chore(deps): lock file maintenance #623
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| permissions: {} | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| setup_release: | |
| name: Setup Release | |
| outputs: | |
| publish_release: ${{ steps.setup_release.outputs.publish_release }} | |
| release_body: ${{ steps.setup_release.outputs.release_body }} | |
| release_commit: ${{ steps.setup_release.outputs.release_commit }} | |
| release_generate_release_notes: ${{ steps.setup_release.outputs.release_generate_release_notes }} | |
| release_tag: ${{ steps.setup_release.outputs.release_tag }} | |
| release_version: ${{ steps.setup_release.outputs.release_version }} | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Release | |
| id: setup_release | |
| uses: LizardByte/actions/actions/release_setup@200eaeb897a2b065a65cb6f16b41077432007490 # v2026.605.34721 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| dependency_policy: | |
| name: Dependency Policy | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@46268bd060767258de96ed93c1251119784f2ab6 # v1.16.1 | |
| with: | |
| cache: true | |
| cache-on-failure: false | |
| - name: Install Cargo tools | |
| run: | | |
| cargo_run_bin_version="$( | |
| cargo metadata --locked --no-deps --format-version 1 \ | |
| | sed -n 's/.*"cargo-run-bin"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' | |
| )" | |
| if [[ -z "${cargo_run_bin_version}" ]]; then | |
| echo "Failed to parse cargo-run-bin version from cargo metadata" >&2 | |
| exit 1 | |
| fi | |
| cargo install --locked cargo-run-bin --version "${cargo_run_bin_version}" | |
| cargo bin cargo-deny --version | |
| - name: Check licenses | |
| run: cargo bin cargo-deny check licenses | |
| clippy: | |
| name: Clippy | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-clippy.yml | |
| rust: | |
| name: Rust | |
| needs: setup_release | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-rust.yml | |
| with: | |
| release_version: ${{ needs.setup_release.outputs.release_version }} | |
| build_windows_installer: | |
| name: Build Windows Installer | |
| needs: | |
| - setup_release | |
| - rust | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-windows-installer.yml | |
| with: | |
| azure_signing_account: ${{ vars.AZURE_SIGNING_ACCOUNT }} | |
| azure_signing_cert_profile: ${{ vars.AZURE_SIGNING_CERT_PROFILE }} | |
| azure_signing_endpoint: ${{ vars.AZURE_SIGNING_ENDPOINT }} | |
| publish_release: ${{ needs.setup_release.outputs.publish_release == 'true' }} | |
| release_version: ${{ needs.setup_release.outputs.release_version }} | |
| secrets: | |
| AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| build_macos_dmg: | |
| name: Build macOS DMG | |
| needs: | |
| - setup_release | |
| - rust | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-macos-dmg.yml | |
| with: | |
| publish_release: ${{ needs.setup_release.outputs.publish_release }} | |
| release_version: ${{ needs.setup_release.outputs.release_version }} | |
| secrets: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_NOTARYTOOL_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }} | |
| APPLE_CODESIGN_IDENTITY: ${{ secrets.APPLE_CODESIGN_IDENTITY }} | |
| APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_BASE64: >- | |
| ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_BASE64 }} | |
| APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_P12_PASSWORD: >- | |
| ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_P12_PASSWORD }} | |
| build_flatpak: | |
| name: Build Flatpak | |
| needs: setup_release | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-flatpak.yml | |
| with: | |
| release_commit: ${{ needs.setup_release.outputs.release_commit }} | |
| release_version: ${{ needs.setup_release.outputs.release_version }} | |
| coverage: | |
| name: Coverage | |
| if: >- | |
| always() && | |
| !cancelled() && | |
| startsWith(github.repository, 'LizardByte/') | |
| needs: rust | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-coverage.yml | |
| secrets: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| release: | |
| name: Release | |
| if: >- | |
| needs.setup_release.outputs.publish_release == 'true' && | |
| startsWith(github.repository, 'LizardByte/') | |
| needs: | |
| - setup_release | |
| - clippy | |
| - rust | |
| - build_windows_installer | |
| - build_macos_dmg | |
| - build_flatpak | |
| permissions: | |
| contents: read | |
| uses: ./.github/workflows/ci-release.yml | |
| with: | |
| release_body: ${{ needs.setup_release.outputs.release_body }} | |
| release_generate_release_notes: ${{ needs.setup_release.outputs.release_generate_release_notes }} | |
| release_tag: ${{ needs.setup_release.outputs.release_tag }} | |
| secrets: | |
| GH_BOT_TOKEN: ${{ secrets.GH_BOT_TOKEN }} |