feat(daemons+settings): rename config to daemons, add settings CLI, extract shared path resolution #47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| tags: ["*"] | |
| branches: ["main"] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| env: | |
| CARGO_TERM_COLOR: always | |
| MISE_EXPERIMENTAL: true | |
| jobs: | |
| ci: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| submodules: true | |
| persist-credentials: false | |
| - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 | |
| with: | |
| cache: false | |
| - run: rm -rf .cargo | |
| # save-if gates cache writes to main so PRs can only restore, not poison. | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # zizmor: ignore[cache-poisoning] v2 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| - run: mise run ci | |
| - run: mise run render | |
| - name: assert render produces no diff | |
| run: | | |
| if [ -n "$(git status --porcelain)" ]; then | |
| echo "::error::'mise run render' produced changes. Run it locally and commit." | |
| git status | |
| git diff HEAD | |
| exit 1 | |
| fi | |
| windows-build: | |
| runs-on: windows-latest | |
| timeout-minutes: 20 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| submodules: true | |
| persist-credentials: false | |
| # save-if gates cache writes to main so PRs can only restore, not poison. | |
| - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # zizmor: ignore[cache-poisoning] v2 | |
| with: | |
| save-if: ${{ github.ref == 'refs/heads/main' }} | |
| # `cargo check` (debug) catches the compile errors that otherwise only | |
| # surface in the release pipeline, without paying for an optimized link. | |
| # Integration tests under tests/ are Unix-only (lsof, pkill, etc.) so | |
| # we limit the check to lib + bins. | |
| - run: cargo check --lib --bins --all-features | |
| # Aggregator that required-status-checks can target. If any upstream job | |
| # failed, was cancelled, or was skipped, this step exits non-zero so the PR is | |
| # blocked. Lets the branch-protection rule depend on one name instead of N. | |
| final: | |
| needs: | |
| - ci | |
| - windows-build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 2 | |
| permissions: {} | |
| # Run on success or upstream failure but skip when the workflow is cancelled | |
| # — `always()` would override `cancel-in-progress` and waste a runner. | |
| if: ${{ !cancelled() }} | |
| steps: | |
| - name: Gate on upstream job results | |
| env: | |
| NEEDS_JSON: ${{ toJSON(needs) }} | |
| run: | | |
| python3 - <<'PY' | |
| import json | |
| import os | |
| import sys | |
| needs = json.loads(os.environ["NEEDS_JSON"]) | |
| failed = False | |
| for name, data in sorted(needs.items()): | |
| result = data.get("result", "unknown") | |
| if result == "success": | |
| print(f"::notice::{name}: {result}") | |
| else: | |
| print(f"::error::{name}: {result}") | |
| failed = True | |
| if failed: | |
| print("One or more upstream jobs did not complete successfully.") | |
| sys.exit(1) | |
| print("All CI jobs completed successfully.") | |
| PY |