actions/install-action
1
0
Fork 0
mirror of https://github.com/taiki-e/install-action.git synced 2026-05-10 06:30:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci,tools: Update config and script

Browse Source
This commit is contained in:
Taiki Endo
2026-05-10 04:37:10 +09:00
parent b50ba4b1ee
commit c4a3bf768d
5 changed files with 21 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.editorconfig
View File

@@ -11,7 +11,7 @@ indent_style = space
insert_final_newline = true insert_final_newline = true
trim_trailing_whitespace = true trim_trailing_whitespace = true
[*.{css,html,json,md,rb,sh,yml,yaml}] [*.{css,html,json,md,rb,ps1,sh,yml,yaml}]
indent_size = 2 indent_size = 2
[*.{js,yml,yaml}] [*.{js,yml,yaml}]

11
.github/workflows/ci.yml vendored
View File

@@ -32,20 +32,20 @@ concurrency:
jobs: jobs:
miri: miri:
uses: taiki-e/github-actions/.github/workflows/miri.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/miri.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
with: with:
# NB: sync with test job's --exclude option # NB: sync with test job's --exclude option
args: --exclude install-action-internal-codegen args: --exclude install-action-internal-codegen
msrv: msrv:
uses: taiki-e/github-actions/.github/workflows/msrv.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/msrv.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
test-manifest-schema: test-manifest-schema:
uses: taiki-e/github-actions/.github/workflows/test.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/test.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
with: with:
# NB: sync with miri job's --exclude option # NB: sync with miri job's --exclude option
test-args: --exclude install-action-internal-codegen test-args: --exclude install-action-internal-codegen
no-std: false no-std: false
tidy: tidy:
uses: taiki-e/github-actions/.github/workflows/tidy.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/tidy.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
permissions: permissions:
contents: write # for creating branch for pr contents: write # for creating branch for pr
pull-requests: write # unused (used in `codegen-automerge: true` case) pull-requests: write # unused (used in `codegen-automerge: true` case)
@@ -257,7 +257,8 @@ jobs:
- name: Install requirements (old debian) - name: Install requirements (old debian)
run: | run: |
# In Debian, the old repositories is removed from the main mirrors some time after EoL. # In Debian, the old repositories is removed from the main mirrors some time after EoL.
codename=$(grep -E '^VERSION_CODENAME=' /etc/os-release | cut -d= -f2) # shellcheck source=/dev/null
codename=$(. /etc/os-release; printf '%s\n' "${VERSION_CODENAME}")
sed -i /etc/apt/sources.list -e 's/deb.debian.org/archive.debian.org/g' \ sed -i /etc/apt/sources.list -e 's/deb.debian.org/archive.debian.org/g' \
-e 's|security.debian.org|archive.debian.org/|g' \ -e 's|security.debian.org|archive.debian.org/|g' \
-e "/${codename}-updates/d" -e "/${codename}-updates/d"

16
.github/workflows/manifest.yml vendored
View File

@@ -13,26 +13,13 @@ on:
- cron: '0 0,3,6,9,12,15,18,21 * * *' - cron: '0 0,3,6,9,12,15,18,21 * * *'
workflow_dispatch: workflow_dispatch:
env:
CARGO_INCREMENTAL: 0
CARGO_NET_GIT_FETCH_WITH_CLI: true
CARGO_NET_RETRY: 10
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUSTFLAGS: -D warnings
RUSTUP_MAX_RETRIES: 10
defaults:
run:
shell: bash --noprofile --norc -CeEuxo pipefail {0}
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
manifest: manifest:
uses: taiki-e/github-actions/.github/workflows/gen.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/gen.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
permissions: permissions:
contents: write # for creating branch for pr contents: write # for creating branch for pr
pull-requests: write # for gh pr review --approve pull-requests: write # for gh pr review --approve
@@ -44,6 +31,5 @@ jobs:
title: Update manifest title: Update manifest
branch: update-manifest branch: update-manifest
automerge: true automerge: true
install-rust: true
install-cosign: true install-cosign: true
install-parse-changelog: true install-parse-changelog: true

8
.github/workflows/release.yml vendored
View File

@@ -21,10 +21,6 @@ on:
- minor - minor
- major - major
defaults:
run:
shell: bash --noprofile --norc -CeEuo pipefail {0}
concurrency: concurrency:
group: ${{ github.workflow }} group: ${{ github.workflow }}
cancel-in-progress: false cancel-in-progress: false
@@ -32,7 +28,7 @@ concurrency:
jobs: jobs:
release: release:
if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action' if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action'
uses: taiki-e/github-actions/.github/workflows/action-release.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/action-release.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
permissions: permissions:
contents: write # for taiki-e/create-gh-release-action contents: write # for taiki-e/create-gh-release-action
secrets: secrets:
@@ -44,7 +40,7 @@ jobs:
release-manifest-schema: release-manifest-schema:
if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action-manifest-schema' if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action-manifest-schema'
uses: taiki-e/github-actions/.github/workflows/rust-release.yml@2474ed4664eb8903c151603a9d841512c069f7f6 # main uses: taiki-e/github-actions/.github/workflows/rust-release.yml@931686d4e4cf88b13e790040727ccde2dba8ec62 # main
permissions: permissions:
contents: write # for taiki-e/create-gh-release-action contents: write # for taiki-e/create-gh-release-action
id-token: write # for rust-lang/crates-io-auth-action id-token: write # for rust-lang/crates-io-auth-action

26
tools/tidy.sh
View File

@@ -37,10 +37,10 @@ image='ghcr.io/taiki-e/tidy'
if [[ -n "${TIDY_DEV:-}" ]]; then if [[ -n "${TIDY_DEV:-}" ]]; then
image+=':latest' image+=':latest'
else else
image+='@sha256:4d7ec52a86bd3c0a2d96627b0ec3aa534afc02c2d56fc9a898df64e29aa03312' image+='@sha256:1d3a5d57c486cbac02ef3d8ee29bb0768ebd1fbffef61a61d282215464e2551d'
fi fi
user="$(id -u):$(id -g)" user="$(id -u):$(id -g)"
workdir=$(pwd) workdir="${PWD}"
tmp=$(mktemp -d) tmp=$(mktemp -d)
trap -- 'rm -rf -- "${tmp:?}"' EXIT trap -- 'rm -rf -- "${tmp:?}"' EXIT
mkdir -p -- "${tmp}"/{pwsh-cache,pwsh-local,zizmor-cache,dummy-dir,tmp} mkdir -p -- "${tmp}"/{pwsh-cache,pwsh-local,zizmor-cache,dummy-dir,tmp}
@@ -111,7 +111,9 @@ while IFS= read -r path; do
done < <(git status --porcelain --ignored | grep -E '^!!' | cut -d' ' -f2) done < <(git status --porcelain --ignored | grep -E '^!!' | cut -d' ' -f2)
docker_run() { docker_run() {
"${docker}" "${common_args[@]}" "$@" local script="$1"
shift
"${docker}" "${common_args[@]}" "$@" "${image}" /checks/"${script}"
code2="$?" code2="$?"
if [[ ${code} -eq 0 ]] && [[ ${code2} -ne 0 ]]; then if [[ ${code} -eq 0 ]] && [[ ${code2} -ne 0 ]]; then
code="${code2}" code="${code2}"
@@ -119,29 +121,23 @@ docker_run() {
} }
set +e set +e
docker_run \ docker_run offline.sh \
--mount "type=bind,source=${workdir},target=${workdir}" --workdir "${workdir}" \ --mount "type=bind,source=${workdir},target=${workdir}" --workdir "${workdir}" \
--mount "type=bind,source=${workdir}/.git,target=${workdir}/.git,readonly" \ --mount "type=bind,source=${workdir}/.git,target=${workdir}/.git,readonly" \
--mount "type=bind,source=${tmp}/tmp,target=/tmp/tidy" \ --mount "type=bind,source=${tmp}/tmp,target=/tmp/tidy" \
--mount "type=bind,source=${tmp}/pwsh-cache,target=/.cache/powershell" \ --mount "type=bind,source=${tmp}/pwsh-cache,target=/.cache/powershell" \
--mount "type=bind,source=${tmp}/pwsh-local,target=/.local/share/powershell" \ --mount "type=bind,source=${tmp}/pwsh-local,target=/.local/share/powershell" \
--network=none \ --network=none
"${image}" \
/checks/offline.sh
# Some good audits requires access to GitHub API. # Some good audits requires access to GitHub API.
docker_run \ docker_run zizmor.sh \
--mount "type=bind,source=${workdir},target=${workdir},readonly" --workdir "${workdir}" \ --mount "type=bind,source=${workdir},target=${workdir},readonly" --workdir "${workdir}" \
--mount "type=bind,source=${tmp}/zizmor-cache,target=/.cache/zizmor" \ --mount "type=bind,source=${tmp}/zizmor-cache,target=/.cache/zizmor" \
--env GH_TOKEN --env GITHUB_TOKEN --env ZIZMOR_GITHUB_TOKEN \ --env GH_TOKEN --env GITHUB_TOKEN --env ZIZMOR_GITHUB_TOKEN
"${image}" \
/checks/zizmor.sh
# We use remote dictionary. # We use remote dictionary.
docker_run \ docker_run cspell.sh \
--mount "type=bind,source=${workdir},target=${workdir},readonly" --workdir "${workdir}" \ --mount "type=bind,source=${workdir},target=${workdir},readonly" --workdir "${workdir}" \
--mount "type=bind,source=${workdir}/.github/.cspell/project-dictionary.txt,target=${workdir}/.github/.cspell/project-dictionary.txt" \ --mount "type=bind,source=${workdir}/.github/.cspell/project-dictionary.txt,target=${workdir}/.github/.cspell/project-dictionary.txt" \
--mount "type=bind,source=${workdir}/.github/.cspell/rust-dependencies.txt,target=${workdir}/.github/.cspell/rust-dependencies.txt" \ --mount "type=bind,source=${workdir}/.github/.cspell/rust-dependencies.txt,target=${workdir}/.github/.cspell/rust-dependencies.txt" \
--mount "type=bind,source=${tmp}/tmp,target=/tmp/tidy" \ --mount "type=bind,source=${tmp}/tmp,target=/tmp/tidy"
"${image}" \
/checks/cspell.sh
exit "${code}" exit "${code}"