Skip to content

Commit 621c57e

Browse files
committed
💚 Improve CI
1 parent 4a74795 commit 621c57e

29 files changed

+665
-204
lines changed

.github/workflows/codeql-analysis.yml

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
# For most projects, this workflow file will not need changing; you simply need
2+
# to commit it to your repository.
3+
#
4+
# You may wish to alter this file to override the set of languages analyzed,
5+
# or to provide custom queries or build logic.
6+
#
7+
# ******** NOTE ********
8+
# We have attempted to detect the languages in your repository. Please check
9+
# the `language` matrix defined below to confirm you have the correct set of
10+
# supported CodeQL languages.
11+
#
12+
name: "CodeQL"
13+
14+
on:
15+
push:
16+
branches: [ main, "*-stable" ]
17+
pull_request:
18+
# The branches below must be a subset of the branches above
19+
branches: [ main, "*-stable" ]
20+
schedule:
21+
- cron: '35 1 * * 5'
22+
23+
jobs:
24+
analyze:
25+
name: Analyze
26+
runs-on: ubuntu-latest
27+
permissions:
28+
actions: read
29+
contents: read
30+
security-events: write
31+
32+
strategy:
33+
fail-fast: false
34+
matrix:
35+
language: [ 'ruby' ]
36+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
37+
# Learn more about CodeQL language support at https://git.io/codeql-language-support
38+
39+
steps:
40+
- name: Checkout repository
41+
uses: actions/checkout@v4
42+
43+
# Initializes the CodeQL tools for scanning.
44+
- name: Initialize CodeQL
45+
uses: github/codeql-action/init@v3
46+
with:
47+
languages: ${{ matrix.language }}
48+
# If you wish to specify custom queries, you can do so here or in a config file.
49+
# By default, queries listed here will override any specified in a config file.
50+
# Prefix the list here with "+" to use these queries and those in the config file.
51+
# queries: ./path/to/local/query, your-org/your-repo/queries@main
52+
53+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
54+
# If this step fails, then you should remove it and run the build manually (see below)
55+
- name: Autobuild
56+
uses: github/codeql-action/autobuild@v3
57+
58+
# ℹ️ Command-line programs to run using the OS shell.
59+
# 📚 https://git.io/JvXDl
60+
61+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
62+
# and modify them (or add more) to build your code if your project
63+
# uses a compiled language
64+
65+
#- run: |
66+
# make bootstrap
67+
# make release
68+
69+
- name: Perform CodeQL Analysis
70+
uses: github/codeql-action/analyze@v3

.github/workflows/coverage.yml

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,13 @@ env:
1717
on:
1818
push:
1919
branches:
20-
- 'main'
21-
- '*-stable'
20+
- "main"
21+
- "*-stable"
2222
tags:
23-
- '!*' # Do not execute on tags
23+
- "!*" # Do not execute on tags
2424
pull_request:
2525
branches:
26-
- '*'
26+
- "*"
2727
# Allow manually triggering the workflow.
2828
workflow_dispatch:
2929

@@ -36,18 +36,18 @@ concurrency:
3636
jobs:
3737
coverage:
3838
name: Code Coverage on ${{ matrix.ruby }}@current
39-
if: ${{!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')}}
39+
if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
4040
runs-on: ubuntu-latest
4141
continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
42-
env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
42+
env: # $BUNDLE_GEMFILE - set at job level, so applies to all steps
4343
BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
4444
strategy:
4545
fail-fast: false
4646
matrix:
4747
include:
4848
# Coverage
4949
- ruby: "ruby"
50-
appraisal: "coverage"
50+
appraisal_name: "coverage"
5151
exec_cmd: "rake test"
5252
gemfile: "Appraisal.root"
5353
rubygems: latest
@@ -68,12 +68,12 @@ jobs:
6868
# Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
6969
# We need to do this first to get appraisal installed.
7070
# NOTE: This does not use the primary Gemfile at all.
71-
# - name: Install Root Appraisal
72-
# run: bundle
73-
- name: Appraisal for ${{ matrix.appraisal }}
74-
run: bundle exec appraisal ${{ matrix.appraisal }} bundle
75-
- name: Tests for ${{ matrix.ruby }}@current via ${{ matrix.exec_cmd }}
76-
run: bundle exec appraisal ${{ matrix.appraisal }} bundle exec ${{ matrix.exec_cmd }}
71+
- name: Install Root Appraisal
72+
run: bundle
73+
- name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
74+
run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle
75+
- name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
76+
run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }}
7777

7878
# Do SaaS coverage uploads first
7979
- name: Upload coverage to Coveralls
@@ -91,6 +91,15 @@ jobs:
9191
files: coverage/.resultset.json
9292
continue-on-error: ${{ matrix.experimental != 'false' }}
9393

94+
# Build will fail here if coverage upload fails
95+
# which will hopefully be noticed for the lack of code coverage comments
96+
- name: Upload coverage to CodeCov
97+
uses: codecov/codecov-action@v5
98+
with:
99+
use_oidc: true
100+
fail_ci_if_error: true # optional (default = false)
101+
verbose: true # optional (default = false)
102+
94103
# Then PR comments
95104
- name: Code Coverage Summary Report
96105
if: ${{ !env.ACT && github.event_name == 'pull_request' }}
Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
# Targets the evergreen latest release of ruby, truffleruby, and jruby
2+
# and tests against the HEAD of runtime dependencies
3+
name: Runtime Deps @ HEAD
4+
5+
permissions:
6+
contents: read
7+
8+
env:
9+
K_SOUP_COV_DO: false
10+
11+
on:
12+
push:
13+
branches:
14+
- 'main'
15+
- '*-stable'
16+
tags:
17+
- '!*' # Do not execute on tags
18+
pull_request:
19+
branches:
20+
- '*'
21+
# Allow manually triggering the workflow.
22+
workflow_dispatch:
23+
24+
# Cancels all previous workflow runs for the same branch that have not yet completed.
25+
concurrency:
26+
# The concurrency group contains the workflow name and the branch name.
27+
group: "${{ github.workflow }}-${{ github.ref }}"
28+
cancel-in-progress: true
29+
30+
jobs:
31+
test:
32+
name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
33+
if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
34+
runs-on: ubuntu-latest
35+
continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
36+
env: # $BUNDLE_GEMFILE - set at job level, so applies to all steps
37+
BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
38+
strategy:
39+
matrix:
40+
include:
41+
# Ruby 3.4
42+
- ruby: "ruby"
43+
appraisal_name: "dep-heads"
44+
exec_cmd: "rake test"
45+
gemfile: "Appraisal.root"
46+
rubygems: latest
47+
bundler: latest
48+
49+
# truffleruby-24.1
50+
- ruby: "truffleruby"
51+
appraisal_name: "dep-heads"
52+
exec_cmd: "rake test"
53+
gemfile: "Appraisal.root"
54+
rubygems: default
55+
bundler: default
56+
57+
# jruby-10.0 (targets Ruby 3.4 compatibility)
58+
- ruby: "jruby"
59+
appraisal_name: "dep-heads"
60+
exec_cmd: "rake test"
61+
gemfile: "Appraisal.root"
62+
experimental: true
63+
rubygems: default
64+
bundler: default
65+
66+
steps:
67+
- name: Checkout
68+
uses: actions/checkout@v4
69+
70+
- name: Setup Ruby & RubyGems
71+
uses: ruby/setup-ruby@v1
72+
with:
73+
ruby-version: ${{ matrix.ruby }}
74+
rubygems: ${{ matrix.rubygems }}
75+
bundler: ${{ matrix.bundler }}
76+
bundler-cache: false
77+
78+
# Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
79+
# We need to do this first to get appraisal installed.
80+
# NOTE: This does not use the primary Gemfile at all.
81+
- name: Install Root Appraisal
82+
run: bundle
83+
- name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
84+
run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle
85+
- name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
86+
run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }}

.github/workflows/current.yml

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
# Targets the evergreen latest release of ruby, truffleruby, and jruby
2+
name: Current
3+
4+
permissions:
5+
contents: read
6+
7+
env:
8+
K_SOUP_COV_DO: false
9+
10+
on:
11+
push:
12+
branches:
13+
- 'main'
14+
- "*-stable"
15+
tags:
16+
- '!*' # Do not execute on tags
17+
pull_request:
18+
branches:
19+
- '*'
20+
# Allow manually triggering the workflow.
21+
workflow_dispatch:
22+
23+
# Cancels all previous workflow runs for the same branch that have not yet completed.
24+
concurrency:
25+
# The concurrency group contains the workflow name and the branch name.
26+
group: "${{ github.workflow }}-${{ github.ref }}"
27+
cancel-in-progress: true
28+
29+
jobs:
30+
test:
31+
name: Specs ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
32+
if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
33+
runs-on: ubuntu-latest
34+
continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
35+
env: # $BUNDLE_GEMFILE - set at job level, so applies to all steps
36+
BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
37+
strategy:
38+
matrix:
39+
include:
40+
# Ruby 3.4
41+
- ruby: "3.4"
42+
appraisal_name: "r3"
43+
exec_cmd: "rake test"
44+
gemfile: "Appraisal.root"
45+
rubygems: latest
46+
bundler: latest
47+
48+
# truffleruby-24.1
49+
- ruby: "truffleruby"
50+
appraisal_name: "r3"
51+
exec_cmd: "rake test"
52+
gemfile: "Appraisal.root"
53+
rubygems: default
54+
bundler: default
55+
56+
# jruby-10.0 (targets Ruby 3.4 compatibility)
57+
- ruby: "jruby"
58+
appraisal_name: "r3"
59+
exec_cmd: "rake test"
60+
gemfile: "Appraisal.root"
61+
rubygems: default
62+
bundler: default
63+
64+
steps:
65+
- name: Checkout
66+
uses: actions/checkout@v4
67+
68+
- name: Setup Ruby & RubyGems
69+
uses: ruby/setup-ruby@v1
70+
with:
71+
ruby-version: ${{ matrix.ruby }}
72+
rubygems: ${{ matrix.rubygems }}
73+
bundler: ${{ matrix.bundler }}
74+
bundler-cache: false
75+
76+
# Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
77+
# We need to do this first to get appraisal installed.
78+
# NOTE: This does not use the main Gemfile at all.
79+
- name: Install Root Appraisal
80+
run: bundle
81+
- name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
82+
run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle
83+
- name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
84+
run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }}
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Dependency Review Action
2+
#
3+
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
4+
#
5+
# Source repository: https://github.com/actions/dependency-review-action
6+
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
7+
name: 'Dependency Review'
8+
on: [pull_request]
9+
10+
permissions:
11+
contents: read
12+
13+
jobs:
14+
dependency-review:
15+
runs-on: ubuntu-latest
16+
steps:
17+
- name: 'Checkout Repository'
18+
uses: actions/checkout@v4
19+
- name: 'Dependency Review'
20+
uses: actions/dependency-review-action@v4

0 commit comments

Comments
 (0)