Files
2026-07-13 13:05:14 +08:00

347 lines
10 KiB
YAML

name: "General checks: Lints, Tests, Docs"
on:
workflow_call:
inputs:
CONCURRENCY:
required: true
type: string
CHANNEL: # `nightly`/`main`/`pr`
required: true
type: string
concurrency:
group: ${{ inputs.CONCURRENCY }}-checks
cancel-in-progress: true
env:
PYTHON_VERSION: "3.10"
RUSTFLAGS: --deny warnings
RUSTDOCFLAGS: --deny warnings
defaults:
run:
shell: bash --noprofile --norc -euo pipefail {0}
permissions:
contents: "read"
id-token: "write"
jobs:
no-codegen-changes:
name: Check if running codegen would produce any changes
timeout-minutes: 60
runs-on: ubuntu-latest-16-cores
steps:
# Note: We explicitly don't override `ref` here. We need to see if changes would be made
# in a context where we have merged with main. Otherwise we might miss changes such as one
# PR introduces a new type and another PR changes the codegen.
- uses: actions/checkout@v4
- name: Set up Rust
uses: ./.github/actions/setup-rust
with:
cache_key: "build-linux"
save_cache: true
workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Codegen check
run: pixi run codegen --force --check --warnings-as-errors
- name: Codegen out-of-sync (protos)
run: pixi run codegen-protos-check
# ---------------------------------------------------------------------------
# NOTE: We don't want spurious failures caused by issues being closed, so this does not run on CI,
# at least for the time being.
# - name: Check for zombie TODOs
# run: |
# pixi run ./scripts/zombie_todos.py --token ${{ secrets.GITHUB_TOKEN }}
rerun-lints:
name: Rerun lints
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Rerun lints
run: pixi run lint-rerun
- name: Check dependencies
run: pixi run scripts/check_utils_dependencies.py
- name: Check forbidden dependencies
run: pixi run python scripts/check_forbidden_dependencies.py
- name: Check skills
run: pixi run python scripts/ci/check_skills.py
toml-format-check:
name: Toml format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Toml format check
run: pixi run toml-fmt-check
uv-lock-check:
name: Check uv.lock is up-to-date
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Check uv.lock
run: pixi run uv-lock-check
check-too-large-files:
name: Check for too large files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Check for too large files
run: pixi run check-large-files
check-publish-flags:
name: Check for wrong publish flags
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Check for wrong publish flags
run: pixi run check-publish-flags
check-example-thumbnails:
name: Check example thumbnails
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Check example thumbnails
# Use uv run --frozen python instead of uvpy.
# It's nice to get valid checks here even if the uv lockfile is out-of-date
# uv-lock-check will independently validate the lockfile status.
run: pixi run uv run --frozen python ./scripts/ci/thumbnails.py check
check-doc-order:
name: Check docs order
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Check docs order
run: pixi run uv run --frozen python ./scripts/ci/check_doc_order.py
check-no-d2-code-blocks:
name: Check for D2 code blocks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Check for D2 code blocks
# Use uv run --frozen python instead of uvpy.
# It's nice to get valid checks here even if the uv lockfile is out-of-date
# uv-lock-check will independently validate the lockfile status.
run: pixi run uv run --frozen python ./scripts/ci/check_d2_diagrams.py
check-example-manifest-coverage:
name: Check example manifest coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Check example manifest coverage
run: pixi run ./scripts/check_example_manifest_coverage.py
- name: Check the migration guide redirect
run: pixi run python scripts/ci/check_migration_guide_redirect.py
lint-md:
name: Lint markdown
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Run linter
run: |
# Single quoted because pixi does its own glob expansion
pixi run mdlint --glob 'docs/content/**/*.md'
pixi run mdlint --glob 'examples/python/*/README.md'
pixi run mdlint --glob 'examples/cpp/*/README.md'
pixi run mdlint --glob 'examples/rust/*/README.md'
# ---------------------------------------------------------------------------
spell-check:
name: Spell Check
runs-on: ubuntu-latest
steps:
- name: Checkout Actions Repository
uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- name: Check spelling of entire workspace
uses: crate-ci/typos@v1.45.1
# ---------------------------------------------------------------------------
misc-formatting:
name: Misc formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || '' }}
- uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
- name: prettier --check
run: pixi run misc-fmt-check
# ---------------------------------------------------------------------------
link-checker:
name: Check links
runs-on: ubuntu-latest
# do not fail entire workflow (e.g. nightly) if this is the only failing check
continue-on-error: true
env:
# lychee uses this to avoid GitHub rate limiting when checking github.com links.
# See https://github.com/lycheeverse/lychee#github-token
GITHUB_TOKEN: ${{ github.token }}
steps:
- uses: actions/checkout@v4
with:
# For PRs, we need to fetch the base branch to compare against
fetch-depth: 0
- name: Set up Python
if: github.event_name == 'pull_request'
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Restore lychee cache
id: restore-cache
uses: actions/cache/restore@v4
with:
path: .lycheecache
key: cache-lychee-${{ github.sha }}
restore-keys: cache-lychee-
- name: Set up pixi for PR Link Checker
if: ${{ inputs.CHANNEL == 'pr' }}
uses: prefix-dev/setup-pixi@v0.10.0
with:
pixi-version: v0.71.3
# For PRs: Check only links in added lines
- name: PR Link Checker (added lines only)
if: ${{ inputs.CHANNEL == 'pr' }}
run: |
# Fetch the base branch
git fetch origin ${{ github.base_ref }}:${{ github.base_ref }}
# Run our custom PR link checker
pixi run link-check-pr origin/${{ github.base_ref }}
# For nightly: Check all links in the entire codebase
- name: Full Link Checker
if: ${{ inputs.CHANNEL == 'nightly' }}
id: lychee
uses: lycheeverse/lychee-action@v2.8.0
with:
fail: true
lycheeVersion: "v0.23.0"
# When given a directory, lychee checks only markdown, html and text files, everything else we have to glob in manually.
# If updating version or args update the pixi.toml to match.
args: |
--cache --max-cache-age 1d . --root-dir $(pwd) "**/*.md" "**/*.rs" "**/*.toml" "**/*.hpp" "**/*.cpp" "**/CMakeLists.txt" "**/*.py" "**/*.yml"