ci #287
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 0 * * 2' | |
## We specify a concurrency group with automated cancellation. This means that | |
## other pushes on the same `github.ref` (eg. other pushes to the same pull | |
## request) cancel previous occurrences of the CI. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
## Our CI consists in two kind of jobs: the `docker-based` ones and the | |
## `github-hosted` ones. Both come with their upsides and downsides. | |
## | |
## - `docker-based` jobs rely on the `ocaml/opam` Docker images [1]. These come | |
## with a variety of tags allowing to selected between various versions of | |
## OCaml and, more importantly for us, between various OSs (several Linux | |
## distributions as well as some Windows images). However, OPAM's sandboxing | |
## mechanism, based on `bubblewrap` [2], does not behave well in Docker and it | |
## is unavailable in those images [3]. | |
## | |
## - `github-hosted` jobs rely on the default GitHub Actions runners and the | |
## `ocaml/setup-ocaml` action [4]. This offers more limited OSes (limited to | |
## Ubuntu, Windows and macOS) but it is compatible with OPAM's sandboxing | |
## mechanism. | |
## | |
## We need to test that our package behaves well with the OPAM sandboxing | |
## because Cargo does use network to build by default, which will not be | |
## available in the sandbox, and which we therefore need to catch in CI. | |
## Therefore, we need to include these `github-hosted` jobs. | |
## | |
## However, we also want to test that our package installs fine on a variety of | |
## distributions because it depends heavily on detecting external dependencies | |
## (namely Cargo and Rustc) and installing them correctly. Therefore, we also | |
## need to include these `docker-based` jobs. | |
## | |
## [1]: https://hub.docker.com/r/ocaml/opam | |
## [2]: https://github.com/containers/bubblewrap | |
## [3]: https://github.com/ocurrent/docker-base-images/issues/229 | |
## [4]: https://github.com/ocaml/setup-ocaml | |
jobs: | |
github-hosted: | |
name: github-hosted | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- {os: ubuntu} | |
- {os: macos} | |
runs-on: ${{ matrix.os }}-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
## Set up OCaml, pin Topiay and install its system dependencies. | |
- name: Set-up OCaml 4.14 | |
uses: ocaml/setup-ocaml@v3 | |
with: | |
ocaml-compiler: 4.14.x | |
opam-pin: true ## this is the default; set here explicitly | |
opam-depext: true ## this is the default; set here explicitly | |
- name: Install Topiary | |
id: install-topiary | |
## `continue-on-error` will make this step succeed no matter what. The | |
## next step will then handle the outcome of this step manually. This is | |
## what allows us to emulate an expected CI failure. | |
continue-on-error: true | |
run: | | |
## Install Topiary then report where it is and in which version. | |
echo '::group::Install Topiary' | |
opam install topiary | |
echo '::endgroup::' | |
echo '::group::Where is Topiary and in which version?' | |
printf 'Topiary is: ' | |
opam exec -- sh -c 'command -v topiary' | |
printf 'in version: ' | |
opam exec -- sh -c 'topiary --version' | |
echo '::endgroup::' | |
- name: Check the outcome of the build | |
uses: ./.github/actions/expected-failure | |
with: | |
step-outcome: ${{ steps.install-topiary.outcome }} | |
expected-failure: ${{ matrix.ef }} | |
- name: Run tests | |
if: steps.install-topiary.outcome == 'success' | |
uses: ./.github/actions/run-tests | |
with: | |
topiary: opam exec -- topiary | |
samples: topiary/topiary-cli/tests/samples | |
docker-based: | |
name: docker-based | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- {tag: alpine} | |
- {tag: archlinux} | |
- {tag: centos, ef: expected-failure} | |
- {tag: debian, ef: expected-failure} | |
- {tag: debian-testing} | |
- {tag: debian-unstable} | |
- {tag: fedora} | |
- {tag: oraclelinux} | |
- {tag: opensuse} | |
- {tag: opensuse-tumbleweed} | |
- {tag: ubuntu} | |
- {tag: ubuntu-lts} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build Docker image (see next step for failure) | |
id: build-docker-image | |
## `continue-on-error` will make this step succeed no matter what. The | |
## next step will then handle the outcome of this step manually. This is | |
## what allows us to emulate an expected CI failure. | |
continue-on-error: true | |
run: | | |
docker build \ | |
. \ | |
--tag topiary \ | |
--file .github/workflows/ci.dockerfile \ | |
--build-arg tag=${{matrix.tag}} | |
- name: Check the outcome of the build | |
uses: ./.github/actions/expected-failure | |
with: | |
step-outcome: ${{ steps.build-docker-image.outcome }} | |
expected-failure: ${{ matrix.ef }} | |
- name: Run tests | |
if: steps.build-docker-image.outcome == 'success' | |
uses: ./.github/actions/run-tests | |
with: | |
topiary: docker run --interactive topiary | |
samples: topiary/topiary-cli/tests/samples | |
flake-checks: | |
name: flake-checks | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository code. | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@v30 | |
with: | |
extra_nix_config: | | |
## Access token to avoid triggering GitHub's rate limiting. | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Run flake checks | |
run: nix flake check --print-build-logs |