mirror of
https://github.com/martinvonz/jj.git
synced 2024-11-28 17:41:14 +00:00
af76631021
The new code scanner is complaining that actions have permissions to do too much. It wasn't obvious to me what permissions the jobs need, but let's see how this works.
89 lines
2 KiB
YAML
89 lines
2 KiB
YAML
name: build
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
permissions: read-all
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ${{ matrix.operating-system }}
|
|
strategy:
|
|
matrix:
|
|
operating-system: [ ubuntu-latest, windows-latest, macos-latest ]
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install Rust (stable)
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: stable
|
|
override: true
|
|
profile: minimal
|
|
- name: Build
|
|
uses: actions-rs/cargo@v1
|
|
with:
|
|
command: build
|
|
args: --workspace --verbose
|
|
- name: Test
|
|
uses: actions-rs/cargo@v1
|
|
with:
|
|
command: test
|
|
args: --workspace --verbose
|
|
env:
|
|
RUST_BACKTRACE: 1
|
|
|
|
rustfmt:
|
|
name: Check formatting
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: nightly
|
|
profile: minimal
|
|
components: rustfmt
|
|
override: true
|
|
- uses: actions-rs/cargo@v1
|
|
with:
|
|
command: fmt
|
|
args: --all -- --check
|
|
|
|
clippy-stable:
|
|
name: Clippy check (stable)
|
|
permissions:
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: stable
|
|
profile: minimal
|
|
components: clippy
|
|
override: true
|
|
- uses: actions-rs/clippy-check@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
args: --all-features --workspace
|
|
|
|
clippy-nightly:
|
|
name: Clippy check (nightly)
|
|
permissions:
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: nightly
|
|
profile: minimal
|
|
components: clippy
|
|
override: true
|
|
- uses: actions-rs/clippy-check@v1
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
args: --all-features --workspace
|