Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ jobs:
- kissat-each-feature
if: ${{ always() }} # Run this job even if a dependency has failed.
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- name: Job outcomes
run: |
echo "🧪 Workspace tests: ${{ needs.tests.result }}"
Expand Down Expand Up @@ -59,7 +60,10 @@ jobs:
name: 🏗️ Dev dependencies
runs-on: [self-hosted, nix]
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🏗️ Build dev dependencies
run: nix build .#cargoDevArtifacts
tests:
Expand All @@ -69,7 +73,10 @@ jobs:
- dev-deps
if: '!github.event.pull_request.draft'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🧪 Run tests
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').tests"
- name: 🧪 Run tests for external solver CaDiCaL
Expand All @@ -83,15 +90,21 @@ jobs:
runs-on: [self-hosted, nix]
if: '!github.event.pull_request.draft'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🏗️ Check MSRV builds
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').msrv"
wasm-check:
name: 🏄 WASM check
runs-on: [self-hosted, nix]
if: '!github.event.pull_request.draft'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🏄 Check WASM compatibility
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').wasm"
code-quality:
Expand All @@ -100,7 +113,10 @@ jobs:
needs:
- dev-deps
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: ✨ Check formatting
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').treefmt"
- name: ✨ Cargo deny bans licenses sources
Expand All @@ -124,8 +140,13 @@ jobs:
runs-on: [self-hosted, nix]
if: '!github.event.pull_request.draft'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: ✨ Build Python API and check
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').pyapi"
doc:
Expand All @@ -135,8 +156,13 @@ jobs:
- dev-deps
if: '!github.event.pull_request.draft'
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: ✨ Build doc
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').doc"
- name: 🧪 Run doc tests
Expand All @@ -148,7 +174,10 @@ jobs:
- tests
- doc
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: ✨ Collect coverage reports
run: |
nix build .#testCoverage
Expand All @@ -167,7 +196,10 @@ jobs:
- dev-deps
if: "!github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'heavy-tests')"
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: ✨ Run feature powerset checks
run: nix build ".#checks.$(nix eval --impure --expr 'builtins.currentSystem').featurePowerset"
cadical-each-feature:
Expand All @@ -177,7 +209,10 @@ jobs:
- dev-deps
if: "!github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'solvers/cadical')"
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🧪 Test each feature
run: nix develop ".#ci" --command cargo hack --each-feature --clean-per-run --exclude-features logging nextest run -p rustsat-cadical
kissat-each-feature:
Expand All @@ -187,6 +222,9 @@ jobs:
- dev-deps
if: "!github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'solvers/kissat')"
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🧪 Test each feature
run: nix develop ".#ci" --command cargo hack --each-feature --clean-per-run nextest run -p rustsat-kissat
10 changes: 10 additions & 0 deletions .github/workflows/non-linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ env:
CARGO_TERM_COLOR: always
RUSTFLAGS: -Dwarnings
RUSTDOCFLAGS: -Dwarnings
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
Expand All @@ -14,7 +15,10 @@ jobs:
name: 🧪 MacOS workspace tests
runs-on: macos-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- uses: taiki-e/install-action@380f1e611385ce740b81d9841ae7fb08ef55add0 # nextest
- name: 🧪 Run tests
Expand All @@ -23,7 +27,10 @@ jobs:
name: 🧪 Windows workspace tests
runs-on: windows-latest
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- uses: taiki-e/install-action@380f1e611385ce740b81d9841ae7fb08ef55add0 # nextest
- name: 🧪 Run tests
Expand All @@ -35,7 +42,10 @@ jobs:
os: [macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/pages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ permissions:
contents: read
pages: write
id-token: write
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
Expand All @@ -17,8 +19,11 @@ jobs:
build:
runs-on: [self-hosted, nix]
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🏗️ Build pages
run: nix build .#pages
- name: ⬆️ Upload artifact
Expand All @@ -33,6 +38,7 @@ jobs:
runs-on: ubuntu-latest
needs: build
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- name: 🫙 Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5
14 changes: 11 additions & 3 deletions .github/workflows/pyapi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ jobs:
target: [x86_64, x86, aarch64, armv7, s390x, ppc64le]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: '3.14'
Expand All @@ -27,7 +29,7 @@ jobs:
with:
target: ${{ matrix.target }}
args: --release --out dist --manifest-path pyapi/Cargo.toml
sccache: 'true'
sccache: false
manylinux: auto
- name: Upload wheels
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
Expand All @@ -42,6 +44,8 @@ jobs:
target: [x64, x86]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: '3.14'
Expand All @@ -51,7 +55,7 @@ jobs:
with:
target: ${{ matrix.target }}
args: --release --out dist --manifest-path pyapi/Cargo.toml
sccache: 'true'
sccache: false
- name: Upload wheels
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
Expand All @@ -65,6 +69,8 @@ jobs:
target: [x86_64, aarch64]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with:
python-version: '3.14'
Expand All @@ -73,7 +79,7 @@ jobs:
with:
target: ${{ matrix.target }}
args: --release --out dist --manifest-path pyapi/Cargo.toml
sccache: 'true'
sccache: false
- name: Upload wheels
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
Expand All @@ -84,6 +90,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Build sdist
uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1
with:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/release-plz.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ jobs:
with:
fetch-depth: 0
token: ${{ steps.generate-token.outputs.token }}
persist-credentials: false
- name: Run release-plz
run: nix develop ".#releasePlz" --command release-plz release --git-token "${GITHUB_TOKEN}" -o json
env:
Expand Down Expand Up @@ -55,6 +56,7 @@ jobs:
with:
fetch-depth: 0
token: ${{ steps.generate-token.outputs.token }}
persist-credentials: false
- name: Configure git user from GitHub token
uses: release-plz/git-config@59144859caf016f8b817a2ac9b051578729173c4
env:
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/semver-checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ jobs:
name: 🛡️ Semver checks
runs-on: [self-hosted, nix]
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: 🛡️ Run semver checks
run: nix run nixpkgs#just semver-checks
Loading