tom/continuwuity
1
0
Fork 0
Code Pull requests Packages Activity Actions

ci: consolidate CI workflows and add Renovate automation
Some checks failed
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Rust / Prek & Format (push) Successful in 28s
Details
Release Docker Image / merge (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Checks / Rust / Clippy & Tests (push) Failing after 44s
Details

Browse source 
Improve CI pipeline efficiency and maintainability:

Pipeline improvements:
- Consolidate prefligit-checks.yml into rust-checks.yml for single workflow
- Merge prek and format into single 'fast-checks' job (reduces uv duplication)
- Create dependency chain: fast-checks → rust-checks (clippy + tests)
- Add pull_request trigger to rust-checks workflow

Tool updates:
- Update prefligit to prek (v0.0.10 → latest) - renamed due to typosquatting
- Use uv/uvx for prek and nightly rustup installation
- Downgrade create-github-app-token from v2 to v1 (Forgejo only supports node20)
- Update all actions/cache from v3 to v4 to fix deprecation warnings

Renovate configuration:
- Add Renovate workflow for automated dependency updates
- Configure to scan .forgejo/ directories for GitHub Actions
- Add package rules to group non-major action updates
- Set rate limits: 2 PRs/hour, 3 concurrent max

Fixes:
- Replace deprecated check-byte-order-marker with fix-byte-order-marker hook
- Disable Python dependency glob for uv cache (not needed for Rust project)

Performance improvements:
- Single uv installation for both prek and rustfmt
- Use minimal profile for nightly toolchain (formatting only)
- Keep existing rust-toolchain action for stable builds (properly handles caching)

Note: uv is used as a tool installer (like npx), not for Python dependencies.
This commit is contained in:
Tom Foster 2025-08-12 09:30:29 +01:00
parent a09e21eb70
commit 6d1e1c01da
4 changed files with 142 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

64
.forgejo/workflows/renovate.yml Normal file
View file

@ -0,0 +1,64 @@
name: Renovate
on:
schedule:
# Run at 2am UTC daily
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
dryRun:
description: 'Dry run mode'
required: false
default: 'false'
type: choice
options:
- 'true'
- 'false'
logLevel:
description: 'Log level'
required: false
default: 'info'
type: choice
options:
- 'debug'
- 'info'
- 'warn'
- 'error'
push:
branches:
- main
paths:
- '.forgejo/workflows/renovate.yml'
- 'renovate.json'
jobs:
renovate:
name: Renovate
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Renovate
uses: renovatebot/github-action@v40.1.0
with:
token: ${{ secrets.RENOVATE_TOKEN }}
configurationFile: renovate.json
env:
# Platform settings
RENOVATE_PLATFORM: gitea
RENOVATE_ENDPOINT: ${{ github.server_url }}/api/v1
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
# Repository settings
RENOVATE_REPOSITORIES: '["${{ github.repository }}"]'
# Behaviour settings
RENOVATE_DRY_RUN: ${{ inputs.dryRun || 'false' }}
LOG_LEVEL: ${{ inputs.logLevel || 'info' }}
# Forgejo/Gitea specific
RENOVATE_GIT_AUTHOR: 'Renovate Bot <renovate@noreply.${{ github.server_url }}>'
# PR settings
RENOVATE_PR_HOURLY_LIMIT: '2'
RENOVATE_PR_CONCURRENT_LIMIT: '3'

91
.forgejo/workflows/rust-checks.yml
View file

@ -5,8 +5,8 @@ on:
pull_request:
jobs:
prefligit:
name: Prefligit
fast-checks:
name: Prek & Format
runs-on: ubuntu-latest
steps:
@ -15,25 +15,20 @@ jobs:
with:
persist-credentials: false
- uses: ./.forgejo/actions/prefligit
- name: Install uv
uses: https://github.com/astral-sh/setup-uv@v6
with:
extra_args: --all-files --hook-stage manual
enable-cache: true
ignore-nothing-to-cache: true
cache-dependency-glob: ''
format:
name: Format
runs-on: ubuntu-latest
- name: Run prek (formerly prefligit)
run: uvx prek run --show-diff-on-failure --color=always -v --all-files --hook-stage manual
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust
uses: ./.forgejo/actions/rust-toolchain
with:
toolchain: "nightly"
components: "rustfmt"
- name: Install rust nightly with rustfmt
run: |
uvx rustup override set nightly
uvx rustup component add rustfmt
- name: Check formatting
run: |
@ -42,7 +37,7 @@ jobs:
rust-checks:
name: Clippy & Tests
runs-on: ubuntu-latest
needs: [prefligit, format]
needs: fast-checks
steps:
- name: Checkout repository
@ -50,29 +45,29 @@ jobs:
with:
persist-credentials: false
- name: Install rust
uses: ./.forgejo/actions/rust-toolchain
- name: Install uv
uses: https://github.com/astral-sh/setup-uv@v6
with:
enable-cache: true
ignore-nothing-to-cache: true
cache-dependency-glob: '' # Disable Python dependency tracking for Rust project
- name: Install Rust toolchain
run: |
# Install toolchain from rust-toolchain.toml
uvx rustup show # This will auto-install from rust-toolchain.toml
- uses: https://github.com/actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
github-api-url: https://api.github.com
owner: ${{ vars.GH_APP_OWNER }}
repositories: ""
- name: Install sccache
uses: ./.forgejo/actions/sccache
with:
token: ${{ steps.app-token.outputs.token }}
- run: sudo apt-get update
- name: Install system dependencies
run: sudo apt-get update
- name: Cache system packages
uses: https://github.com/awalsh128/cache-apt-pkgs-action@v1
with:
packages: clang liburing-dev
version: 1
- name: Cache Rust registry
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: |
~/.cargo/git
@ -80,12 +75,29 @@ jobs:
~/.cargo/registry
!~/.cargo/registry/src
key: rust-registry-${{hashFiles('**/Cargo.lock') }}
- name: Timelord
- name: Create GitHub App token for sccache
if: vars.GH_APP_ID != '' && secrets.GH_APP_PRIVATE_KEY != ''
uses: https://github.com/actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
github-api-url: https://api.github.com
owner: ${{ vars.GH_APP_OWNER }}
repositories: ""
- name: Setup sccache
uses: ./.forgejo/actions/sccache
with:
token: ${{ steps.app-token.outputs.token || '' }}
- name: Setup Timelord
uses: ./.forgejo/actions/timelord
with:
key: sccache-v0
path: .
- name: Clippy
- name: Run Clippy lints
run: |
cargo clippy \
--workspace \
@ -96,7 +108,7 @@ jobs:
-- \
-D warnings
- name: Cargo Test
- name: Run Cargo tests
run: |
cargo test \
--workspace \
@ -106,7 +118,6 @@ jobs:
--all-targets \
--no-fail-fast
- name: Show sccache stats
- name: Display sccache statistics
if: always()
run: sccache --show-stats

2
.pre-commit-config.yaml
View file

@ -9,7 +9,7 @@ repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: check-byte-order-marker
- id: fix-byte-order-marker
- id: check-case-conflict
- id: check-symlinks
- id: destroyed-symlinks

27
renovate.json
View file

@ -22,5 +22,30 @@
"tikv-jemalloc-ctl",
"opentelemetry-rust",
"tracing-opentelemetry"
]
],
"github-actions": {
"enabled": true,
"fileMatch": [
"(^|/)\\.forgejo/workflows/[^/]+\\.ya?ml$",
"(^|/)\\.forgejo/actions/[^/]+/action\\.ya?ml$",
"(^|/)\\.github/workflows/[^/]+\\.ya?ml$",
"(^|/)\\.github/actions/[^/]+/action\\.ya?ml$"
]
},
"packageRules": [
{
"description": "Auto-merge minor and patch updates for GitHub Actions",
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["minor", "patch"],
"automerge": false
},
{
"description": "Group all non-major GitHub Actions updates",
"matchManagers": ["github-actions"],
"matchUpdateTypes": ["minor", "patch"],
"groupName": "github-actions-non-major"
}
],
"prConcurrentLimit": 3,
"prHourlyLimit": 2
}