Files
pezkuwi-sdk/.github/workflows/checks.yml
T
pezkuwichain 2ff04aef55 fix: add git safe.directory for containerized CI with persistent cache
When using persistent cargo cache mounted from host directory, the container
user differs from the directory owner, causing git "dubious ownership" error.
This fix adds `git config --global --add safe.directory '*'` before cargo
commands in containerized jobs.
2026-01-28 04:37:43 +03:00

136 lines
4.6 KiB
YAML

name: Checks
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
cargo-clippy:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 45
container:
image: ${{ needs.preflight.outputs.IMAGE }}
volumes:
- /cache/cargo-target/pezkuwi-sdk:/cache/target
env:
RUSTFLAGS: "-D warnings"
SKIP_WASM_BUILD: 1
CARGO_INCREMENTAL: 0
CARGO_TARGET_DIR: /cache/target
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
with:
shared-key: clippy
cache-on-failure: true
- name: Add wasm32v1-none target
run: rustup target add wasm32v1-none || true
- name: script
id: required
run: |
git config --global --add safe.directory '*'
cargo clippy --all-targets --all-features --locked --workspace --quiet
check-try-runtime:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 45
container:
image: ${{ needs.preflight.outputs.IMAGE }}
volumes:
- /cache/cargo-target/pezkuwi-sdk:/cache/target
env:
SKIP_WASM_BUILD: 1
CARGO_INCREMENTAL: 0
CARGO_TARGET_DIR: /cache/target
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
with:
shared-key: try-runtime
cache-on-failure: true
- name: script
id: required
run: |
git config --global --add safe.directory '*'
cargo check --locked --all --features try-runtime --quiet
# Check that teyrchain-template will compile with `try-runtime` feature flag.
cargo check --locked -p teyrchain-template-node --features try-runtime
# experimental code may rely on try-runtime and vice-versa
cargo check --locked --all --features try-runtime,experimental --quiet
# TEMPORARILY DISABLED: check-core-crypto-features
# Reason: serde 1.0.218+ introduces serde_core which causes duplicate panic_impl
# when building wasm32 with --features=serde. alloy-consensus requires serde >= 1.0.226
# so we cannot pin to older serde.
# Tracking issue: https://github.com/pezkuwichain/pezkuwi-sdk/issues/355
# Upstream: https://github.com/serde-rs/serde/issues (to be filed)
# TODO: Re-enable when serde fixes the wasm32 + no_std + serde feature combination
#
# check-core-crypto-features:
# runs-on: ${{ needs.preflight.outputs.RUNNER }}
# needs: [preflight]
# if: ${{ needs.preflight.outputs.changes_rust }}
# timeout-minutes: 30
# container:
# image: ${{ needs.preflight.outputs.IMAGE }}
# steps:
# - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
# - name: script
# id: required
# run: |
# cd bizinikiwi/primitives/core
# ./check-features-variants.sh
# cd -
# cd bizinikiwi/primitives/application-crypto
# ./check-features-variants.sh
# cd -
# cd bizinikiwi/primitives/keyring
# ./check-features-variants.sh
# cd -
# name of this job must be unique across all workflows
# otherwise GitHub will mark all these jobs as required
confirm-required-checks-passed:
runs-on: ubuntu-latest
name: All checks passed
# If any new job gets added, be sure to add it to this array
# NOTE: check-core-crypto-features temporarily removed - see comment above
needs: [cargo-clippy, check-try-runtime]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi