compliance_check.yml

 1# Generated from xtask::workflows::compliance_check
 2# Rebuild with `cargo xtask workflows`.
 3name: compliance_check
 4env:
 5  CARGO_TERM_COLOR: always
 6on:
 7  schedule:
 8  - cron: 30 17 * * 2
 9  workflow_dispatch: {}
10jobs:
11  scheduled_compliance_check:
12    if: (github.repository_owner == 'zed-industries' || github.repository_owner == 'zed-extensions')
13    runs-on: namespace-profile-2x4-ubuntu-2404
14    steps:
15    - name: steps::checkout_repo
16      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd
17      with:
18        clean: false
19        fetch-depth: 0
20    - name: steps::cache_rust_dependencies_namespace
21      uses: namespacelabs/nscloud-cache-action@a90bb5d4b27522ce881c6e98eebd7d7e6d1653f9
22      with:
23        cache: rust
24        path: ~/.rustup
25    - id: determine-version
26      name: compliance_check::scheduled_compliance_check
27      run: |
28        VERSION=$(sed -n 's/^version = "\(.*\)"/\1/p' crates/zed/Cargo.toml | tr -d '[:space:]')
29        if [ -z "$VERSION" ]; then
30            echo "Could not determine version from crates/zed/Cargo.toml"
31            exit 1
32        fi
33        TAG="v${VERSION}-pre"
34        echo "Checking compliance for $TAG"
35        echo "tag=$TAG" >> "$GITHUB_OUTPUT"
36    - id: run-compliance-check
37      name: compliance_check::scheduled_compliance_check::run_compliance_check
38      run: |
39        cargo xtask compliance "$LATEST_TAG" --branch main --report-path "compliance-report-${GITHUB_REF_NAME}.md"
40      env:
41        LATEST_TAG: ${{ steps.determine-version.outputs.tag }}
42        GITHUB_APP_ID: ${{ secrets.ZED_ZIPPY_APP_ID }}
43        GITHUB_APP_KEY: ${{ secrets.ZED_ZIPPY_APP_PRIVATE_KEY }}
44    - name: '@actions/upload-artifact compliance-report-${GITHUB_REF_NAME}.md'
45      if: always()
46      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
47      with:
48        name: compliance-report-${GITHUB_REF_NAME}.md
49        path: compliance-report-${GITHUB_REF_NAME}.md
50        if-no-files-found: error
51    - name: send_compliance_slack_notification
52      if: always()
53      run: |
54        if [ "$COMPLIANCE_OUTCOME" == "success" ]; then
55            STATUS="✅ Scheduled compliance check passed for $COMPLIANCE_TAG"
56            MESSAGE=$(printf "%s\n\nReport: %s" "$STATUS" "$ARTIFACT_URL")
57        else
58            STATUS="⚠️ Scheduled compliance check failed for $COMPLIANCE_TAG"
59            MESSAGE=$(printf "%s\n\nReport: %s\nPRs needing review: %s" "$STATUS" "$ARTIFACT_URL" "https://github.com/zed-industries/zed/pulls?q=is%3Apr+is%3Aclosed+label%3A%22PR+state%3Aneeds+review%22")
60        fi
61
62        curl -X POST -H 'Content-type: application/json' \
63            --data "$(jq -n --arg text "$MESSAGE" '{"text": $text}')" \
64            "$SLACK_WEBHOOK"
65      env:
66        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_WORKFLOW_FAILURES }}
67        COMPLIANCE_OUTCOME: ${{ steps.run-compliance-check.outcome }}
68        COMPLIANCE_TAG: ${{ steps.determine-version.outputs.tag }}
69        ARTIFACT_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}#artifacts
70defaults:
71  run:
72    shell: bash -euxo pipefail {0}