feat(apply): safety hardening — atomicity, locking, pnpm CoW, sidecars, Maven gate #151
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| clippy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # stable | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| - name: Cache cargo | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ubuntu-latest-cargo-clippy-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ubuntu-latest-cargo-clippy- | |
| - name: Run clippy | |
| run: cargo clippy --workspace --all-features -- -D warnings | |
| test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # stable | |
| with: | |
| toolchain: stable | |
| - name: Cache cargo | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ matrix.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ matrix.os }}-cargo- | |
| - name: Build | |
| run: cargo build --workspace --all-features | |
| - name: Run tests | |
| run: cargo test --workspace --all-features | |
| test-release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # stable | |
| with: | |
| toolchain: stable | |
| - name: Cache cargo | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ubuntu-latest-cargo-release-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ubuntu-latest-cargo-release- | |
| - name: Run tests (release) | |
| run: cargo test --workspace --all-features --release | |
| dispatch-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: '20' | |
| - name: Run npm dispatch tests | |
| run: node --test npm/socket-patch/bin/socket-patch.test.mjs | |
| - name: Setup Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Run pypi dispatch tests | |
| run: python pypi/socket-patch/test_dispatch.py | |
| e2e: | |
| needs: test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| suite: e2e_npm | |
| - os: ubuntu-latest | |
| suite: e2e_pypi | |
| - os: ubuntu-latest | |
| suite: e2e_cargo | |
| - os: ubuntu-latest | |
| suite: e2e_golang | |
| - os: ubuntu-latest | |
| suite: e2e_maven | |
| - os: ubuntu-latest | |
| suite: e2e_gem | |
| - os: ubuntu-latest | |
| suite: e2e_composer | |
| - os: ubuntu-latest | |
| suite: e2e_nuget | |
| - os: macos-latest | |
| suite: e2e_npm | |
| - os: macos-latest | |
| suite: e2e_pypi | |
| # Safety-hardening e2e suites. Both #[ignore]-gated because | |
| # they shell out to cargo / pnpm respectively. The fast | |
| # non-ignored safety suites (e2e_safety_lock, | |
| # e2e_safety_yarn_pnp) run via the standard `test` job | |
| # above, so no matrix entry is needed for them. | |
| - os: ubuntu-latest | |
| suite: e2e_safety_cargo_build | |
| - os: macos-latest | |
| suite: e2e_safety_cargo_build | |
| - os: ubuntu-latest | |
| suite: e2e_safety_pnpm | |
| - os: macos-latest | |
| suite: e2e_safety_pnpm | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # stable | |
| with: | |
| toolchain: stable | |
| - name: Cache cargo | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ matrix.os }}-cargo-e2e-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ matrix.os }}-cargo-e2e- | |
| - name: Setup Node.js | |
| if: matrix.suite == 'e2e_npm' || matrix.suite == 'e2e_safety_pnpm' | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: 20 | |
| - name: Setup pnpm | |
| if: matrix.suite == 'e2e_safety_pnpm' | |
| # `pnpm install -g pnpm` via the Node setup is the simplest | |
| # cross-platform install path. Pin the major version so the | |
| # store layout the test asserts on stays stable. | |
| run: npm install -g pnpm@10 | |
| - name: Setup Python | |
| if: matrix.suite == 'e2e_pypi' | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Setup Ruby | |
| if: matrix.suite == 'e2e_gem' | |
| uses: ruby/setup-ruby@319994f95fa847cf3fb3cd3dbe89f6dcde9f178f # v1.295.0 | |
| with: | |
| ruby-version: '3.2' | |
| bundler-cache: false | |
| - name: Run e2e tests | |
| run: cargo test -p socket-patch-cli --all-features --test ${{ matrix.suite }} -- --ignored |