github-workflows/.github/workflows/extra_soundness.yml at main · BinaryBirds/github-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: Extra soundness

on:
  workflow_call:
    inputs:
      local_swift_dependencies_check_enabled:
        type: boolean
        description: "Boolean to enable the local swift dependencies check job. Defaults to false."
        default: false
      headers_check_enabled:
        type: boolean
        description: "Checks Swift source file headers to ensure they follow the correct format. Defaults to false."
        default: false
      run_tests_with_cache_enabled:
        type: boolean
        description: "Boolean to enable run tests with .build cache."
        default: false
      tests_cache_enabled:
        type: boolean
        description: "Boolean to enable .build cache usage inside the run tests job."
        default: true
      run_tests_swift_versions:
        type: string
        description: "List of Swift versions to test with."
        default: '["6.1", "6.2"]'
      docc_warnings_check_enabled:
        type: boolean
        description: "Runs DocC analysis and fails on warnings. Defaults to false."
        default: false
      swift_package_validation_enabled:
        type: boolean
        description: "Runs Swift package validation script (structure, settings, files). Defaults to false."
        default: false
    secrets:
      SSH_PRIVATE_KEY:
        required: false

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-extra-soundness
  cancel-in-progress: true

jobs:
  local_swift_dependencies_check:
    name: Local swift dependencies check
    if: ${{ inputs.local_swift_dependencies_check_enabled }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Run local swift dependencies check
        run: curl -s https://raw.githubusercontent.com/BinaryBirds/github-workflows/refs/heads/main/scripts/check-local-swift-dependencies.sh | bash


  swift_headers_check:
    name: Checks Swift source file headers
    if: ${{ inputs.headers_check_enabled }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Run swift headers check
        run: curl -s https://raw.githubusercontent.com/BinaryBirds/github-workflows/refs/heads/main/scripts/check-swift-headers.sh | bash

  swift_package_validation:
    name: Swift package validation
    if: ${{ inputs.swift_package_validation_enabled }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Install curl + jq
        run: |
          sudo apt-get update -y
          sudo apt-get install -y curl jq
      - name: Run Swift package validation
        run: |
          curl -s https://raw.githubusercontent.com/BinaryBirds/github-workflows/refs/heads/main/scripts/check-swift-package.sh | bash

  docc_warnings_check:
    name: DocC warnings check
    if: ${{ inputs.docc_warnings_check_enabled }}
    runs-on: ubuntu-latest
    container:
      image: swift:6.2
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Install curl + jq
        run: |
          apt-get update -y
          apt-get install -y curl jq
      - name: Run DocC warnings check
        run: |
          curl -s https://raw.githubusercontent.com/BinaryBirds/github-workflows/refs/heads/main/scripts/check-docc-warnings.sh | bash

  cache-and-test:
    name: Run tests with cache
    env:
      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY || '' }}

    if: ${{ inputs.run_tests_with_cache_enabled }}

    runs-on: ubuntu-latest
    strategy:
      matrix:
        swift: ${{ fromJson(inputs.run_tests_swift_versions) }}

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Set up SSH if key provided
        if: ${{ env.SSH_PRIVATE_KEY != '' }}
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Trust github.com
        if: ${{ env.SSH_PRIVATE_KEY != '' }}
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan github.com >> ~/.ssh/known_hosts

      - name: Install zstd
        if: ${{ inputs.tests_cache_enabled }}
        run: |
          sudo apt-get update -y
          sudo apt-get install -y zstd

      - name: Restore .build
        if: ${{ inputs.tests_cache_enabled }}
        id: "restore-build"
        uses: actions/cache/restore@v4
        with:
          path: .build
          key: "swiftpm-tests-build-${{ runner.os }}-${{ matrix.swift }}-${{ github.event.pull_request.base.sha || github.event.after }}"
          restore-keys: "swiftpm-tests-build-${{ runner.os }}-${{ matrix.swift }}-"

      - name: Build package
        run: swift build --build-tests

      - name: Cache .build
        if: ${{ inputs.tests_cache_enabled && steps.restore-build.outputs.cache-hit != 'true' }}
        uses: actions/cache/save@v4
        with:
          path: .build
          key: "swiftpm-tests-build-${{ runner.os }}-${{ matrix.swift }}-${{ github.event.pull_request.base.sha || github.event.after }}"

      - name: Run unit tests
        run: |
          if [ "${{ inputs.tests_cache_enabled }}" = "true" ]; then
            swift test --skip-build --parallel
          else
            swift test --parallel
          fi