezmoi_modify_manager.tar.zst
retention-days: 7
- name: Clean up temporary items
run: |
rm -rf chezmoi_modify_manager chezmoi_modify_manager.tar chezmoi_modify_manager.tar.zst
configurations:
# Test non-standard configurations, MSRV and Rust versions
name: "Test: \"${{ matrix.features }}\" (Linux), Rust ${{ matrix.rust }}"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
features:
- --no-default-features
- --no-default-features --features=updater-tls-rusttls
- --no-default-features --features=keyring
rust:
- 1.75.0
- stable
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install Rust
run: rustup install --profile minimal ${{ matrix.rust }} && rustup default ${{ matrix.rust }}
- name: Install libdbus
if: matrix.features == '--no-default-features --features=keyring'
run: sudo apt-get install -y libdbus-1-dev pkg-config
- name: Cache builds
uses: Swatinem/rust-cache@v2.7.7
with:
save-if: ${{ matrix.features == '--no-default-features --features=updater-tls-native-vendored' }}
- name: Compile
run: cargo test --locked ${{ matrix.features }} --verbose --no-run
- name: Test
run: cargo test --locked ${{ matrix.features }} --verbose
- name: Test updater
if: matrix.features == '--no-default-features --features=updater-tls-rusttls'
run: |
echo n | cargo run --locked ${{ matrix.features }} -- --upgrade
- name: Test no updater exit code
if: matrix.features != '--no-default-features --features=updater-tls-rusttls'
run: |
# Because GitHub Actions exits on failure we need to do this
bash -c "cargo run --locked ${{ matrix.features }} -- --upgrade; if [[ \$? -eq 0 ]]; then exit 1; fi"
exotic-os:
# Test native builds on non-Linux platforms
name: "Test: ${{ matrix.target }} on ${{ matrix.os }} with ${{ matrix.rust }}"
runs-on: ${{ matrix.os }}
env:
CARGO_PROFILE_DEV_DEBUG: 1
CARGO_PROFILE_DEV_SPLIT_DEBUGINFO: "packed"
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-pc-windows-msvc
os: windows-latest
suffix: .exe
debug-suffix: .pdb
rust: stable
- target: x86_64-pc-windows-msvc
os: windows-latest
suffix: .exe
debug-suffix: .pdb
rust: nightly
- target: x86_64-pc-windows-gnu
os: windows-latest
suffix: .exe
debug-suffix: .pdb
rust: stable
- target: x86_64-pc-windows-gnu
os: windows-latest
suffix: .exe
debug-suffix: .pdb
rust: nightly
- target: x86_64-apple-darwin
os: macos-latest
suffix:
debug-suffix: .dSYM
rust: stable
- target: aarch64-apple-darwin
os: macos-latest
suffix:
debug-suffix: .dSYM
rust: stable
- target: x86_64-apple-darwin
os: macos-latest
suffix:
debug-suffix: .dSYM
rust: nightly
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Environment info
run: |
echo "rustup --version:"; rustup --version
echo "rustup show:"; rustup show
- name: Install Rust
run: rustup install --no-self-update --profile minimal ${{ matrix.rust }} && rustup default ${{ matrix.rust }} && rustup target add ${{ matrix.target }}
- name: Cache builds
uses: Swatinem/rust-cache@v2.7.7
with:
key: ${{ matrix.os }}-${{ matrix.target }}-${{ matrix.rust }}
- name: Compile
run: cargo test --no-run --locked --target ${{ matrix.target }} --verbose
- name: Test
run: cargo test --locked --target ${{ matrix.target }} --verbose
- name: Compress binary
if: matrix.rust == 'stable' && matrix.target != 'x86_64-pc-windows-gnu'
run: |
mkdir chezmoi_modify_manager
cp target/${{ matrix.target }}/debug/chezmoi_modify_manager${{ matrix.suffix }} chezmoi_modify_manager/
cp -r target/${{ matrix.target }}/debug/chezmoi_modify_manager${{ matrix.debug-suffix }} chezmoi_modify_manager/
tar cf chezmoi_modify_manager.tar chezmoi_modify_manager
zstd -T0 -6 chezmoi_modify_manager.tar
- uses: actions/upload-artifact@v4
if: matrix.rust == 'stable' && matrix.target != 'x86_64-pc-windows-gnu'
with:
name: chezmoi_modify_manager_${{ matrix.target }}.zst
path: chezmoi_modify_manager.tar.zst
retention-days: 7
- name: Clean up temporary items
if: matrix.os != 'windows-latest'
# I cannot get this cleanup to work on Windows. The cache just gets to include uneeded things
run: |-
rm -rf chezmoi_modify_manager chezmoi_modify_manager.tar chezmoi_modify_manager.tar.zst