Merge pull request #219 from GideonBature/storage-access #141
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Validation | ||
|
Check failure on line 1 in .github/workflows/pr-validation.yml
|
||
| on: | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
| jobs: | ||
| validate-pr: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| can-merge: ${{ steps.check-results.outputs.can-merge }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| components: rustfmt, clippy | ||
| targets: wasm32-unknown-unknown | ||
| - name: Cache cargo registry | ||
| uses: Swatinem/rust-cache@v2 | ||
| with: | ||
| cache-targets: true | ||
| - name: Check code formatting | ||
| id: fmt-check | ||
| run: | | ||
| echo "Checking code formatting..." | ||
| if cargo fmt --all -- --check; then | ||
| echo "fmt_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "fmt_check=false" >> $GITHUB_OUTPUT | ||
| echo "Please run 'cargo fmt --all' to fix formatting issues" | ||
| exit 1 | ||
| fi | ||
| - name: Run clippy lints | ||
| id: clippy-check | ||
| run: | | ||
| echo "Running clippy lints..." | ||
| if cargo clippy --all-targets --all-features -- -D warnings \ | ||
| -A clippy::needless_pass_by_value \ | ||
| -A clippy::must_use_candidate \ | ||
| -A clippy::missing_panics_doc \ | ||
| -A clippy::missing_errors_doc \ | ||
| -A clippy::doc_markdown \ | ||
| -A clippy::panic_in_result_fn \ | ||
| -A clippy::assertions_on_constants \ | ||
| -A clippy::unreadable_literal \ | ||
| -A clippy::too_many_lines \ | ||
| -A clippy::trivially_copy_pass_by_ref \ | ||
| -A clippy::needless_borrow \ | ||
| -A clippy::unused_unit \ | ||
| -A clippy::len_zero \ | ||
| -A clippy::unnecessary_cast \ | ||
| -A clippy::needless_late_init \ | ||
| -A clippy::map_unwrap_or \ | ||
| -A clippy::items_after_statements \ | ||
| -A clippy::manual_assert \ | ||
| -A clippy::unnecessary_wraps \ | ||
| -A clippy::similar_names \ | ||
| -A clippy::no_effect_underscore_binding \ | ||
| -A clippy::bool_assert_comparison \ | ||
| -A clippy::uninlined_format_args \ | ||
| -A clippy::useless_vec \ | ||
| -A dead_code \ | ||
| -A unused_variables; then | ||
| echo "clippy_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "clippy_check=false" >> $GITHUB_OUTPUT | ||
| echo "Please fix clippy warnings before merging" | ||
| exit 1 | ||
| fi | ||
| - name: Run unit tests | ||
| id: test-check | ||
| run: | | ||
| echo "Running unit tests..." | ||
| if cargo test --lib; then | ||
| echo "test_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "test_check=false" >> $GITHUB_OUTPUT | ||
| echo "Please fix failing tests before merging" | ||
| exit 1 | ||
| fi | ||
| - name: Build (Debug) | ||
| id: build-debug-check | ||
| run: | | ||
| echo "Building in debug mode..." | ||
| if cargo build; then | ||
| echo "build_debug_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "build_debug_check=false" >> $GITHUB_OUTPUT | ||
| echo "Please fix build errors before merging" | ||
| exit 1 | ||
| fi | ||
| - name: Build WASM (Release) | ||
| id: build-wasm-check | ||
| run: | | ||
| echo "Building WASM in release mode..." | ||
| if cargo build --target wasm32-unknown-unknown --release; then | ||
| echo "build_wasm_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "build_wasm_check=false" >> $GITHUB_OUTPUT | ||
| echo "Please fix WASM build errors before merging" | ||
| exit 1 | ||
| fi | ||
| - name: Check documentation | ||
| id: docs-check | ||
| run: | | ||
| echo "Checking documentation..." | ||
| if cargo doc --no-deps --document-private-items; then | ||
| echo "docs_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "docs_check=false" >> $GITHUB_OUTPUT | ||
| echo "Please fix documentation errors before merging" | ||
| exit 1 | ||
| fi | ||
| - name: Security audit | ||
| id: security-check | ||
| run: | | ||
| echo "Running security audit..." | ||
| if cargo install --quiet cargo-audit && cargo audit; then | ||
| echo "security_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "security_check=false" >> $GITHUB_OUTPUT | ||
| echo "Security audit encountered issues" | ||
| echo "security_check=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Check duplicate dependencies | ||
| id: duplicate-check | ||
| run: | | ||
| echo "Checking for duplicate dependencies..." | ||
| if cargo install --quiet cargo-duplicate && cargo duplicate; then | ||
| echo "duplicate_check=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "duplicate_check=false" >> $GITHUB_OUTPUT | ||
| echo "Duplicate dependency check encountered issues" | ||
| echo "duplicate_check=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Check results | ||
| id: check-results | ||
| run: | | ||
| FMT_CHECK="${{ steps.fmt-check.outputs.fmt_check }}" | ||
| CLIPPY_CHECK="${{ steps.clippy-check.outputs.clippy_check }}" | ||
| TEST_CHECK="${{ steps.test-check.outputs.test_check }}" | ||
| BUILD_DEBUG_CHECK="${{ steps.build-debug-check.outputs.build_debug_check }}" | ||
| BUILD_WASM_CHECK="${{ steps.build-wasm-check.outputs.build_wasm_check }}" | ||
| DOCS_CHECK="${{ steps.docs-check.outputs.docs_check }}" | ||
| if [[ "$FMT_CHECK" == "true" && \ | ||
| "$CLIPPY_CHECK" == "true" && \ | ||
| "$TEST_CHECK" == "true" && \ | ||
| "$BUILD_DEBUG_CHECK" == "true" && \ | ||
| "$BUILD_WASM_CHECK" == "true" ]]; then | ||
| echo "can-merge=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "can-merge=false" >> $GITHUB_OUTPUT | ||
| exit 1 | ||
| fi | ||
| - name: Comment PR | ||
| if: always() | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const canMerge = '${{ steps.check-results.outputs.can-merge }}' === 'true'; | ||
| const comment = [ | ||
| '## PR Validation Results', | ||
| '', | ||
| canMerge ? 'All required checks passed.' : 'Some required checks failed.', | ||
| '', | ||
| `- Code Formatting: ${{ steps.fmt-check.outputs.fmt_check == 'true' ? 'passed' : 'failed' }}`, | ||
| `- Clippy Lints: ${{ steps.clippy-check.outputs.clippy_check == 'true' ? 'passed' : 'failed' }}`, | ||
| `- Unit Tests: ${{ steps.test-check.outputs.test_check == 'true' ? 'passed' : 'failed' }}`, | ||
| `- Debug Build: ${{ steps.build-debug-check.outputs.build_debug_check == 'true' ? 'passed' : 'failed' }}`, | ||
| `- WASM Release Build: ${{ steps.build-wasm-check.outputs.build_wasm_check == 'true' ? 'passed' : 'failed' }}`, | ||
| `- Documentation: ${{ steps.docs-check.outputs.docs_check == 'true' ? 'passed' : 'failed' }}`, | ||
| `- Security Audit: ${{ steps.security-check.outputs.security_check == 'true' ? 'passed' : 'issues found' }}`, | ||
| `- Duplicate Dependencies: ${{ steps.duplicate-check.outputs.duplicate_check == 'true' ? 'passed' : 'issues found' }}` | ||
| ].join('\n'); | ||
| await github.rest.issues.createComment({ | ||
| issue_number: context.issue.number, | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| body: comment | ||
| }); | ||
| - name: Update PR status | ||
| if: always() | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const canMerge = '${{ steps.check-results.outputs.can-merge }}' === 'true'; | ||
| await github.rest.repos.createCommitStatus({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| sha: context.sha, | ||
| state: canMerge ? 'success' : 'failure', | ||
| target_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`, | ||
| description: canMerge ? 'All checks passed - Ready to merge' : 'Some checks failed - Not ready to merge', | ||
| context: 'pr-validation' | ||
| }); | ||
| - name: Enforce branch protection | ||
| if: steps.check-results.outputs.can-merge == 'false' | ||
| run: | | ||
| echo "PR cannot be merged due to failed checks" | ||
| exit 1 | ||
