2gW94/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-17 04:44:37 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Revert "fix: make CI workflows run after pushing excemptions for carg… (#654)
Some checks failed
Regressions / multi-peer (push) Has been cancelled
Details
Nix on Mac / Build aarch64-darwin.rosenpass (push) Has been cancelled
Details
Nix on Mac / Build aarch64-darwin.rp (push) Has been cancelled
Details
Nix / Build i686-linux.rosenpass (push) Has been cancelled
Details
Nix / Run Nix checks on x86_64-linux (push) Has been cancelled
Details
Nix on Mac / Run Nix checks on aarch64-darwin (push) Has been cancelled
Details
Build Docker Images / build-and-test-rp (amd64) (push) Has been cancelled
Details
Build Docker Images / build-and-test-rp (arm64) (push) Has been cancelled
Details
Nix / Run Nix checks on i686-linux (push) Has been cancelled
Details
Nix / Build x86_64-linux.proverif-patched (push) Has been cancelled
Details
Nix / Build x86_64-linux.rosenpass (push) Has been cancelled
Details
Nix / Build aarch64-linux.rosenpass (push) Has been cancelled
Details
Nix / Build aarch64-linux.rp (push) Has been cancelled
Details
Nix / Build x86_64-linux.rosenpass-static (push) Has been cancelled
Details
Nix / Build x86_64-linux.rp-static (push) Has been cancelled
Details
Nix / Build x86_64-linux.whitepaper (push) Has been cancelled
Details
Nix / Upload whitepaper x86_64-linux (push) Has been cancelled
Details
QC Mac / cargo-test-mac (push) Has been cancelled
Details
QC / prettier (push) Has been cancelled
Details
QC / Shellcheck (push) Has been cancelled
Details
QC / Rust Format (push) Has been cancelled
Details
QC / cargo-bench (push) Has been cancelled
Details
QC / mandoc (push) Has been cancelled
Details
QC / cargo-audit (push) Has been cancelled
Details
QC / cargo-clippy (push) Has been cancelled
Details
QC / cargo-doc (push) Has been cancelled
Details
QC / cargo-test (ubicloud-standard-2-ubuntu-2204) (push) Has been cancelled
Details
QC / cargo-test (warp-macos-13-arm64-6x) (push) Has been cancelled
Details
QC / cargo-test-nix-devshell-x86_64-linux (push) Has been cancelled
Details
QC / cargo-fuzz (push) Has been cancelled
Details
QC / codecov (push) Has been cancelled
Details
Regressions / boot-race (push) Has been cancelled
Details
Supply-Chain / Deny dependencies with vulnerabilities or incompatible licenses (push) Has been cancelled
Details
Supply-Chain / Supply Chain Report (push) Has been cancelled
Details
Supply-Chain / Vet Dependencies (push) Has been cancelled
Details
Nix on Mac / Build aarch64-darwin.rosenpass-oci-image (push) Has been cancelled
Details
Nix / Build i686-linux.default (push) Has been cancelled
Details
Build Docker Images / docker-image-rp (amd64) (push) Has been cancelled
Details
Build Docker Images / docker-image-rp (arm64) (push) Has been cancelled
Details
Build Docker Images / docker-image-rosenpass (amd64) (push) Has been cancelled
Details
Build Docker Images / docker-image-rosenpass (arm64) (push) Has been cancelled
Details
Build Docker Images / merge-digests (rosenpass) (push) Has been cancelled
Details
Build Docker Images / merge-digests (rp) (push) Has been cancelled
Details
Nix on Mac / Build aarch64-darwin.default (push) Has been cancelled
Details
Nix on Mac / Build aarch64-darwin.release-package (push) Has been cancelled
Details
Nix / Build i686-linux.rosenpass-oci-image (push) Has been cancelled
Details
Nix / Build x86_64-linux.default (push) Has been cancelled
Details
Nix / Build x86_64-linux.proof-proverif (push) Has been cancelled
Details
Nix / Build x86_64-linux.release-package (push) Has been cancelled
Details
Nix / Build x86_64-linux.rosenpass-oci-image (push) Has been cancelled
Details
Nix / Build aarch64-linux.rosenpass-oci-image (push) Has been cancelled
Details
Nix / Build x86_64-linux.rosenpass-static-oci-image (push) Has been cancelled
Details
Dependent Issues / check (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Karolin Varner
2025-05-30 13:23:00 +02:00
committed by GitHub
parent 64ff326e14 dd105a4491
commit d98815fa7f
9 changed files with 26 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/dependent-issues.yml vendored
View File

@@ -17,10 +17,6 @@ on:
# this action is required to pass before merging. Otherwise, it # this action is required to pass before merging. Otherwise, it
# can be removed. # can be removed.
- synchronize - synchronize
workflow_run:
workflows: [Regenerate cargo-vet exemptions for dependabot-PRs]
types:
- completed
# Schedule a daily check. Useful if you reference cross-repository # Schedule a daily check. Useful if you reference cross-repository
# issues or pull requests. Otherwise, it can be removed. # issues or pull requests. Otherwise, it can be removed.
@@ -29,8 +25,6 @@ on:
jobs: jobs:
check: check:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
permissions: permissions:
issues: write issues: write
pull-requests: write pull-requests: write

21
.github/workflows/docker.yaml vendored
View File

@@ -14,15 +14,6 @@ on:
- ".github/workflows/docker.yaml" - ".github/workflows/docker.yaml"
branches: branches:
- "main" - "main"
workflow_run:
workflows: [Regenerate cargo-vet exemptions for dependabot-PRs]
types:
- completed
paths:
- "docker/Dockerfile"
- ".github/workflows/docker.yaml"
branches:
- "main"
permissions: permissions:
contents: read contents: read
@@ -33,8 +24,6 @@ jobs:
# 1. BUILD & TEST # 1. BUILD & TEST
# -------------------------------- # --------------------------------
build-and-test-rp: build-and-test-rp:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
strategy: strategy:
matrix: matrix:
arch: [amd64, arm64] arch: [amd64, arm64]
@@ -129,8 +118,8 @@ jobs:
docker-image-rp: docker-image-rp:
needs: needs:
- build-and-test-rp - build-and-test-rp
# Only run this job if it s triggered by by a push to the main branch or a version tag. # Skip if this is not a PR. Then we want to push this image.
if: ${{ github.event_name != 'pull_request' && github.event_name != 'workflow_run' }} if: ${{ github.event_name != 'pull_request' }}
# Use a matrix to build for both AMD64 and ARM64 # Use a matrix to build for both AMD64 and ARM64
strategy: strategy:
matrix: matrix:
@@ -194,8 +183,8 @@ jobs:
docker-image-rosenpass: docker-image-rosenpass:
needs: needs:
- build-and-test-rp - build-and-test-rp
# Only run this job if it s triggered by by a push to the main branch or a version tag. # Skip if this is not a PR. Then we want to push this image.
if: ${{ github.event_name != 'pull_request' && github.event_name != 'workflow_run' }} if: ${{ github.event_name != 'pull_request' }}
# Use a matrix to build for both AMD64 and ARM64 # Use a matrix to build for both AMD64 and ARM64
strategy: strategy:
matrix: matrix:
@@ -260,7 +249,7 @@ jobs:
needs: needs:
- docker-image-rosenpass - docker-image-rosenpass
- docker-image-rp - docker-image-rp
if: ${{ github.event_name != 'pull_request' && github.event_name != 'workflow_run' }} if: ${{ github.event_name != 'pull_request' }}
strategy: strategy:
matrix: matrix:
target: [rp, rosenpass] target: [rp, rosenpass]

12
.github/workflows/nix-mac.yaml vendored
View File

@@ -13,8 +13,6 @@ concurrency:
jobs: jobs:
aarch64-darwin---default: aarch64-darwin---default:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
name: Build aarch64-darwin.default name: Build aarch64-darwin.default
runs-on: runs-on:
- warp-macos-13-arm64-6x - warp-macos-13-arm64-6x
@@ -32,8 +30,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-darwin.default --print-build-logs run: nix build .#packages.aarch64-darwin.default --print-build-logs
aarch64-darwin---release-package: aarch64-darwin---release-package:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
name: Build aarch64-darwin.release-package name: Build aarch64-darwin.release-package
runs-on: runs-on:
- warp-macos-13-arm64-6x - warp-macos-13-arm64-6x
@@ -53,8 +49,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-darwin.release-package --print-build-logs run: nix build .#packages.aarch64-darwin.release-package --print-build-logs
aarch64-darwin---rosenpass: aarch64-darwin---rosenpass:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
name: Build aarch64-darwin.rosenpass name: Build aarch64-darwin.rosenpass
runs-on: runs-on:
- warp-macos-13-arm64-6x - warp-macos-13-arm64-6x
@@ -71,8 +65,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-darwin.rosenpass --print-build-logs run: nix build .#packages.aarch64-darwin.rosenpass --print-build-logs
aarch64-darwin---rp: aarch64-darwin---rp:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
name: Build aarch64-darwin.rp name: Build aarch64-darwin.rp
runs-on: runs-on:
- warp-macos-13-arm64-6x - warp-macos-13-arm64-6x
@@ -89,8 +81,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-darwin.rp --print-build-logs run: nix build .#packages.aarch64-darwin.rp --print-build-logs
aarch64-darwin---rosenpass-oci-image: aarch64-darwin---rosenpass-oci-image:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
name: Build aarch64-darwin.rosenpass-oci-image name: Build aarch64-darwin.rosenpass-oci-image
runs-on: runs-on:
- warp-macos-13-arm64-6x - warp-macos-13-arm64-6x
@@ -108,8 +98,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-darwin.rosenpass-oci-image --print-build-logs run: nix build .#packages.aarch64-darwin.rosenpass-oci-image --print-build-logs
aarch64-darwin---check: aarch64-darwin---check:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
name: Run Nix checks on aarch64-darwin name: Run Nix checks on aarch64-darwin
runs-on: runs-on:
- warp-macos-13-arm64-6x - warp-macos-13-arm64-6x

43
.github/workflows/nix.yaml vendored
View File

@@ -6,10 +6,6 @@ on:
push: push:
branches: branches:
- main - main
workflow_run:
workflows: [Regenerate cargo-vet exemptions for dependabot-PRs]
types:
- completed
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
@@ -17,8 +13,6 @@ concurrency:
jobs: jobs:
i686-linux---default: i686-linux---default:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build i686-linux.default name: Build i686-linux.default
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -36,8 +30,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.i686-linux.default --print-build-logs run: nix build .#packages.i686-linux.default --print-build-logs
i686-linux---rosenpass: i686-linux---rosenpass:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build i686-linux.rosenpass name: Build i686-linux.rosenpass
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -54,8 +46,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.i686-linux.rosenpass --print-build-logs run: nix build .#packages.i686-linux.rosenpass --print-build-logs
i686-linux---rosenpass-oci-image: i686-linux---rosenpass-oci-image:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build i686-linux.rosenpass-oci-image name: Build i686-linux.rosenpass-oci-image
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -73,8 +63,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.i686-linux.rosenpass-oci-image --print-build-logs run: nix build .#packages.i686-linux.rosenpass-oci-image --print-build-logs
i686-linux---check: i686-linux---check:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Run Nix checks on i686-linux name: Run Nix checks on i686-linux
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -90,8 +78,6 @@ jobs:
- name: Check - name: Check
run: nix flake check . --print-build-logs run: nix flake check . --print-build-logs
x86_64-linux---default: x86_64-linux---default:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.default name: Build x86_64-linux.default
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -109,8 +95,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.default --print-build-logs run: nix build .#packages.x86_64-linux.default --print-build-logs
x86_64-linux---proof-proverif: x86_64-linux---proof-proverif:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.proof-proverif name: Build x86_64-linux.proof-proverif
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -128,8 +112,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.proof-proverif --print-build-logs run: nix build .#packages.x86_64-linux.proof-proverif --print-build-logs
x86_64-linux---proverif-patched: x86_64-linux---proverif-patched:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.proverif-patched name: Build x86_64-linux.proverif-patched
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -146,8 +128,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.proverif-patched --print-build-logs run: nix build .#packages.x86_64-linux.proverif-patched --print-build-logs
x86_64-linux---release-package: x86_64-linux---release-package:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.release-package name: Build x86_64-linux.release-package
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -191,8 +171,6 @@ jobs:
# - name: Build # - name: Build
# run: nix build .#packages.aarch64-linux.release-package --print-build-logs # run: nix build .#packages.aarch64-linux.release-package --print-build-logs
x86_64-linux---rosenpass: x86_64-linux---rosenpass:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.rosenpass name: Build x86_64-linux.rosenpass
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -209,8 +187,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.rosenpass --print-build-logs run: nix build .#packages.x86_64-linux.rosenpass --print-build-logs
aarch64-linux---rosenpass: aarch64-linux---rosenpass:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build aarch64-linux.rosenpass name: Build aarch64-linux.rosenpass
runs-on: runs-on:
- ubicloud-standard-2-arm-ubuntu-2204 - ubicloud-standard-2-arm-ubuntu-2204
@@ -232,8 +208,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-linux.rosenpass --print-build-logs run: nix build .#packages.aarch64-linux.rosenpass --print-build-logs
aarch64-linux---rp: aarch64-linux---rp:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build aarch64-linux.rp name: Build aarch64-linux.rp
runs-on: runs-on:
- ubicloud-standard-2-arm-ubuntu-2204 - ubicloud-standard-2-arm-ubuntu-2204
@@ -255,8 +229,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-linux.rp --print-build-logs run: nix build .#packages.aarch64-linux.rp --print-build-logs
x86_64-linux---rosenpass-oci-image: x86_64-linux---rosenpass-oci-image:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.rosenpass-oci-image name: Build x86_64-linux.rosenpass-oci-image
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -274,8 +246,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.rosenpass-oci-image --print-build-logs run: nix build .#packages.x86_64-linux.rosenpass-oci-image --print-build-logs
aarch64-linux---rosenpass-oci-image: aarch64-linux---rosenpass-oci-image:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build aarch64-linux.rosenpass-oci-image name: Build aarch64-linux.rosenpass-oci-image
runs-on: runs-on:
- ubicloud-standard-2-arm-ubuntu-2204 - ubicloud-standard-2-arm-ubuntu-2204
@@ -298,8 +268,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.aarch64-linux.rosenpass-oci-image --print-build-logs run: nix build .#packages.aarch64-linux.rosenpass-oci-image --print-build-logs
x86_64-linux---rosenpass-static: x86_64-linux---rosenpass-static:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.rosenpass-static name: Build x86_64-linux.rosenpass-static
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -316,8 +284,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.rosenpass-static --print-build-logs run: nix build .#packages.x86_64-linux.rosenpass-static --print-build-logs
x86_64-linux---rp-static: x86_64-linux---rp-static:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.rp-static name: Build x86_64-linux.rp-static
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -334,8 +300,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.rp-static --print-build-logs run: nix build .#packages.x86_64-linux.rp-static --print-build-logs
x86_64-linux---rosenpass-static-oci-image: x86_64-linux---rosenpass-static-oci-image:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.rosenpass-static-oci-image name: Build x86_64-linux.rosenpass-static-oci-image
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -353,8 +317,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.rosenpass-static-oci-image --print-build-logs run: nix build .#packages.x86_64-linux.rosenpass-static-oci-image --print-build-logs
x86_64-linux---whitepaper: x86_64-linux---whitepaper:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Build x86_64-linux.whitepaper name: Build x86_64-linux.whitepaper
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -371,8 +333,6 @@ jobs:
- name: Build - name: Build
run: nix build .#packages.x86_64-linux.whitepaper --print-build-logs run: nix build .#packages.x86_64-linux.whitepaper --print-build-logs
x86_64-linux---check: x86_64-linux---check:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Run Nix checks on x86_64-linux name: Run Nix checks on x86_64-linux
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
@@ -390,8 +350,7 @@ jobs:
x86_64-linux---whitepaper-upload: x86_64-linux---whitepaper-upload:
name: Upload whitepaper x86_64-linux name: Upload whitepaper x86_64-linux
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions if: ${{ github.ref == 'refs/heads/main' }}
if: ${{ (github.ref == 'refs/heads/main') && (github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run') }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30 - uses: cachix/install-nix-action@v30

2
.github/workflows/qc-mac.yaml vendored
View File

@@ -14,8 +14,6 @@ permissions:
jobs: jobs:
cargo-test-mac: cargo-test-mac:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions or explicitly called
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' || github.event_name == 'workflow_call'}}
runs-on: warp-macos-13-arm64-6x runs-on: warp-macos-13-arm64-6x
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

28
.github/workflows/qc.yaml vendored
View File

@@ -3,10 +3,6 @@ on:
pull_request: pull_request:
push: push:
branches: [main] branches: [main]
workflow_run:
workflows: [Regenerate cargo-vet exemptions for dependabot-PRs]
types:
- completed
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,8 +14,6 @@ permissions:
jobs: jobs:
prettier: prettier:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -28,8 +22,6 @@ jobs:
args: --check . args: --check .
shellcheck: shellcheck:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Shellcheck name: Shellcheck
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
@@ -38,8 +30,6 @@ jobs:
uses: ludeeus/action-shellcheck@master uses: ludeeus/action-shellcheck@master
rustfmt: rustfmt:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Rust Format name: Rust Format
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
@@ -48,8 +38,6 @@ jobs:
run: bash format_rust_code.sh --mode check run: bash format_rust_code.sh --mode check
cargo-bench: cargo-bench:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -68,8 +56,6 @@ jobs:
- run: RUST_MIN_STACK=8388608 cargo bench --workspace --exclude rosenpass-fuzzing - run: RUST_MIN_STACK=8388608 cargo bench --workspace --exclude rosenpass-fuzzing
mandoc: mandoc:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: mandoc name: mandoc
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
@@ -80,8 +66,6 @@ jobs:
run: doc/check.sh doc/rp.1 run: doc/check.sh doc/rp.1
cargo-audit: cargo-audit:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -90,8 +74,6 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
cargo-clippy: cargo-clippy:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -111,8 +93,6 @@ jobs:
args: --all-features args: --all-features
cargo-doc: cargo-doc:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -132,8 +112,6 @@ jobs:
- run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --document-private-items - run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --document-private-items
cargo-test: cargo-test:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
matrix: matrix:
@@ -157,8 +135,6 @@ jobs:
- run: RUST_MIN_STACK=8388608 cargo test --workspace --all-features - run: RUST_MIN_STACK=8388608 cargo test --workspace --all-features
cargo-test-nix-devshell-x86_64-linux: cargo-test-nix-devshell-x86_64-linux:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: runs-on:
- ubicloud-standard-2-ubuntu-2204 - ubicloud-standard-2-ubuntu-2204
steps: steps:
@@ -182,8 +158,6 @@ jobs:
- run: nix develop --command cargo test --workspace --all-features - run: nix develop --command cargo test --workspace --all-features
cargo-fuzz: cargo-fuzz:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
env: env:
steps: steps:
@@ -218,8 +192,6 @@ jobs:
cargo fuzz run fuzz_vec_secret_alloc_memfdsec_mallocfb -- -max_total_time=5 cargo fuzz run fuzz_vec_secret_alloc_memfdsec_mallocfb -- -max_total_time=5
codecov: codecov:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

54
.github/workflows/regenerate-cargo-vet-exemptions.yml vendored
View File

@@ -1,54 +0,0 @@
name: Regenerate cargo-vet exemptions for dependabot-PRs
on:
pull_request:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
regen-cargo-vet-exemptions:
if: ${{ github.actor == 'dependabot[bot]' }}
name: Regenerate exemptions for cargo-vet for dependabot-PRs
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
key: cargo-vet-cache
- name: Install stable toolchain # Since we are running/compiling cargo-vet, we should rely on the stable toolchain.
run: |
rustup toolchain install stable
rustup default stable
- uses: actions/cache@v4
with:
path: ${{ runner.tool_cache }}/cargo-vet
key: cargo-vet-bin
- name: Add the tool cache directory to the search path
run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
- name: Ensure that the tool cache is populated with the cargo-vet binary
run: cargo install --root ${{ runner.tool_cache }}/cargo-vet cargo-vet
- name: Regenerate vet exemptions for dependabot PRs
run: cargo vet regenerate exemptions
- name: Check for changes in case of dependabot PR
run: git diff --exit-code || echo "Changes detected, committing..."
- name: Commit and push changes for dependabot PRs
if: ${{ success() }}
run: |
git fetch origin ${{ github.head_ref }}
git switch ${{ github.head_ref }}
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions@github.com"
git add supply-chain/*
git commit -m "Regenerate cargo vet exemptions"
git push origin ${{ github.head_ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

8
.github/workflows/regressions.yml vendored
View File

@@ -3,10 +3,6 @@ on:
pull_request: pull_request:
push: push:
branches: [main] branches: [main]
workflow_run:
workflows: [Regenerate cargo-vet exemptions for dependabot-PRs]
types:
- completed
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,8 +14,6 @@ permissions:
jobs: jobs:
multi-peer: multi-peer:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -31,8 +25,6 @@ jobs:
[ $(ls -1 output/ate/out | wc -l) -eq 100 ] [ $(ls -1 output/ate/out | wc -l) -eq 100 ]
boot-race: boot-race:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
runs-on: ubicloud-standard-2-ubuntu-2204 runs-on: ubicloud-standard-2-ubuntu-2204
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4

30
.github/workflows/supply-chain.yml vendored
View File

@@ -3,10 +3,6 @@ on:
pull_request: pull_request:
push: push:
branches: [main] branches: [main]
workflow_run:
workflows: [Regenerate cargo-vet exemptions for dependabot-PRs]
types:
- completed
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
@@ -14,16 +10,12 @@ concurrency:
jobs: jobs:
cargo-deny: cargo-deny:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Deny dependencies with vulnerabilities or incompatible licenses name: Deny dependencies with vulnerabilities or incompatible licenses
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2 - uses: EmbarkStudios/cargo-deny-action@v2
cargo-supply-chain: cargo-supply-chain:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Supply Chain Report name: Supply Chain Report
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -52,10 +44,10 @@ jobs:
run: cargo supply-chain crates run: cargo supply-chain crates
# The setup for cargo-vet follows the recommendations in the cargo-vet documentation: https://mozilla.github.io/cargo-vet/configuring-ci.html # The setup for cargo-vet follows the recommendations in the cargo-vet documentation: https://mozilla.github.io/cargo-vet/configuring-ci.html
cargo-vet: cargo-vet:
# Only run this for dependabot PRs if it's triggered by the workflow to regenerate cargo-vet exemptions
if: ${{ github.actor != 'dependabot[bot]' || github.event_name == 'workflow_run' }}
name: Vet Dependencies name: Vet Dependencies
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/cache@v4 - uses: actions/cache@v4
@@ -77,5 +69,23 @@ jobs:
run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
- name: Ensure that the tool cache is populated with the cargo-vet binary - name: Ensure that the tool cache is populated with the cargo-vet binary
run: cargo install --root ${{ runner.tool_cache }}/cargo-vet cargo-vet run: cargo install --root ${{ runner.tool_cache }}/cargo-vet cargo-vet
- name: Regenerate vet exemptions for dependabot PRs
if: github.actor == 'dependabot[bot]' # Run only for Dependabot PRs
run: cargo vet regenerate exemptions
- name: Check for changes in case of dependabot PR
if: github.actor == 'dependabot[bot]' # Run only for Dependabot PRs
run: git diff --exit-code || echo "Changes detected, committing..."
- name: Commit and push changes for dependabot PRs
if: success() && github.actor == 'dependabot[bot]'
run: |
git fetch origin ${{ github.head_ref }}
git switch ${{ github.head_ref }}
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions@github.com"
git add supply-chain/*
git commit -m "Regenerate cargo vet exemptions"
git push origin ${{ github.head_ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Invoke cargo-vet - name: Invoke cargo-vet
run: cargo vet --locked run: cargo vet --locked