Make CI workflows slightly more readable, usable, and maintainable #43
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This applies the prevailing style more consistently with respect to indentation. It also adds newlines between separate job definitions where they were not present, which was slightly less prevalent than not having them, but which seems to improve readability.
This adds patterns besides the literal name `main` so CI runs on `push` to any branch that has `run-ci` as a non-trailing component. It also adds a `workflow_dispatch` trigger so the workflow can be run (on any branch) manually from the Actions tab. These are to make the workflow easier to run in forks, roughly analogous to GitoxideLabs/gitoxide#1507.
This enables grouped Dependabot version updates, for GitHub Actions only (not for Rust dependncies). Currently some actions in use in this project's workflows specify old major versions that are not currently maintained with bug fixes and that use old unsupported Node.js version. This includes an old version of `actions/checkout` (using `v3`, where `v4` is needed to ensure a supported version of Node.js is used) and SARIF-related actions. On the latter, see: https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/ Under this new configuration, Dependabot will open a single pull request to upgrade all actions that have available updates, followed by pull request monthly or less for this in the future.
|
Thanks so much 🙏! |
EliahKagan
added a commit
to EliahKagan/cargo-smart-release
that referenced
this pull request
Apr 17, 2025
This enables grouped Dependabot version updates for Rust (`cargo`) dependencies. Previously, only GitHub Actions dependencies were updated with Dependabot in this repository; see ed59e97 (GitoxideLabs#43). The updates are grouped, so there is one one Dependabot version update PR for Rust dependencies per month, unless the Dependabot configuration is changed (in any way, as that reruns the update check). If Dependabot security updates are enabled, pull requests would still be opened for those, immediately when an advisory enters the GHSA database (Dependabot security updates are separate from Dependabot version updates).
EliahKagan
added a commit
to EliahKagan/cargo-smart-release
that referenced
this pull request
Apr 17, 2025
This enables grouped Dependabot version updates for Rust (`cargo`) dependencies. Previously, only GitHub Actions dependencies were updated with Dependabot in this repository; see ed59e97 (GitoxideLabs#43). The updates are grouped, so there is one one Dependabot version update PR for Rust dependencies per month, unless the Dependabot configuration is changed (in any way, as that reruns the update check). If Dependabot security updates are enabled, pull requests would still be opened for those, immediately when an advisory enters the GHSA database (Dependabot security updates are separate from Dependabot version updates).
EliahKagan
added a commit
to EliahKagan/cargo-smart-release
that referenced
this pull request
Apr 17, 2025
This enables grouped Dependabot version updates for Rust (`cargo`) dependencies. Previously, only GitHub Actions dependencies were updated with Dependabot in this repository; see ed59e97 (GitoxideLabs#43). The updates are grouped. So there is one one Dependabot version update PR for Rust dependencies per month, unless: - The Dependabot update check is manually triggered, *or* - `dependabot.yml` is changed (any change reruns update checks). Because Dependabot security updates are enabled, pull requests shall still be opened for those, immediately when an advisory enters the GHSA database, provided that Dependabot is actually able to create the update. (Dependabot security updates are separate from Dependabot version updates.)
EliahKagan
added a commit
to EliahKagan/cargo-smart-release
that referenced
this pull request
Apr 17, 2025
This enables grouped Dependabot version updates for Rust (`cargo`) dependencies. Previously, only GitHub Actions dependencies were updated with Dependabot in this repository; see ed59e97 (GitoxideLabs#43). The updates are grouped. So there is one one Dependabot version update PR for Rust dependencies per month, unless: - The Dependabot update check is manually triggered, *or* - `dependabot.yml` is changed (any change reruns update checks). Because Dependabot security updates are enabled, pull requests shall still be opened for those, immediately when an advisory enters the GHSA database, provided that Dependabot is actually able to create the update. (Dependabot security updates are separate from Dependabot version updates.)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This proposes a few improvements to CI workflows:
pushtrigger not just onmainbut also on branches with non-trailingrun-cicomponents, to make it easier for people to run the workflow on feature branches in forks who wish to do so.The commit messages have more information about each of these changes.
Currently, all new CI runs fail in the clippy job due to new clippy errors. #41 would fix that, so if #41 is merged, then this could be rebased onto main to make all tests pass.