build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 #255
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: wadge | |
on: | |
merge_group: | |
pull_request: | |
push: | |
branches: | |
- main | |
tags: | |
- 'crates/wadge-passthrough/v[0-9].[0-9]+.[0-9]+' | |
- 'crates/wadge-passthrough/v[0-9].[0-9]+.[0-9]+-*' | |
- 'crates/wadge-sys/v[0-9].[0-9]+.[0-9]+' | |
- 'crates/wadge-sys/v[0-9].[0-9]+.[0-9]+-*' | |
- 'crates/wadge/v[0-9].[0-9]+.[0-9]+' | |
- 'crates/wadge/v[0-9].[0-9]+.[0-9]+-*' | |
- 'v[0-9].[0-9]+.[0-9]+' | |
- 'v[0-9].[0-9]+.[0-9]+-*' | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-ffi: | |
strategy: | |
matrix: | |
target: | |
- aarch64-linux-android | |
- aarch64-unknown-linux-musl | |
- riscv64gc-unknown-linux-gnu | |
- x86_64-pc-windows-gnu | |
- x86_64-unknown-linux-musl | |
# TODO: figure out what's different in Mac libraries built this way | |
#- aarch64-apple-darwin | |
#- x86_64-apple-darwin | |
name: wadge-${{ matrix.target }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/install-nix | |
with: | |
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- uses: ./.github/actions/build-nix | |
with: | |
package: wadge-${{ matrix.target }} | |
build-ffi-darwin: | |
strategy: | |
matrix: | |
config: | |
- os: macos-13 | |
target: x86_64-apple-darwin | |
sdk: 10.12 | |
- os: macos-14 | |
target: aarch64-apple-darwin | |
sdk: 11.0 | |
name: wadge-${{ matrix.config.target }} | |
runs-on: ${{ matrix.config.os }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- run: rustup show | |
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 | |
- run: cargo build -p wadge-sys --release --target ${{ matrix.config.target }} | |
env: | |
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.config.sdk }} | |
- run: mkdir -p artifact/lib | |
- run: mv target/${{ matrix.config.target }}/release/libwadge_sys.a artifact/lib/libwadge_sys.a | |
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: wadge-${{ matrix.config.target }} | |
path: artifact | |
build-wasm: | |
name: passthrough.wasm | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/install-nix | |
with: | |
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- run: nix profile install --inputs-from . '.#rust' 'nixpkgs#wasm-tools' | |
- run: cargo build -p wadge-passthrough --target wasm32-unknown-unknown --release | |
- run: wasm-tools component new target/wasm32-unknown-unknown/release/wadge_passthrough.wasm -o lib/passthrough.wasm | |
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: passthrough | |
path: lib/passthrough.wasm | |
test-release: | |
strategy: | |
matrix: | |
config: | |
- os: ubuntu-latest | |
lib: x86_64-linux | |
target: x86_64-unknown-linux-musl | |
shell: bash | |
- os: windows-latest | |
lib: x86_64-windows | |
target: x86_64-pc-windows-gnu | |
shell: msys2 | |
- os: macos-13 | |
lib: x86_64-darwin | |
target: x86_64-apple-darwin | |
shell: bash | |
- os: macos-14 | |
lib: aarch64-darwin | |
target: aarch64-apple-darwin | |
shell: bash | |
name: test-release (${{ matrix.config.os }}) | |
if: ${{ !startsWith(github.ref, 'refs/tags/crates/') }} | |
needs: | |
- build-ffi | |
- build-ffi-darwin | |
- build-wasm | |
runs-on: ${{ matrix.config.os }} | |
defaults: | |
run: | |
shell: ${{ matrix.config.shell }} {0} | |
steps: | |
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2.26.0 | |
if: matrix.config.os == 'windows-latest' | |
with: | |
update: true | |
install: mingw-w64-x86_64-toolchain | |
msystem: MINGW64 | |
path-type: inherit | |
- run: git config --global core.autocrlf input | |
if: matrix.config.os == 'windows-latest' | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: passthrough | |
path: lib | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: wadge-${{ matrix.config.target }} | |
- run: mv lib/libwadge_sys.a "lib/${{ matrix.config.lib }}/libwadge.a" | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
- run: rustup show | |
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 | |
- run: cargo install [email protected] | |
- run: go generate ./tests/go/... ./examples/go/... | |
- run: go test -failfast ./... | |
env: | |
GOGC: 1 | |
WADGE_LOG: trace | |
- run: git diff --exit-code | |
continue-on-error: true # TODO: reenable once `wit-bindgen-go` output is deterministic again | |
test-dev: | |
strategy: | |
matrix: | |
config: | |
- os: ubuntu-latest | |
shell: bash | |
- os: windows-latest | |
shell: msys2 | |
- os: macos-13 | |
shell: bash | |
- os: macos-14 | |
shell: bash | |
name: test-dev (${{ matrix.config.os }}) | |
if: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
runs-on: ${{ matrix.config.os }} | |
defaults: | |
run: | |
shell: ${{ matrix.config.shell }} {0} | |
steps: | |
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2.26.0 | |
if: matrix.config.os == 'windows-latest' | |
with: | |
update: true | |
install: mingw-w64-x86_64-toolchain | |
msystem: MINGW64 | |
path-type: inherit | |
- run: git config --global core.autocrlf input | |
if: matrix.config.os == 'windows-latest' | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
- run: rustup set default-host x86_64-pc-windows-gnu | |
if: matrix.config.os == 'windows-latest' | |
- run: rustup show | |
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 | |
- run: cargo install [email protected] | |
- run: cargo test --workspace --all-targets | |
- run: go generate -tags=dev ./... | |
- run: go test -failfast -tags=dev ./... | |
env: | |
GOGC: 1 | |
WADGE_LOG: trace | |
- run: git diff --exit-code | |
continue-on-error: true # TODO: reenable once `wit-bindgen-go` output is deterministic again | |
gofmt: | |
if: ${{ !startsWith(github.ref, 'refs/tags/crates/') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version-file: go.mod | |
- run: gofmt -w -s **/*.go | |
- run: git diff --exit-code | |
cargo: | |
strategy: | |
matrix: | |
check: | |
- audit | |
- fmt | |
- nextest | |
- clippy | |
name: cargo ${{ matrix.check }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/install-nix | |
with: | |
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- run: go work vendor -e -v | |
if: ${{ matrix.check }} == "nextest" | |
- run: git add . | |
if: ${{ matrix.check }} == "nextest" | |
- run: nix build -L .#checks.x86_64-linux.${{ matrix.check }} | |
crates: | |
strategy: | |
matrix: | |
include: | |
- crate: wadge | |
workspace-dependencies: false | |
- crate: wadge-passthrough | |
workspace-dependencies: false | |
- crate: wadge-sys | |
workspace-dependencies: true | |
name: publish ${{ matrix.crate }} to crates.io | |
needs: | |
- build-ffi | |
- build-ffi-darwin | |
- build-wasm | |
- cargo | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Extract tag context | |
id: ctx | |
run: | | |
version=${GITHUB_REF_NAME#crates/${{ matrix.crate }}/v} | |
echo "version=${version}" >> "$GITHUB_OUTPUT" | |
echo "version is ${version}" | |
if [[ $version == *"-"* ]]; then | |
echo "version ${version} is a pre-release" | |
echo "prerelease=true" >> "$GITHUB_OUTPUT" | |
fi | |
- name: dry-run publish ${{ matrix.crate }} to crates.io | |
if: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
continue-on-error: ${{ matrix.workspace-dependencies }} # publish may fail due to workspace crates not being published yet | |
run: cargo publish --dry-run | |
working-directory: ./crates/${{ matrix.crate }} | |
- name: publish ${{ matrix.crate }} to crates.io | |
if: startsWith(github.ref, format('refs/tags/crates/{0}/v', matrix.crate)) && !steps.ctx.outputs.prerelease | |
continue-on-error: ${{ github.repository_owner != 'wasmCloud' }} | |
run: | | |
pkgver=$(cargo pkgid | cut -d '#' -f 2) | |
tagver="${{ steps.ctx.outputs.version }}" | |
if ! [ "$pkgver" = "$tagver" ]; then | |
echo "version mismatch, $pkgver (package) != $tagver (tag)" | |
exit 1 | |
fi | |
cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
working-directory: ./crates/${{ matrix.crate }} | |
build-doc: | |
if: ${{ !startsWith(github.ref, 'refs/tags/crates/') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/install-nix | |
with: | |
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- run: nix build -L .#checks.x86_64-linux.doc | |
- run: cp --no-preserve=mode -R ./result/share/doc ./doc | |
- run: rm -f doc/.lock | |
- name: Create `.nojekyll` | |
run: touch doc/.nojekyll | |
- name: Write `index.html` | |
run: | | |
cat <<EOF > doc/index.html | |
<!DOCTYPE html> | |
<meta charset="utf-8"> | |
<title>Redirecting to wadge/index.html</title> | |
<meta http-equiv="refresh" content="0; URL=wadge/index.html"> | |
<link rel="canonical" href="https://${{ github.repository_owner }}.github.io/wadge/wadge/index.html"> | |
EOF | |
- uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 | |
with: | |
path: doc | |
deploy-doc: | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: build-doc | |
permissions: | |
pages: write | |
id-token: write | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 | |
id: deployment | |
release: | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- test-release | |
- cargo | |
- crates | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Extract tag context | |
id: ctx | |
run: | | |
version=${GITHUB_REF_NAME#v} | |
echo "version=${version}" >> "$GITHUB_OUTPUT" | |
echo "version is ${version}" | |
if [[ $version == *"-"* ]]; then | |
echo "version ${version} is a pre-release" | |
echo "prerelease=true" >> "$GITHUB_OUTPUT" | |
fi | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: artifacts | |
- run: | | |
mkdir -p ./libwadge | |
for dir in ./artifacts/wadge-*; do | |
target=${dir#./artifacts/wadge-} | |
mv ${dir}/lib/libwadge_sys.a ./libwadge/libwadge-${target}.a | |
done | |
- uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 | |
with: | |
draft: true | |
prerelease: true | |
generate_release_notes: true | |
files: | | |
./libwadge/* | |