1# Generated from xtask::workflows::compliance_check
 2# Rebuild with `cargo xtask workflows`.
 3name: compliance_check
 4env:
 5  CARGO_TERM_COLOR: always
 6on:
 7  schedule:
 8  - cron: 30 17 * * 2
 9  workflow_dispatch: {}
10jobs:
11  scheduled_compliance_check:
12    if: (github.repository_owner == 'zed-industries' || github.repository_owner == 'zed-extensions')
13    runs-on: namespace-profile-2x4-ubuntu-2404
14    steps:
15    - name: steps::checkout_repo
16      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
17      with:
18        clean: false
19        fetch-depth: 0
20    - name: steps::cache_rust_dependencies_namespace
21      uses: namespacelabs/nscloud-cache-action@a90bb5d4b27522ce881c6e98eebd7d7e6d1653f9
22      with:
23        cache: rust
24        path: ~/.rustup
25    - id: determine-version
26      name: compliance_check::scheduled_compliance_check
27      run: |
28        VERSION=$(sed -n 's/^version = "\(.*\)"/\1/p' crates/zed/Cargo.toml | tr -d '[:space:]')
29        if [ -z "$VERSION" ]; then
30            echo "Could not determine version from crates/zed/Cargo.toml"
31            exit 1
32        fi
33        TAG="v${VERSION}-pre"
34        echo "Checking compliance for $TAG"
35        echo "tag=$TAG" >> "$GITHUB_OUTPUT"
36    - id: run-compliance-check
37      name: compliance_check::scheduled_compliance_check::run_compliance_check
38      run: |
39        echo "tag=$LATEST_TAG" >> "$GITHUB_OUTPUT"
40        cargo xtask compliance "$LATEST_TAG" --branch main --report-path compliance-report
41      env:
42        LATEST_TAG: ${{ steps.determine-version.outputs.tag }}
43        GITHUB_APP_ID: ${{ secrets.ZED_ZIPPY_APP_ID }}
44        GITHUB_APP_KEY: ${{ secrets.ZED_ZIPPY_APP_PRIVATE_KEY }}
45    - name: '@actions/upload-artifact compliance-report.md'
46      if: always()
47      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
48      with:
49        name: compliance-report.md
50        path: target/compliance-report.md
51        if-no-files-found: error
52    - name: send_compliance_slack_notification
53      if: always()
54      run: |
55        if [ "$COMPLIANCE_OUTCOME" == "success" ]; then
56            STATUS="✅ Scheduled compliance check passed for $COMPLIANCE_TAG"
57            MESSAGE=$(printf "%s\n\nReport: %s" "$STATUS" "$ARTIFACT_URL")
58        else
59            STATUS="⚠️ Scheduled compliance check failed for $COMPLIANCE_TAG"
60            MESSAGE=$(printf "%s\n\nReport: %s\nPRs needing review: %s" "$STATUS" "$ARTIFACT_URL" "https://github.com/zed-industries/zed/pulls?q=is%3Apr+is%3Aclosed+label%3A%22PR+state%3Aneeds+review%22")
61        fi
62
63        curl -X POST -H 'Content-type: application/json' \
64            --data "$(jq -n --arg text "$MESSAGE" '{"text": $text}')" \
65            "$SLACK_WEBHOOK"
66      env:
67        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_WORKFLOW_FAILURES }}
68        COMPLIANCE_OUTCOME: ${{ steps.run-compliance-check.outcome }}
69        COMPLIANCE_TAG: ${{ steps.determine-version.outputs.tag }}
70        ARTIFACT_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}#artifacts
71defaults:
72  run:
73    shell: bash -euxo pipefail {0}