From aff93f2f6c10e10d460197e9ac1f4e7d3a841e66 Mon Sep 17 00:00:00 2001 From: Conrad Irwin Date: Wed, 17 Dec 2025 17:05:35 -0700 Subject: [PATCH] More permissions for autofix (#45170) Release Notes: - N/A --- .github/workflows/release.yml | 17 +++--- .github/workflows/release_nightly.yml | 3 +- .github/workflows/run_tests.yml | 41 ++++++++----- .../xtask/src/tasks/workflows/run_tests.rs | 58 +++++++++++++++++-- tooling/xtask/src/tasks/workflows/steps.rs | 16 ++--- 5 files changed, 92 insertions(+), 43 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8cc63340902fb061c66e5896308f2cad9c31f947..5b2ecf70294ad383944205b300f0d9d1e137b2f6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,8 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy shell: bash -euxo pipefail {0} - name: steps::clear_target_dir_if_large @@ -71,15 +72,10 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy shell: bash -euxo pipefail {0} - - name: steps::trigger_autofix - if: failure() && github.event_name == 'pull_request' && github.actor != 'zed-zippy[bot]' - run: gh workflow run autofix_pr.yml -f pr_number=${{ github.event.pull_request.number }} -f run_clippy=true - shell: bash -euxo pipefail {0} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: steps::cargo_install_nextest uses: taiki-e/install-action@nextest - name: steps::clear_target_dir_if_large @@ -93,6 +89,8 @@ jobs: run: | rm -rf ./../.cargo shell: bash -euxo pipefail {0} + outputs: + clippy_failed: ${{ steps.clippy.outcome == 'failure' }} timeout-minutes: 60 run_tests_windows: if: (github.repository_owner == 'zed-industries' || github.repository_owner == 'zed-extensions') @@ -111,7 +109,8 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy.ps1 shell: pwsh - name: steps::clear_target_dir_if_large diff --git a/.github/workflows/release_nightly.yml b/.github/workflows/release_nightly.yml index d76244175accc3e816cbd7d5dc322d2529a0a236..906420ad9b15d50578be7d682c6086cc64c9f6e1 100644 --- a/.github/workflows/release_nightly.yml +++ b/.github/workflows/release_nightly.yml @@ -44,7 +44,8 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy.ps1 shell: pwsh - name: steps::clear_target_dir_if_large diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index a9a46b7a797faae793c87601d306a2aea80e6592..d18341b4e09a4a48b61d29609a091570b359c30f 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -80,12 +80,6 @@ jobs: - name: steps::cargo_fmt run: cargo fmt --all -- --check shell: bash -euxo pipefail {0} - - name: steps::trigger_autofix - if: failure() && github.event_name == 'pull_request' && github.actor != 'zed-zippy[bot]' - run: gh workflow run autofix_pr.yml -f pr_number=${{ github.event.pull_request.number }} -f run_clippy=false - shell: bash -euxo pipefail {0} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: ./script/check-todos run: ./script/check-todos shell: bash -euxo pipefail {0} @@ -116,7 +110,8 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy.ps1 shell: pwsh - name: steps::clear_target_dir_if_large @@ -163,15 +158,10 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy shell: bash -euxo pipefail {0} - - name: steps::trigger_autofix - if: failure() && github.event_name == 'pull_request' && github.actor != 'zed-zippy[bot]' - run: gh workflow run autofix_pr.yml -f pr_number=${{ github.event.pull_request.number }} -f run_clippy=true - shell: bash -euxo pipefail {0} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: steps::cargo_install_nextest uses: taiki-e/install-action@nextest - name: steps::clear_target_dir_if_large @@ -185,6 +175,8 @@ jobs: run: | rm -rf ./../.cargo shell: bash -euxo pipefail {0} + outputs: + clippy_failed: ${{ steps.clippy.outcome == 'failure' }} timeout-minutes: 60 run_tests_mac: needs: @@ -205,7 +197,8 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 with: node-version: '20' - - name: steps::clippy + - id: clippy + name: steps::clippy run: ./script/clippy shell: bash -euxo pipefail {0} - name: steps::clear_target_dir_if_large @@ -585,6 +578,24 @@ jobs: exit $EXIT_CODE shell: bash -euxo pipefail {0} + call_autofix: + needs: + - check_style + - run_tests_linux + if: (needs.check_style.result == 'failure' || needs.run_tests_linux.outputs.clippy_failed == 'true') && github.event_name == 'pull_request' && github.actor != 'zed-zippy[bot]' + runs-on: namespace-profile-2x4-ubuntu-2404 + steps: + - id: get-app-token + name: steps::authenticate_as_zippy + uses: actions/create-github-app-token@bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1 + with: + app-id: ${{ secrets.ZED_ZIPPY_APP_ID }} + private-key: ${{ secrets.ZED_ZIPPY_APP_PRIVATE_KEY }} + - name: run_tests::call_autofix::dispatch_autofix + run: gh workflow run autofix_pr.yml -f pr_number=${{ github.event.pull_request.number }} -f run_clippy=${{ needs.run_tests_linux.outputs.clippy_failed == 'true' }} + shell: bash -euxo pipefail {0} + env: + GITHUB_TOKEN: ${{ steps.get-app-token.outputs.token }} concurrency: group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.ref_name == 'main' && github.sha || 'anysha' }} cancel-in-progress: true diff --git a/tooling/xtask/src/tasks/workflows/run_tests.rs b/tooling/xtask/src/tasks/workflows/run_tests.rs index 13639fd6c4bf33fe090dcb9d5f3cafdf45a36e76..1bc4b72176ad94c30399bc15a1152b20b200606a 100644 --- a/tooling/xtask/src/tasks/workflows/run_tests.rs +++ b/tooling/xtask/src/tasks/workflows/run_tests.rs @@ -45,11 +45,15 @@ pub(crate) fn run_tests() -> Workflow { &should_run_tests, ]); + let check_style = check_style(); + let run_tests_linux = run_platform_tests(Platform::Linux); + let call_autofix = call_autofix(&check_style, &run_tests_linux); + let mut jobs = vec![ orchestrate, - check_style(), + check_style, should_run_tests.guard(run_platform_tests(Platform::Windows)), - should_run_tests.guard(run_platform_tests(Platform::Linux)), + should_run_tests.guard(run_tests_linux), should_run_tests.guard(run_platform_tests(Platform::Mac)), should_run_tests.guard(doctests()), should_run_tests.guard(check_workspace_binaries()), @@ -106,6 +110,7 @@ pub(crate) fn run_tests() -> Workflow { workflow }) .add_job(tests_pass.name, tests_pass.job) + .add_job(call_autofix.name, call_autofix.job) } // Generates a bash script that checks changed files against regex patterns @@ -238,13 +243,44 @@ fn check_style() -> NamedJob { .add_step(steps::setup_pnpm()) .add_step(steps::script("./script/prettier")) .add_step(steps::cargo_fmt()) - .add_step(steps::trigger_autofix(false)) .add_step(steps::script("./script/check-todos")) .add_step(steps::script("./script/check-keymaps")) .add_step(check_for_typos()), ) } +fn call_autofix(check_style: &NamedJob, run_tests_linux: &NamedJob) -> NamedJob { + fn dispatch_autofix(run_tests_linux_name: &str) -> Step { + let clippy_failed_expr = format!( + "needs.{}.outputs.{} == 'true'", + run_tests_linux_name, CLIPPY_FAILED_OUTPUT + ); + named::bash(format!( + "gh workflow run autofix_pr.yml -f pr_number=${{{{ github.event.pull_request.number }}}} -f run_clippy=${{{{ {} }}}}", + clippy_failed_expr + )) + .add_env(("GITHUB_TOKEN", "${{ steps.get-app-token.outputs.token }}")) + } + + let clippy_failed_expr = format!( + "needs.{}.outputs.{} == 'true'", + run_tests_linux.name, CLIPPY_FAILED_OUTPUT + ); + let (authenticate, _token) = steps::authenticate_as_zippy(); + + let job = Job::default() + .runs_on(runners::LINUX_SMALL) + .cond(Expression::new(format!( + "(needs.{}.result == 'failure' || {}) && github.event_name == 'pull_request' && github.actor != 'zed-zippy[bot]'", + check_style.name, clippy_failed_expr + ))) + .needs(vec![check_style.name.clone(), run_tests_linux.name.clone()]) + .add_step(authenticate) + .add_step(dispatch_autofix(&run_tests_linux.name)); + + named::job(job) +} + fn check_dependencies() -> NamedJob { fn install_cargo_machete() -> Step { named::uses( @@ -305,6 +341,8 @@ fn check_workspace_binaries() -> NamedJob { ) } +pub const CLIPPY_FAILED_OUTPUT: &str = "clippy_failed"; + pub(crate) fn run_platform_tests(platform: Platform) -> NamedJob { let runner = match platform { Platform::Windows => runners::WINDOWS_DEFAULT, @@ -327,12 +365,20 @@ pub(crate) fn run_platform_tests(platform: Platform) -> NamedJob { .add_step(steps::setup_node()) .add_step(steps::clippy(platform)) .when(platform == Platform::Linux, |job| { - job.add_step(steps::trigger_autofix(true)) - .add_step(steps::cargo_install_nextest()) + job.add_step(steps::cargo_install_nextest()) }) .add_step(steps::clear_target_dir_if_large(platform)) .add_step(steps::cargo_nextest(platform)) - .add_step(steps::cleanup_cargo_config(platform)), + .add_step(steps::cleanup_cargo_config(platform)) + .when(platform == Platform::Linux, |job| { + job.outputs([( + CLIPPY_FAILED_OUTPUT.to_owned(), + format!( + "${{{{ steps.{}.outcome == 'failure' }}}}", + steps::CLIPPY_STEP_ID + ), + )]) + }), } } diff --git a/tooling/xtask/src/tasks/workflows/steps.rs b/tooling/xtask/src/tasks/workflows/steps.rs index 5ff7c0cae3c3740fa89abd84d049f9f76e7d721b..3ef7f8fd975d515b061b4ca2e9a37501bfd66e31 100644 --- a/tooling/xtask/src/tasks/workflows/steps.rs +++ b/tooling/xtask/src/tasks/workflows/steps.rs @@ -101,10 +101,12 @@ pub fn clear_target_dir_if_large(platform: Platform) -> Step { } } +pub const CLIPPY_STEP_ID: &str = "clippy"; + pub fn clippy(platform: Platform) -> Step { match platform { - Platform::Windows => named::pwsh("./script/clippy.ps1"), - _ => named::bash("./script/clippy"), + Platform::Windows => named::pwsh("./script/clippy.ps1").id(CLIPPY_STEP_ID), + _ => named::bash("./script/clippy").id(CLIPPY_STEP_ID), } } @@ -345,16 +347,6 @@ pub fn git_checkout(ref_name: &dyn std::fmt::Display) -> Step { )) } -pub fn trigger_autofix(run_clippy: bool) -> Step { - named::bash(format!( - "gh workflow run autofix_pr.yml -f pr_number=${{{{ github.event.pull_request.number }}}} -f run_clippy={run_clippy}" - )) - .if_condition(Expression::new( - "failure() && github.event_name == 'pull_request' && github.actor != 'zed-zippy[bot]'", - )) - .add_env(("GITHUB_TOKEN", vars::GITHUB_TOKEN)) -} - pub fn authenticate_as_zippy() -> (Step, StepOutput) { let step = named::uses( "actions",