333803ed04
Our existing path filters for `rust-ci.yml`:
235987843c/.github/workflows/rust-ci.yml (L1-L11)
made it so that PRs that touch only `README.md` would not trigger those
builds, which is a problem because our branch protection rules are set
as follows:
<img width="1569" height="1883" alt="Screenshot 2025-08-14 at 4 45
59 PM"
src="https://github.com/user-attachments/assets/5a61f8cc-cdaf-4341-abda-7faa7b46dbd4"
/>
With the existing setup, a change to `README.md` would get stuck in
limbo because not all the CI jobs required to merge would get run. It
turns out that we need to "run" all the jobs, but make them no-ops when
the `codex-rs` and `.github` folders are untouched to get the best of
both worlds.
I asked chat how to fix this, as we want CI to be fast for
documentation-only changes. It had two suggestions:
- Use https://github.com/dorny/paths-filter or some other third-party
action.
- Write an inline Bash script to avoid a third-party dependency.
This PR takes the latter approach so that we are clear about what we're
running in CI.
169 lines
5.9 KiB
YAML
169 lines
5.9 KiB
YAML
name: rust-ci
|
|
on:
|
|
pull_request: {}
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
# CI builds in debug (dev) for faster signal.
|
|
|
|
jobs:
|
|
# --- Detect what changed (always runs) -------------------------------------
|
|
changed:
|
|
name: Detect changed areas
|
|
runs-on: ubuntu-24.04
|
|
outputs:
|
|
codex: ${{ steps.detect.outputs.codex }}
|
|
workflows: ${{ steps.detect.outputs.workflows }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Detect changed paths (no external action)
|
|
id: detect
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
|
|
BASE_SHA='${{ github.event.pull_request.base.sha }}'
|
|
echo "Base SHA: $BASE_SHA"
|
|
# List files changed between base and current HEAD (merge-base aware)
|
|
mapfile -t files < <(git diff --name-only --no-renames "$BASE_SHA"...HEAD)
|
|
else
|
|
# On push / manual runs, default to running everything
|
|
files=("codex-rs/force" ".github/force")
|
|
fi
|
|
|
|
codex=false
|
|
workflows=false
|
|
for f in "${files[@]}"; do
|
|
[[ $f == codex-rs/* ]] && codex=true
|
|
[[ $f == .github/* ]] && workflows=true
|
|
done
|
|
|
|
echo "codex=$codex" >> "$GITHUB_OUTPUT"
|
|
echo "workflows=$workflows" >> "$GITHUB_OUTPUT"
|
|
|
|
# --- CI that doesn't need specific targets ---------------------------------
|
|
general:
|
|
name: Format / etc
|
|
runs-on: ubuntu-24.04
|
|
needs: changed
|
|
if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
|
|
defaults:
|
|
run:
|
|
working-directory: codex-rs
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@1.88
|
|
with:
|
|
components: rustfmt
|
|
- name: cargo fmt
|
|
run: cargo fmt -- --config imports_granularity=Item --check
|
|
|
|
# --- CI to validate on different os/targets --------------------------------
|
|
lint_build_test:
|
|
name: ${{ matrix.runner }} - ${{ matrix.target }}${{ matrix.profile == 'release' && ' (release)' || '' }}
|
|
runs-on: ${{ matrix.runner }}
|
|
timeout-minutes: 30
|
|
needs: changed
|
|
if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
|
|
defaults:
|
|
run:
|
|
working-directory: codex-rs
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: macos-14
|
|
target: aarch64-apple-darwin
|
|
profile: dev
|
|
- runner: macos-14
|
|
target: x86_64-apple-darwin
|
|
profile: dev
|
|
- runner: ubuntu-24.04
|
|
target: x86_64-unknown-linux-musl
|
|
profile: dev
|
|
- runner: ubuntu-24.04
|
|
target: x86_64-unknown-linux-gnu
|
|
profile: dev
|
|
- runner: ubuntu-24.04-arm
|
|
target: aarch64-unknown-linux-musl
|
|
profile: dev
|
|
- runner: ubuntu-24.04-arm
|
|
target: aarch64-unknown-linux-gnu
|
|
profile: dev
|
|
- runner: windows-latest
|
|
target: x86_64-pc-windows-msvc
|
|
profile: dev
|
|
|
|
# Also run representative release builds on Mac and Linux because
|
|
# there could be release-only build errors we want to catch.
|
|
- runner: macos-14
|
|
target: aarch64-apple-darwin
|
|
profile: release
|
|
- runner: ubuntu-24.04
|
|
target: x86_64-unknown-linux-musl
|
|
profile: release
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@1.88
|
|
with:
|
|
targets: ${{ matrix.target }}
|
|
components: clippy
|
|
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/git/db/
|
|
${{ github.workspace }}/codex-rs/target/
|
|
key: cargo-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
|
|
name: Install musl build tools
|
|
run: |
|
|
sudo apt install -y musl-tools pkg-config
|
|
|
|
- name: cargo clippy
|
|
id: clippy
|
|
run: cargo clippy --target ${{ matrix.target }} --all-features --tests -- -D warnings
|
|
|
|
# Running `cargo build` from the workspace root builds the workspace using
|
|
# the union of all features from third-party crates. This can mask errors
|
|
# where individual crates have underspecified features. To avoid this, we
|
|
# run `cargo build` for each crate individually, though because this is
|
|
# slower, we only do this for the x86_64-unknown-linux-gnu target.
|
|
- name: cargo build individual crates
|
|
id: build
|
|
if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' && matrix.profile != 'release' }}
|
|
continue-on-error: true
|
|
run: |
|
|
find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
|
|
| xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo build --profile ${{ matrix.profile }}'
|
|
|
|
- name: cargo test
|
|
id: test
|
|
# `cargo test` takes too long for release builds to run them on every PR
|
|
if: ${{ matrix.profile != 'release' }}
|
|
continue-on-error: true
|
|
run: cargo test --all-features --target ${{ matrix.target }} --profile ${{ matrix.profile }}
|
|
env:
|
|
RUST_BACKTRACE: 1
|
|
|
|
# Fail the job if any of the previous steps failed.
|
|
- name: verify all steps passed
|
|
if: |
|
|
steps.clippy.outcome == 'failure' ||
|
|
steps.build.outcome == 'failure' ||
|
|
steps.test.outcome == 'failure'
|
|
run: |
|
|
echo "One or more checks failed (clippy, build, or test). See logs for details."
|
|
exit 1
|