From e4f789120d37c62d37d3e400e492975c973b29a6 Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Thu, 22 Jan 2026 12:15:12 -0800 Subject: [PATCH] ci: Replace disallowed GitHub Actions with alternatives MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Gusto's enterprise policy blocks third-party actions not on the allowlist. The failing actions were dorny/paths-filter, swatinem/rust-cache, and re-actors/alls-green. Split on-pull-request.yml into separate test.yml and docs.yml workflows that use native `on.pull_request.paths` filtering instead of paths-filter. Replace rust-cache with actions/cache@v4 using the same cargo paths. Remove the alls-green status aggregator—branch protection can require individual workflow checks directly. Assisted-by: Claude Opus 4.5 (claude-code) --- .github/workflows/docs.yml | 11 ++++ .github/workflows/on-main.yml | 20 +++++++- .github/workflows/on-pull-request.yml | 72 --------------------------- .github/workflows/test.yml | 42 ++++++++++++++++ 4 files changed, 71 insertions(+), 74 deletions(-) create mode 100644 .github/workflows/docs.yml delete mode 100644 .github/workflows/on-pull-request.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..282067d --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,11 @@ +name: Docs + +on: + pull_request: + paths: + - 'docs/**' + - '.github/workflows/*' + +jobs: + build-docs: + uses: ./.github/workflows/gh-page.yml diff --git a/.github/workflows/on-main.yml b/.github/workflows/on-main.yml index 2ef910c..25e4c21 100644 --- a/.github/workflows/on-main.yml +++ b/.github/workflows/on-main.yml @@ -13,7 +13,15 @@ jobs: steps: - uses: actions/checkout@v4 - run: rustup update - - uses: Swatinem/rust-cache@v2 + - uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - name: cargo build run: cargo build - name: cargo check @@ -47,7 +55,15 @@ jobs: token: ${{ steps.app-token.outputs.token }} fetch-depth: 0 - - uses: swatinem/rust-cache@v2 + - uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - name: Install cargo-release run: cargo install cargo-release@0.25.6 diff --git a/.github/workflows/on-pull-request.yml b/.github/workflows/on-pull-request.yml deleted file mode 100644 index db9da96..0000000 --- a/.github/workflows/on-pull-request.yml +++ /dev/null @@ -1,72 +0,0 @@ -on: [pull_request] - -name: Continuous integration - -jobs: - filter: - runs-on: ubuntu-latest - outputs: - docs: ${{ steps.filter.outputs.docs }} - artifacts: ${{ steps.filter.outputs.artifacts }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - artifacts: - - '**/*.rs' - - 'Cargo.*' - - '**/Cargo.*' - - 'Cross.toml' - - '.github/bin/*' - - '.github/workflows/*' - - 'rust-toolchain.toml' - docs: - - 'docs/**' - - '.github/workflows/*' - tests: - needs: [ filter ] - if: ${{ needs.filter.outputs.artifacts == 'true' }} - name: Run Tests - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - run: rustup update - - uses: Swatinem/rust-cache@v2 - - name: cargo build - run: cargo build - - name: cargo check - run: cargo check - ## Cargo test - - name: cargo test - run: cargo test - - name: check for changes - run: git diff --quiet && git diff --cached --quiet - ## Cargo fmt - - run: rustup component add rustfmt - - name: cargo fmt - run: cargo fmt --all -- --check - ## Cargo clippy - - name: cargo clippy - run: cargo clippy -- -D warnings - - build-docs: - needs: [ filter ] - if: ${{ needs.filter.outputs.docs == 'true' }} - uses: ./.github/workflows/gh-page.yml - - check: - if: always() - needs: - - build-docs - - tests - runs-on: ubuntu-latest - steps: - - name: Decide whether the needed jobs succeeded or failed - uses: re-actors/alls-green@release/v1 - with: - allowed-skips: build-docs,build-artifacts,tests - jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..c3962aa --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,42 @@ +name: Tests + +on: + pull_request: + paths: + - '**/*.rs' + - 'Cargo.*' + - '**/Cargo.*' + - 'Cross.toml' + - '.github/bin/*' + - '.github/workflows/*' + - 'rust-toolchain.toml' + +jobs: + tests: + name: Run Tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: rustup update + - uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + target + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + - name: cargo build + run: cargo build + - name: cargo check + run: cargo check + - name: cargo test + run: cargo test + - name: check for changes + run: git diff --quiet && git diff --cached --quiet + - run: rustup component add rustfmt + - name: cargo fmt + run: cargo fmt --all -- --check + - name: cargo clippy + run: cargo clippy -- -D warnings