src/tools/clippy/.github/workflows/lintcheck.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

name: Lintcheck

on:
  pull_request:
    paths-ignore:
      - 'book/**'
      - 'util/**'
      - 'tests/**'
      - '*.md'

env:
  RUST_BACKTRACE: 1
  CARGO_INCREMENTAL: 0

concurrency:
  # For a given workflow, if we push to the same PR, cancel all previous builds on that PR.
  group: "${{ github.workflow }}-${{ github.event.pull_request.number}}"
  cancel-in-progress: true

jobs:
  # Runs lintcheck on the PR's target branch and stores the results as an artifact
  base:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout
      uses: actions/checkout@v5
      with:
        fetch-depth: 2
        # Unsetting this would make so that any malicious package could get our Github Token
        persist-credentials: false

    # HEAD is the generated merge commit `refs/pull/N/merge` between the PR and `master`, `HEAD^`
    # being the commit from `master` that is the base of the merge
    - name: Checkout base
      run: git checkout HEAD^

    # Use the lintcheck from the PR to generate the JSON in case the PR modifies lintcheck in some
    # way
    - name: Checkout current lintcheck
      run: |
        rm -rf lintcheck
        git checkout ${{ github.sha }} -- lintcheck

    - name: Cache lintcheck bin
      id: cache-lintcheck-bin
      uses: actions/cache@v4
      with:
        path: target/debug/lintcheck
        key: lintcheck-bin-${{ hashfiles('lintcheck/**') }}

    - name: Build lintcheck
      if: steps.cache-lintcheck-bin.outputs.cache-hit != 'true'
      run: cargo build --manifest-path=lintcheck/Cargo.toml

    - name: Create cache key
      id: key
      run: echo "key=lintcheck-base-${{ hashfiles('lintcheck/**') }}-$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"

    - name: Cache results JSON
      id: cache-json
      uses: actions/cache@v4
      with:
        path: lintcheck-logs/ci_crates_logs.json
        key: ${{ steps.key.outputs.key }}

    - name: Run lintcheck
      if: steps.cache-json.outputs.cache-hit != 'true'
      run: env CLIPPY_CONF_DIR="$PWD/lintcheck/ci-config" ./target/debug/lintcheck --format json --all-lints --crates-toml ./lintcheck/ci_crates.toml

    - name: Upload base JSON
      uses: actions/upload-artifact@v4
      with:
        name: base
        path: lintcheck-logs/ci_crates_logs.json

  # Runs lintcheck on the PR and stores the results as an artifact
  head:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout
      uses: actions/checkout@v5
      with:
        # Unsetting this would make so that any malicious package could get our Github Token
        persist-credentials: false

    - name: Cache lintcheck bin
      id: cache-lintcheck-bin
      uses: actions/cache@v4
      with:
        path: target/debug/lintcheck
        key: lintcheck-bin-${{ hashfiles('lintcheck/**') }}

    - name: Build lintcheck
      if: steps.cache-lintcheck-bin.outputs.cache-hit != 'true'
      run: cargo build --manifest-path=lintcheck/Cargo.toml

    - name: Run lintcheck
      run: env CLIPPY_CONF_DIR="$PWD/lintcheck/ci-config" ./target/debug/lintcheck --format json --all-lints --crates-toml ./lintcheck/ci_crates.toml

    - name: Upload head JSON
      uses: actions/upload-artifact@v4
      with:
        name: head
        path: lintcheck-logs/ci_crates_logs.json

  # Retrieves the head and base JSON results and prints the diff to the GH actions step summary
  diff:
    runs-on: ubuntu-latest

    needs: [base, head]

    steps:
    - name: Checkout
      uses: actions/checkout@v5
      with:
        # Unsetting this would make so that any malicious package could get our Github Token
        persist-credentials: false

    - name: Restore lintcheck bin
      uses: actions/cache/restore@v4
      with:
        path: target/debug/lintcheck
        key: lintcheck-bin-${{ hashfiles('lintcheck/**') }}
        fail-on-cache-miss: true

    - name: Download JSON
      uses: actions/download-artifact@v4

    - name: Store PR number
      run: echo ${{ github.event.pull_request.number }} > pr.txt

    - name: Diff results
      # GH's summery has a maximum size of 1MiB:
      # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#step-isolation-and-limits
      # We upload the full diff as an artifact in case it's truncated
      run: |
        ./target/debug/lintcheck diff {base,head}/ci_crates_logs.json --truncate | head -c 1M > $GITHUB_STEP_SUMMARY
        ./target/debug/lintcheck diff {base,head}/ci_crates_logs.json --write-summary summary.json > full_diff.md

    - name: Upload full diff
      uses: actions/upload-artifact@v4
      with:
        name: full_diff
        path: full_diff.md

    - name: Upload summary
      uses: actions/upload-artifact@v4
      with:
        name: summary
        path: |
          summary.json
          pr.txt