Skip to content

build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 #255

build(deps): bump github/codeql-action from 3.27.9 to 3.28.0

build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 #255

Workflow file for this run

name: wadge
on:
merge_group:
pull_request:
push:
branches:
- main
tags:
- 'crates/wadge-passthrough/v[0-9].[0-9]+.[0-9]+'
- 'crates/wadge-passthrough/v[0-9].[0-9]+.[0-9]+-*'
- 'crates/wadge-sys/v[0-9].[0-9]+.[0-9]+'
- 'crates/wadge-sys/v[0-9].[0-9]+.[0-9]+-*'
- 'crates/wadge/v[0-9].[0-9]+.[0-9]+'
- 'crates/wadge/v[0-9].[0-9]+.[0-9]+-*'
- 'v[0-9].[0-9]+.[0-9]+'
- 'v[0-9].[0-9]+.[0-9]+-*'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-ffi:
strategy:
matrix:
target:
- aarch64-linux-android
- aarch64-unknown-linux-musl
- riscv64gc-unknown-linux-gnu
- x86_64-pc-windows-gnu
- x86_64-unknown-linux-musl
# TODO: figure out what's different in Mac libraries built this way
#- aarch64-apple-darwin
#- x86_64-apple-darwin
name: wadge-${{ matrix.target }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-nix
with:
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- uses: ./.github/actions/build-nix
with:
package: wadge-${{ matrix.target }}
build-ffi-darwin:
strategy:
matrix:
config:
- os: macos-13
target: x86_64-apple-darwin
sdk: 10.12
- os: macos-14
target: aarch64-apple-darwin
sdk: 11.0
name: wadge-${{ matrix.config.target }}
runs-on: ${{ matrix.config.os }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: rustup show
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
- run: cargo build -p wadge-sys --release --target ${{ matrix.config.target }}
env:
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.config.sdk }}
- run: mkdir -p artifact/lib
- run: mv target/${{ matrix.config.target }}/release/libwadge_sys.a artifact/lib/libwadge_sys.a
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: wadge-${{ matrix.config.target }}
path: artifact
build-wasm:
name: passthrough.wasm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-nix
with:
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix profile install --inputs-from . '.#rust' 'nixpkgs#wasm-tools'
- run: cargo build -p wadge-passthrough --target wasm32-unknown-unknown --release
- run: wasm-tools component new target/wasm32-unknown-unknown/release/wadge_passthrough.wasm -o lib/passthrough.wasm
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: passthrough
path: lib/passthrough.wasm
test-release:
strategy:
matrix:
config:
- os: ubuntu-latest
lib: x86_64-linux
target: x86_64-unknown-linux-musl
shell: bash
- os: windows-latest
lib: x86_64-windows
target: x86_64-pc-windows-gnu
shell: msys2
- os: macos-13
lib: x86_64-darwin
target: x86_64-apple-darwin
shell: bash
- os: macos-14
lib: aarch64-darwin
target: aarch64-apple-darwin
shell: bash
name: test-release (${{ matrix.config.os }})
if: ${{ !startsWith(github.ref, 'refs/tags/crates/') }}
needs:
- build-ffi
- build-ffi-darwin
- build-wasm
runs-on: ${{ matrix.config.os }}
defaults:
run:
shell: ${{ matrix.config.shell }} {0}
steps:
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2.26.0
if: matrix.config.os == 'windows-latest'
with:
update: true
install: mingw-w64-x86_64-toolchain
msystem: MINGW64
path-type: inherit
- run: git config --global core.autocrlf input
if: matrix.config.os == 'windows-latest'
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: passthrough
path: lib
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: wadge-${{ matrix.config.target }}
- run: mv lib/libwadge_sys.a "lib/${{ matrix.config.lib }}/libwadge.a"
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
- run: rustup show
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
- run: cargo install [email protected]
- run: go generate ./tests/go/... ./examples/go/...
- run: go test -failfast ./...
env:
GOGC: 1
WADGE_LOG: trace
- run: git diff --exit-code
continue-on-error: true # TODO: reenable once `wit-bindgen-go` output is deterministic again
test-dev:
strategy:
matrix:
config:
- os: ubuntu-latest
shell: bash
- os: windows-latest
shell: msys2
- os: macos-13
shell: bash
- os: macos-14
shell: bash
name: test-dev (${{ matrix.config.os }})
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
runs-on: ${{ matrix.config.os }}
defaults:
run:
shell: ${{ matrix.config.shell }} {0}
steps:
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2.26.0
if: matrix.config.os == 'windows-latest'
with:
update: true
install: mingw-w64-x86_64-toolchain
msystem: MINGW64
path-type: inherit
- run: git config --global core.autocrlf input
if: matrix.config.os == 'windows-latest'
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
- run: rustup set default-host x86_64-pc-windows-gnu
if: matrix.config.os == 'windows-latest'
- run: rustup show
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
- run: cargo install [email protected]
- run: cargo test --workspace --all-targets
- run: go generate -tags=dev ./...
- run: go test -failfast -tags=dev ./...
env:
GOGC: 1
WADGE_LOG: trace
- run: git diff --exit-code
continue-on-error: true # TODO: reenable once `wit-bindgen-go` output is deterministic again
gofmt:
if: ${{ !startsWith(github.ref, 'refs/tags/crates/') }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
- run: gofmt -w -s **/*.go
- run: git diff --exit-code
cargo:
strategy:
matrix:
check:
- audit
- fmt
- nextest
- clippy
name: cargo ${{ matrix.check }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-nix
with:
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: go work vendor -e -v
if: ${{ matrix.check }} == "nextest"
- run: git add .
if: ${{ matrix.check }} == "nextest"
- run: nix build -L .#checks.x86_64-linux.${{ matrix.check }}
crates:
strategy:
matrix:
include:
- crate: wadge
workspace-dependencies: false
- crate: wadge-passthrough
workspace-dependencies: false
- crate: wadge-sys
workspace-dependencies: true
name: publish ${{ matrix.crate }} to crates.io
needs:
- build-ffi
- build-ffi-darwin
- build-wasm
- cargo
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Extract tag context
id: ctx
run: |
version=${GITHUB_REF_NAME#crates/${{ matrix.crate }}/v}
echo "version=${version}" >> "$GITHUB_OUTPUT"
echo "version is ${version}"
if [[ $version == *"-"* ]]; then
echo "version ${version} is a pre-release"
echo "prerelease=true" >> "$GITHUB_OUTPUT"
fi
- name: dry-run publish ${{ matrix.crate }} to crates.io
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
continue-on-error: ${{ matrix.workspace-dependencies }} # publish may fail due to workspace crates not being published yet
run: cargo publish --dry-run
working-directory: ./crates/${{ matrix.crate }}
- name: publish ${{ matrix.crate }} to crates.io
if: startsWith(github.ref, format('refs/tags/crates/{0}/v', matrix.crate)) && !steps.ctx.outputs.prerelease
continue-on-error: ${{ github.repository_owner != 'wasmCloud' }}
run: |
pkgver=$(cargo pkgid | cut -d '#' -f 2)
tagver="${{ steps.ctx.outputs.version }}"
if ! [ "$pkgver" = "$tagver" ]; then
echo "version mismatch, $pkgver (package) != $tagver (tag)"
exit 1
fi
cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
working-directory: ./crates/${{ matrix.crate }}
build-doc:
if: ${{ !startsWith(github.ref, 'refs/tags/crates/') }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-nix
with:
cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix build -L .#checks.x86_64-linux.doc
- run: cp --no-preserve=mode -R ./result/share/doc ./doc
- run: rm -f doc/.lock
- name: Create `.nojekyll`
run: touch doc/.nojekyll
- name: Write `index.html`
run: |
cat <<EOF > doc/index.html
<!DOCTYPE html>
<meta charset="utf-8">
<title>Redirecting to wadge/index.html</title>
<meta http-equiv="refresh" content="0; URL=wadge/index.html">
<link rel="canonical" href="https://${{ github.repository_owner }}.github.io/wadge/wadge/index.html">
EOF
- uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
path: doc
deploy-doc:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: build-doc
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
id: deployment
release:
if: startsWith(github.ref, 'refs/tags/v')
needs:
- test-release
- cargo
- crates
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Extract tag context
id: ctx
run: |
version=${GITHUB_REF_NAME#v}
echo "version=${version}" >> "$GITHUB_OUTPUT"
echo "version is ${version}"
if [[ $version == *"-"* ]]; then
echo "version ${version} is a pre-release"
echo "prerelease=true" >> "$GITHUB_OUTPUT"
fi
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: artifacts
- run: |
mkdir -p ./libwadge
for dir in ./artifacts/wadge-*; do
target=${dir#./artifacts/wadge-}
mv ${dir}/lib/libwadge_sys.a ./libwadge/libwadge-${target}.a
done
- uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
with:
draft: true
prerelease: true
generate_release_notes: true
files: |
./libwadge/*