anthony/dredge
1
0
Fork 0
mirror of https://github.com/anthonyoteri/dredge.git synced 2026-06-05 15:26:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: overhaul CI/CD pipeline and add tooling configs

Browse Source 
- Add ci.yml: test matrix (ubuntu/macos/windows), lint, conventional
  commits check (cocogitto), cargo-deny, MSRV, and semver jobs
- Add release.yml: tag-triggered publish to crates.io + GitHub release
- Remove stale rust.yml and rust-clippy.yml workflows
- Add deny.toml for cargo-deny license/advisory/ban/source checks
- Add cog.toml for cocogitto conventional commits and changelog generation
- Add Justfile with test, check, fmt, commits, release, push-tag targets
- Add CHANGELOG.md seed file
- Add PULL_REQUEST_TEMPLATE.md with conventional commits checklist
- Update dependabot.yml: weekly schedule with grouped patch/minor updates
This commit is contained in:
Anthony Oteri
2026-05-13 14:16:08 -04:00
parent 01ef25b953
commit 52910538df
10 changed files with 521 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/PULL_REQUEST_TEMPLATE.md
+18
View File
@@ -0,0 +1,18 @@
## Summary
<!-- Briefly describe what this PR does and why. -->
## Checklist
- [ ] Commits follow the [Conventional Commits](https://www.conventionalcommits.org/) spec
- `feat:` new feature
- `fix:` bug fix
- `docs:` documentation only
- `chore:` maintenance / tooling
- `ci:` CI/CD changes
- `refactor:` code change that neither fixes a bug nor adds a feature
- `test:` adding or correcting tests
- `perf:` performance improvement
- [ ] `cargo test` passes locally
- [ ] `cargo clippy --all-targets -- -W clippy::pedantic` passes with no warnings
- [ ] `cargo fmt --check` passes
.github/dependabot.yml
+16 -2
View File
@@ -3,9 +3,23 @@ updates:
- package-ecosystem: "cargo"
directory: "/"
schedule:
interval: "daily"
interval: "weekly"
groups:
patch-updates:
update-types:
- "patch"
minor-updates:
update-types:
- "minor"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
interval: "weekly"
groups:
patch-updates:
update-types:
- "patch"
minor-updates:
update-types:
- "minor"
.github/workflows/ci.yml
+121
View File
@@ -0,0 +1,121 @@
name: CI
on:
push:
branches: ["master"]
pull_request:
workflow_call:
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-D warnings"
jobs:
test:
name: Test (${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v4
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Build
run: cargo build --all-targets
- name: Run tests
run: cargo test
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install stable toolchain with clippy and rustfmt
uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Check formatting
run: cargo fmt --check --all
- name: Clippy
run: cargo clippy --all-targets -- -W clippy::pedantic
commits:
name: Conventional commits
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Full history is required for cog check to validate all commits.
fetch-depth: 0
- name: Check conventional commits
uses: cocogitto/cocogitto-action@v3
with:
check: true
# On PRs check only the commits introduced by the PR.
# On pushes to master check only commits since the previous HEAD.
from: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
deny:
name: Cargo deny
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check licenses, advisories, and bans
uses: EmbarkStudios/cargo-deny-action@v2
msrv:
name: MSRV (1.80)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust 1.80
uses: dtolnay/rust-toolchain@1.80
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Check MSRV builds
run: cargo check
semver:
name: Semver compatibility
runs-on: ubuntu-latest
# Only meaningful on PRs — compares the PR branch against the published
# crate version to catch accidental breaking API changes.
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Check semver compatibility
uses: obi1kenobi/cargo-semver-checks-action@v2
with:
package: dredge-tool
.github/workflows/release.yml
+117 -83
View File
@@ -3,113 +3,147 @@ name: Release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
- "v[0-9]*.[0-9]*.[0-9]*"
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-D warnings"
jobs:
create_release:
name: Create release
# ---------------------------------------------------------------------------
# Gate: all CI checks must pass before we publish anything.
# ---------------------------------------------------------------------------
ci:
name: CI checks
uses: ./.github/workflows/ci.yml
# ---------------------------------------------------------------------------
# Publish to crates.io and create a GitHub release.
# ---------------------------------------------------------------------------
publish:
name: Publish
runs-on: ubuntu-latest
needs: ci
permissions:
contents: write
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- name: Create release
id: create_release
uses: ncipollo/release-action@v1.21.0
build-docs:
name: Build documentation
needs: create_release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust Toolchain
uses: dtolnay/rust-toolchain@stable
- uses: actions/checkout@v4
with:
toolchain: stable
components: rust-docs
fetch-depth: 0
- name: Cache build dependencies
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Run cargo doc
run:
cargo doc
--bin=dredge
--no-deps
--all-features
--document-private-items
--release
- name: Archive the Docs
run:
tar --directory target/doc -czf
dredge-${{ github.ref_name}}-docs.tar.gz
dredge
- name: Upload documentation assets
uses: shogo82148/actions-upload-release-asset@v1.10.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install cocogitto
uses: cocogitto/cocogitto-action@v3
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_name: dredge-${{ github.ref_name }}-docs.tar.gz
asset_path: dredge-${{ github.ref_name }}-docs.tar.gz
asset_content_type: application/gzip
check: false
release_assets:
name: Release assets
needs: create_release
runs-on: ${{ matrix.config.os }}
- name: Generate release notes for this tag
id: changelog
run: |
VERSION="${GITHUB_REF_NAME#v}"
# Write release notes outside the repo so cargo publish does not
# see an untracked file and refuse to run.
cog changelog --at "$GITHUB_REF_NAME" > /tmp/release_notes.md || \
echo "No structured changelog available for $GITHUB_REF_NAME." > /tmp/release_notes.md
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Publish dredge-tool to crates.io
run: cargo publish
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
- name: Create GitHub release
run: |
gh release create "$GITHUB_REF_NAME" \
--title "$GITHUB_REF_NAME" \
--notes-file /tmp/release_notes.md
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ---------------------------------------------------------------------------
# Build release binaries and attach them to the GitHub release.
# Runs in parallel across platforms after the release is created.
# ---------------------------------------------------------------------------
build-binaries:
name: Build binary (${{ matrix.upload_name }})
needs: publish
runs-on: ${{ matrix.os }}
permissions:
contents: write
strategy:
fail-fast: false
matrix:
config:
include:
- os: ubuntu-latest
platform: linux
arch: x86_64
ext: ''
- os: macos-latest
platform: macos
arch: x86_64
ext: ''
- os: windows-latest
platform: win
arch: x86_64
ext: .exe
steps:
- name: Checkout code
uses: actions/checkout@v4
artifact: dredge
upload_name: dredge-linux-x86_64.tar.gz
target: x86_64-unknown-linux-musl
artifact_dir: target/x86_64-unknown-linux-musl/release
- name: Install Rust Toolchain
- os: macos-latest
artifact: dredge
upload_name: dredge-macos-aarch64.tar.gz
target: ""
artifact_dir: target/release
- os: macos-latest
artifact: dredge
upload_name: dredge-macos-x86_64.tar.gz
target: x86_64-apple-darwin
artifact_dir: target/x86_64-apple-darwin/release
- os: windows-latest
artifact: dredge.exe
upload_name: dredge-windows-x86_64.exe
target: ""
artifact_dir: target/release
steps:
- uses: actions/checkout@v4
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
targets: ${{ matrix.target }}
- name: Cache build dependencies
- name: Install musl tools (Linux only)
if: matrix.target == 'x86_64-unknown-linux-musl'
run: sudo apt-get install -y musl-tools
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Run cargo build
run: cargo build --release
- name: Build release binary
run: >
cargo build --release
${{ matrix.target != '' && format('--target {0}', matrix.target) || '' }}
- name: Create release assets
run:
tar --directory target/release -czf
dredge-${{ github.ref_name }}-${{ matrix.config.platform }}.${{ matrix.config.arch }}.tar.gz
dredge${{ matrix.config.ext }}
- name: Strip binary (Unix only)
if: runner.os != 'Windows'
run: strip ${{ matrix.artifact_dir }}/${{ matrix.artifact }}
- name: Upload release assets
uses: shogo82148/actions-upload-release-asset@v1.10.1
- name: Ad-hoc sign binary (macOS only)
if: runner.os == 'macOS'
run: codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ${{ matrix.artifact_dir }}/${{ matrix.artifact }}
- name: Package binary (Unix)
if: runner.os != 'Windows'
shell: bash
run: tar -czf "${{ matrix.upload_name }}" -C "${{ matrix.artifact_dir }}" "${{ matrix.artifact }}"
- name: Copy binary (Windows)
if: runner.os == 'Windows'
shell: bash
run: cp "${{ matrix.artifact_dir }}/${{ matrix.artifact }}" "${{ matrix.upload_name }}"
- name: Upload to GitHub release
run: gh release upload "${{ github.ref_name }}" "${{ matrix.upload_name }}" --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.upload_url }}
asset_name: dredge-${{ github.ref_name }}-${{ matrix.config.platform }}.${{ matrix.config.arch }}.tar.gz
asset_path: dredge-${{ github.ref_name }}-${{ matrix.config.platform }}.${{ matrix.config.arch }}.tar.gz
asset_content_type: application/gzip
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
.github/workflows/rust-clippy.yml
-51
View File
@@ -1,51 +0,0 @@
name: Rust Clippy Analysis
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
schedule:
- cron: "18 21 * * 6"
env:
CARGO_TERM_COLOR: always
jobs:
rust-clippy:
name: Run rust-clippy analysis
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust Toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: clippy
- name: Cache build dependencies
uses: Swatinem/rust-cache@v2
- name: Install clippy-sarif
run: cargo install clippy-sarif sarif-fmt
- name: Run rust-clippy
run:
cargo clippy
--all-features
--tests
--message-format=json
| clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
continue-on-error: true
- name: Upload analysis results ot GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
.github/workflows/rust.yml
-56
View File
@@ -1,56 +0,0 @@
name: Rust
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
env:
CARGO_TERM_COLOR: always
jobs:
rust-fmt-check:
name: Run Rust-fmt check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust Toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt
- name: Cache build dependencies
uses: Swatinem/rust-cache@v2
- name: Run rust-fmt --check
run: cargo fmt --check --all
test:
name: Run unit and integration tests
strategy:
matrix:
platform: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.platform }}
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Rust Toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt
- name: Cache build dependencies
uses: Swatinem/rust-cache@v2
- name: Run cargo-test
run: cargo test