diff --git a/.github/list-crates.sh b/.github/list-crates.sh index c126c9f686..620aea625d 100755 --- a/.github/list-crates.sh +++ b/.github/list-crates.sh @@ -19,28 +19,21 @@ find_manifest() { # Build an expression to match all changed manifests. manifest_expr() { - expr=false - + printf '%s' 'false' for file in "$@" ; do - # If the workflow changes or root Cargo.toml changes, run checks for all crates in the repo. - if [[ "$file" = .github/* ]] || [ "$file" = "Cargo.toml" ]; then - expr="startswith(\"$PWD\")" - break - fi - - # Otherwise, only run checks for changes to subcrates (and not the top-level crate). m=$(find_manifest "$file") if [ "$m" != "Cargo.toml" ]; then - expr="$expr or (. == \"$m\")" + printf ' or (. == "%s")' "$m" fi done - - echo "$expr" + printf '\n' } +expr=$(manifest_expr "$@") + # Get the crate names for all changed manifest directories. crates=$(cargo metadata --locked --format-version=1 \ - | jq -cr "[.packages[] | select(.manifest_path | $(manifest_expr "$@")) | .name]") + | jq -cr "[.packages[] | select(.manifest_path | $expr) | .name]") echo "crates=$crates" >> "$GITHUB_OUTPUT" echo "$crates" | jq . diff --git a/.github/workflows/check-all.yml b/.github/workflows/check-all.yml deleted file mode 100644 index 47627fe16d..0000000000 --- a/.github/workflows/check-all.yml +++ /dev/null @@ -1,41 +0,0 @@ -# Check all crates. -# -# This workflow checks that `Cargo.lock` is configured sufficiently so that each -# crate can be compiled on its -# own. -name: check-all - -permissions: - contents: read - -on: - pull_request: - paths: - - Cargo.lock - - .github/workflows/check-all.yml - - justfile - -env: - RUSTFLAGS: "-D warnings -A deprecated -C debuginfo=0" - -jobs: - cleanup: - runs-on: ubuntu-latest - permissions: - actions: write - steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa - with: - all_but_latest: true - access_token: ${{ github.token }} - - check-all: - timeout-minutes: 20 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: just check --exclude=linkerd-meshtls-boring - - run: just check --exclude=linkerd-meshtls-boring --features=pprof diff --git a/.github/workflows/check-each.yml b/.github/workflows/check-each.yml deleted file mode 100644 index 0bf067a9fa..0000000000 --- a/.github/workflows/check-each.yml +++ /dev/null @@ -1,70 +0,0 @@ -# Check each crate independently. Helps to catch dependency issues. -# -# Code changes are exercised via the `test` and `lint` workflows. This workflow just checks that -# each crate's `Cargo.toml` is configured sufficiently so that each crate can be compiled on its -# own. -name: check-each - -permissions: - contents: read - -on: - pull_request: - paths: - - "**/Cargo.toml" - - "**/*.rs" - - .github/workflows/check-each.yml - - .github/list-crates.sh - - justfile - -env: - CARGO_INCREMENTAL: 0 - CARGO_NET_RETRY: 10 - RUSTUP_MAX_RETRIES: 10 - RUSTFLAGS: "-D warnings -A deprecated -C debuginfo=0" - -jobs: - cleanup: - runs-on: ubuntu-latest - permissions: - actions: write - steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa - with: - all_but_latest: true - access_token: ${{ github.token }} - - list-changed-crates: - timeout-minutes: 10 - runs-on: ubuntu-latest - container: docker://ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 - id: changed-files - with: - files: | - **/Cargo.toml - **/*.rs - .github/workflows/check-each.yml - - name: List changed crates - id: changed-crates - run: ./.github/list-crates.sh ${{ steps.changed-files.outputs.all_changed_files }} - outputs: - crates: ${{ steps.changed-crates.outputs.crates }} - - check-each: - needs: list-changed-crates - timeout-minutes: 20 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - strategy: - matrix: - crate: ${{ fromJson(needs.list-changed-crates.outputs.crates) }} - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: just check-crate ${{ matrix.crate }} - diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 90336dd218..609d68767b 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,21 +1,18 @@ name: coverage -permissions: - contents: read - on: # We run coverage on main so that PRs can have a meaninful comparison that # doesn't lag a whole day. push: - branches: - - main + branches: [main] + pull_request: {} + +permissions: + contents: read - # Coverage runs on all code changes (as well as changes to the workflow). - pull_request: - paths: - - .codecov.yml - - .github/workflows/coverage.yml - - '**/*.rs' +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref }} + cancel-in-progress: true env: CARGO_INCREMENTAL: 0 @@ -24,20 +21,25 @@ env: RUSTUP_MAX_RETRIES: 10 jobs: - # Cancel any previous runs of this workflow so coverage runs don't back up, - # especially on main (i.e. after merging several PRs). - cleanup: + meta: + timeout-minutes: 5 runs-on: ubuntu-latest - permissions: - actions: write steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa + - id: changed + uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 with: - all_but_latest: true - access_token: ${{ github.token }} + files: | + .codecov.yml + .github/workflows/coverage.yml + **/*.rs + ignore_files: | + *-proto/** + outputs: + any_changed: ${{ steps.changed.outputs.any_changed }} - test: - name: codecov + codecov: + needs: meta + if: github.event_name == 'push' || needs.meta.outputs.any_changed runs-on: ubuntu-latest timeout-minutes: 30 container: diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml deleted file mode 100644 index d6e634fcbe..0000000000 --- a/.github/workflows/deps.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Audits dependencies with cargo-deny -name: deps - -permissions: - contents: read - -on: - pull_request: - paths: - - justfile - - Cargo.lock - - deny.toml - - .github/workflows/deps.yml - -env: - CARGO_INCREMENTAL: 0 - CARGO_NET_RETRY: 10 - RUSTFLAGS: "-D warnings -A deprecated -C debuginfo=0" - RUSTUP_MAX_RETRIES: 10 - -jobs: - # Check for security advisories. - # - # Failures are not fatal, since issues are opened in the linkerd2 repo via rustsecbot. - advisories: - timeout-minutes: 10 - runs-on: ubuntu-latest - continue-on-error: true - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: EmbarkStudios/cargo-deny-action@64015a69ee7ee08f6c56455089cdaf6ad974fd15 - with: - command: check advisories - - # Audit licenses, unreleased crates, and unexpected duplicate versions. - bans: - timeout-minutes: 10 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - uses: EmbarkStudios/cargo-deny-action@64015a69ee7ee08f6c56455089cdaf6ad974fd15 - with: - command: check bans licenses sources - - # Check for upstream deprecations - deprecated: - timeout-minutes: 20 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: RUSTFLAGS="-D deprecated" just check --exclude=linkerd-meshtls-boring - diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml deleted file mode 100644 index d046598823..0000000000 --- a/.github/workflows/integration.yml +++ /dev/null @@ -1,60 +0,0 @@ -# Run integration tests -name: integration - -permissions: - contents: read - -on: - pull_request: - paths: - - Cargo.lock - - "**/*.rs" - - "**/*.toml" - - justfile - - .github/workflows/integration.yml - -env: - CARGO_INCREMENTAL: 0 - CARGO_NET_RETRY: 10 - RUSTFLAGS: "-D warnings -A deprecated -C debuginfo=0" - RUSTUP_MAX_RETRIES: 10 - -# Run only the app-level tests. These may take longer to compile (usually due to very large stack -# types) and have the potential to be flakey as they depend on opening sockets and may have timing -# sensitivity. -jobs: - cleanup: - runs-on: ubuntu-latest - permissions: - actions: write - steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa - with: - all_but_latest: true - access_token: ${{ github.token }} - - test: - timeout-minutes: 20 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: | - just test-crate linkerd-app --no-run \ - --package=linkerd-app-core \ - --package=linkerd-app-gateway \ - --package=linkerd-app-inbound \ - --package=linkerd-app-outbound \ - --package=linkerd-app-test - - run: | - just test-crate linkerd-app \ - --package=linkerd-app-core \ - --package=linkerd-app-gateway \ - --package=linkerd-app-inbound \ - --package=linkerd-app-outbound \ - --package=linkerd-app-test - - run: just test-crate linkerd-app-integration --no-default-features --no-run - - run: just test-crate linkerd-app-integration --no-default-features - diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml deleted file mode 100644 index 70fe0c94ca..0000000000 --- a/.github/workflows/k8s.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: k8s - -permissions: - contents: read - -on: - pull_request: - paths: - - Cargo.lock - - Dockerfile - - "**/*.rs" - - "**/*.toml" - - justfile - - .github/workflows/k8s.yml - -jobs: - cleanup: - runs-on: ubuntu-latest - permissions: - actions: write - steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa - with: - all_but_latest: true - access_token: ${{ github.token }} - - k3d-linkerd-install: - timeout-minutes: 20 - runs-on: ubuntu-latest - - steps: - - uses: linkerd/dev/actions/setup-tools@v43 - - - name: Install linkerd CLI (edge) - id: linkerd - run: | - scurl https://run.linkerd.io/install-edge | sh - echo "PATH=$PATH:$HOME/.linkerd2/bin" >> "$GITHUB_ENV" - export PATH="$PATH:$HOME/.linkerd2/bin" - tag=$(linkerd version --client --short) - echo "linkerd $tag" - echo "LINKERD_TAG=$tag" >> "$GITHUB_ENV" - - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: just docker - - - run: just-k3d create - - run: just k3d-load-linkerd - - - run: just linkerd-install - - run: just linkerd-check-contol-plane-proxy - env: - TMPDIR: ${{ runner.temp }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 39d49e4def..0000000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,49 +0,0 @@ -# Each job should typically run in under 5 minutes. -name: lint - -permissions: - contents: read - -on: - pull_request: - paths: - - "**/*.rs" - - justfile - - .github/workflows/lint.yml - -env: - CARGO_INCREMENTAL: 0 - CARGO_NET_RETRY: 10 - RUSTUP_MAX_RETRIES: 10 - RUSTFLAGS: "-D warnings -A deprecated -C debuginfo=0" - -jobs: - clippy: - timeout-minutes: 10 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: just clippy - - fmt: - timeout-minutes: 10 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just check-fmt - - docs: - timeout-minutes: 10 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: just doc - diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000000..8375fe4920 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,122 @@ +name: Pull Request +on: pull_request + +env: + CARGO_INCREMENTAL: 0 + CARGO_NET_RETRY: 10 + RUSTUP_MAX_RETRIES: 10 + RUSTFLAGS: "-D warnings -D deprecated -C debuginfo=0" + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref }} + cancel-in-progress: true + +jobs: + meta: + timeout-minutes: 5 + runs-on: ubuntu-latest + steps: + - id: build + uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 + with: + files: | + .github/workflows/pr.yml + justfile + - id: cargo + uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 + with: + files: '**/Cargo.toml' + ignored_files: 'Cargo.toml' + - id: rust + uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 + with: + files: '**/*.rs' + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - id: cargo-crates + if: steps.cargo.outputs.any_changed + run: ./.github/list-crates.sh ${{ steps.cargo.outputs.all_changed_files }} + - run: | + echo 'build: ${{ steps.build.outputs.all_changed_files }}' + echo 'cargo: ${{ steps.cargo.outputs.all_changed_files }}' + echo 'crates: ${{ steps.cargo-crates.outputs.crates }}' + echo 'rust: ${{ steps.rust.outputs.all_changed_files }}' + outputs: + any_changed: ${{ steps.build.outputs.any_changed || steps.cargo.outputs.any_changed || steps.rust.outputs.any_changed }} + build_changed: ${{ steps.build.outputs.any_changed }} + cargo_changed: ${{ steps.cargo.outputs.any_changed }} + cargo_crates: ${{ steps.cargo-crates.outputs.crates }} + rust_changed: ${{ steps.rust.outputs.any_changed }} + + rust: + needs: meta + if: needs.meta.outputs.any_changed == 'true' + runs-on: ubuntu-latest + container: ghcr.io/linkerd/dev:v43-rust + permissions: + contents: read + timeout-minutes: 20 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 + - run: just fetch + - name: cargo deny check bans licenses sources + uses: EmbarkStudios/cargo-deny-action@64015a69ee7ee08f6c56455089cdaf6ad974fd15 + with: + command: check bans licenses sources + - run: just check-fmt + - run: just clippy + - run: just doc + - run: just test --exclude=linkerd2-proxy --no-run + - run: just test --exclude=linkerd2-proxy + + rust-crates: + needs: meta + if: needs.meta.outputs.cargo_changed == 'true' + timeout-minutes: 20 + runs-on: ubuntu-latest + container: ghcr.io/linkerd/dev:v43-rust + strategy: + matrix: + crate: ${{ fromJson(needs.meta.outputs.cargo_crates) }} + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 + - run: just fetch + - run: just check-crate ${{ matrix.crate }} + + linkerd-install: + needs: meta + if: needs.meta.outputs.any_changed == 'true' + timeout-minutes: 20 + runs-on: ubuntu-latest + steps: + - uses: linkerd/dev/actions/setup-tools@v43 + - name: scurl https://run.linkerd.io/install-edge | sh + run: | + scurl https://run.linkerd.io/install-edge | sh + echo "PATH=$PATH:$HOME/.linkerd2/bin" >> "$GITHUB_ENV" + export PATH="$PATH:$HOME/.linkerd2/bin" + tag=$(linkerd version --client --short) + echo "linkerd $tag" + echo "LINKERD_TAG=$tag" >> "$GITHUB_ENV" + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - run: just docker + - run: just-k3d create + - run: just k3d-load-linkerd + - run: just linkerd-install + - run: just linkerd-check-contol-plane-proxy + env: + TMPDIR: ${{ runner.temp }} + + auto-merge: + needs: [rust, rust-crates, linkerd-install] + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v4 + - run: gh pr merge '${{ github.event.pull_request.number }}' --auto --merge + env: + GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 309088c899..c07c8e31d8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,12 +1,7 @@ name: release on: - pull_request: - paths: - - .github/actions/package/* - - .github/workflows/release.yml - - justfile - - Cargo.toml # For release build settings + pull_request: {} push: tags: - "release/*" @@ -21,17 +16,11 @@ env: RUSTFLAGS: "-D warnings -A deprecated" RUSTUP_MAX_RETRIES: 10 -jobs: - cleanup: - runs-on: ubuntu-latest - permissions: - actions: write - steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa - with: - all_but_latest: true - access_token: ${{ github.token }} +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref }} + cancel-in-progress: true +jobs: meta: timeout-minutes: 5 runs-on: ubuntu-latest @@ -57,13 +46,24 @@ jobs: echo archs='["amd64"]' ) >> "$GITHUB_OUTPUT" fi + - id: changed + uses: tj-actions/changed-files@800a2825992141ddde1a8bca8ad394cec34d3188 + with: + files: | + .github/actions/package/* + .github/workflows/release.yml + justfile + Cargo.toml # For release build settings outputs: + changed: ${{ steps.changed.outputs.any_changed }} archs: ${{ steps.meta.outputs.archs }} publish: ${{ steps.meta.outputs.publish }} version: ${{ steps.meta.outputs.version }} package: needs: [meta] + if: needs.meta.outputs.changed == 'true' + strategy: matrix: arch: ${{ fromJson(needs.meta.outputs.archs) }} @@ -91,6 +91,7 @@ jobs: path: target/package/* publish: + if: needs.meta.outputs.changed == 'true' needs: [meta, package] runs-on: ubuntu-latest timeout-minutes: 5 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 85e5b693c0..0000000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,78 +0,0 @@ -# Runs tests that complete relatively quickly. -name: test - -permissions: - contents: read - -on: - pull_request: - paths: - - Cargo.lock - - "**/Cargo.toml" - - "**/*.rs" - - justfile - - .github/workflows/test.yml - -env: - CARGO_INCREMENTAL: 0 - CARGO_NET_RETRY: 10 - RUSTFLAGS: "-D warnings -A deprecated -C debuginfo=0" - RUSTUP_MAX_RETRIES: 10 - -jobs: - # Test the meshtls backends. - meshtls: - timeout-minutes: 10 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: just clippy-crate linkerd-meshtls --no-default-features --features=boring,rustls - - run: | - just test-crate linkerd-meshtls --no-default-features --features=boring,rustls --no-run \ - --package=linkerd-meshtls-boring \ - --package=linkerd-meshtls-rustls - - run: | - just test-crate linkerd-meshtls --no-default-features --features=boring,rustls \ - --package=linkerd-meshtls-boring \ - --package=linkerd-meshtls-rustls - - # Run non-integration tests. This should be quick. - unit: - timeout-minutes: 10 - runs-on: ubuntu-latest - container: ghcr.io/linkerd/dev:v43-rust - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - - run: git config --global --add safe.directory "$PWD" # actions/runner#2033 - - run: just fetch - - run: | - just test-build \ - --exclude=linkerd-app \ - --exclude=linkerd-app-admin \ - --exclude=linkerd-app-core \ - --exclude=linkerd-app-gateway \ - --exclude=linkerd-app-inbound \ - --exclude=linkerd-app-integration \ - --exclude=linkerd-app-outbound \ - --exclude=linkerd-app-test \ - --exclude=linkerd-meshtls \ - --exclude=linkerd-meshtls-boring \ - --exclude=linkerd-meshtls-rustls \ - --exclude=linkerd2-proxy - - run: | - just test \ - --exclude=linkerd-app \ - --exclude=linkerd-app-admin \ - --exclude=linkerd-app-core \ - --exclude=linkerd-app-gateway \ - --exclude=linkerd-app-inbound \ - --exclude=linkerd-app-integration \ - --exclude=linkerd-app-outbound \ - --exclude=linkerd-app-test \ - --exclude=linkerd-meshtls \ - --exclude=linkerd-meshtls-boring \ - --exclude=linkerd-meshtls-rustls \ - --exclude=linkerd2-proxy