feat: initial CI/CD workflow for uds2sovd-proxy#3
feat: initial CI/CD workflow for uds2sovd-proxy#3arvindr19 wants to merge 5 commits intoeclipse-opensovd:mainfrom
Conversation
arvindr19
force-pushed
the
feature/initial-implementation
branch
from
79ffa38 to
04dfc15
Compare
arvindr19
changed the title
.github/workflows/build.yml
Outdated
| needs: format_and_clippy_nightly_toolchain_pinned | ||
| concurrency: | ||
| group: format_and_clippy_nightly_toolchain_latest-${{ github.ref }} | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
good for now but we should create a github issue to follow-up on this topic. since CI workflows should never depend on a latest image. imagine someone updating this and potentially breaking all CI workflow due to some potential incompatibility
There was a problem hiding this comment.
Agreed. we're using ubuntu-latest and windows-latest which can introduce breaking changes. I'll create a follow-up issue.
.github/workflows/build.yml
Outdated
| concurrency: | ||
| group: format_and_clippy_nightly_toolchain_latest-${{ github.ref }} | ||
| runs-on: ubuntu-latest | ||
| continue-on-error: true |
There was a problem hiding this comment.
really? why not fail fast? that would save resources (which are expensive)
deny.toml
Outdated
| [graph] | ||
| targets = [ | ||
| "aarch64-unknown-linux-gnu", | ||
| "aarch64-apple-darwin", |
There was a problem hiding this comment.
Added TODO, BTW which platform we support officially?
There was a problem hiding this comment.
for OpenSOVD, I must admit I cannot say. For S-CORE, however, we actually need aarch64-qnx-nto-gnu
There was a problem hiding this comment.
Kept targets and Added TODO, will update once we know which platforms are supported.
There was a problem hiding this comment.
I would disagree here. Please remove especially such one until we know exactly that we really need to support it.
deny.toml
Outdated
| # List of explicitly allowed licenses | ||
| # See https://spdx.org/licenses/ for list of possible licenses | ||
| # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. | ||
| allow = ["Apache-2.0", "BSD-3-Clause", "ISC", "MIT", "Unicode-3.0", "Zlib"] |
There was a problem hiding this comment.
this is unexpected. we should doublecheck. I though that that only "Apache-2.0" as well as "MIT" would be allowed
There was a problem hiding this comment.
As of now, we don’t need any licenses other than Apache-2.0 and MIT. However, if we use crates in the future that are licensed under something else, we’ll need to add those licenses here.
There was a problem hiding this comment.
Yes, but then we must also only add such new allowed licenses here exactly at that point. So for now, let's just stick to these two ones.
There was a problem hiding this comment.
Kept only 2 licenses Apache-2.0 and MIT
deny.toml
Outdated
| unknown-registry = "warn" | ||
| unknown-git = "warn" |
There was a problem hiding this comment.
Good to know, Updated to deny
| "https://github.com/alexmohr/aide.git", | ||
| "https://github.com/alexmohr/flatbuffers.git", |
There was a problem hiding this comment.
please add comments that these are subject to be clarified and/or removed
| ] | ||
| ``` | ||
|
|
||
| ## Imports |
There was a problem hiding this comment.
add newline after for consistency
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@master | ||
| with: | ||
| toolchain: 1.88.0 |
There was a problem hiding this comment.
please also create a follow-up issue that this property/setting must get consumed via cicd-workflows repo
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: false |
There was a problem hiding this comment.
so clippy really does not need any deps of the code it checks?
There was a problem hiding this comment.
No separate dependency fetch step is needed: cargo clippy is a semantic linter that requires compiled dependencies.
Cargo automatically resolves, downloads, and compiles all crates from the registry as part of the clippy invocation, no explicit cargo fetch step is require
| - name: Format and Clippy - Nightly toolchain latest | ||
| uses: eclipse-opensovd/cicd-workflows/rust-lint-and-format-action@f829f9a9b93129170b25ae6769985ddff14fd252 | ||
| with: | ||
| toolchain: nightly | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fail-on-format-error: "false" | ||
| fail-on-clippy-error: "false" | ||
| clippy-deny-warnings: "false" |
There was a problem hiding this comment.
why this duplicated workflow?
There was a problem hiding this comment.
This step is intentionally non-blocking (all fail-on-* are "false") it provides early visibility into upcoming nightly breakage so issues can be fixed before the pinned toolchain is updated.
There was a problem hiding this comment.
So what would be the benefit for devs' PRs? So what would they do? Fix stuff proactively, is that the rationale?
There was a problem hiding this comment.
IMO Yes, proactive fixing is exactly the rationale. The non-blocking nightly step acts as an early warning system. When a developer opens a PR, they immediately see without any extra effort, whether their code is on a collision course with an upcoming nightly toolchain change. They can choose to fix it then and there, while the context is fresh, rather than being surprised later
deny.toml
Outdated
| [graph] | ||
| targets = [ | ||
| "aarch64-unknown-linux-gnu", | ||
| "aarch64-apple-darwin", |
There was a problem hiding this comment.
I would disagree here. Please remove especially such one until we know exactly that we really need to support it.
deny.toml
Outdated
| # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. | ||
| allow = ["Apache-2.0", "MIT"] | ||
|
|
||
| confidence-threshold = 0.8 |
There was a problem hiding this comment.
what is this property about?
There was a problem hiding this comment.
Minimum confidence score (0.0-1.0) for license detection heuristics.
cargo-deny uses text similarity to detect licenses when an SPDX identifier is absent. 0.8 means the detected license must match the known template at 80% similarity before it is accepted. Values below this threshold are treated as unknown and denied.
There was a problem hiding this comment.
hmm, then let's maybe start with 0.9 instead and lower the value if really required at some point?
arvindr19
force-pushed
the
feature/initial-implementation
branch
from
b088bea to
832c05f
Compare
stmuench
left a comment
stmuench
left a comment
There was a problem hiding this comment.
Can we somehow invoke these new workflow manually for this PR? To be sure that they are actually working here in github?
|
2 participants
Summary
initial CI/CD workflow for uds2sovd-proxy
Checklist