From 291081359ef8ad347bb5586a5f1ff0e83e489f27 Mon Sep 17 00:00:00 2001 From: jutty Date: Wed, 25 Feb 2026 01:29:13 -0300 Subject: [PATCH] CI: Deduplicate additional tool fetching While this moves the source of truth for CI tooling versions to somewhere outside the workflow definitions, it also avoids duplication and keeps debug (check.yaml) and production (publish.yaml) verifications fully independent. --- .forgejo/workflows/check.yaml | 37 ++------------------------- .forgejo/workflows/publish.yaml | 34 +------------------------ .forgejo/workflows/setup-tools.sh | 42 +++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 68 deletions(-) create mode 100755 .forgejo/workflows/setup-tools.sh diff --git a/.forgejo/workflows/check.yaml b/.forgejo/workflows/check.yaml index 213d73b..1bb2eab 100644 --- a/.forgejo/workflows/check.yaml +++ b/.forgejo/workflows/check.yaml @@ -9,13 +9,6 @@ on: - .forgejo/** - Cargo.toml - Cargo.lock -env: - JUST_VERSION: 1.45.0 - JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49 - CARGO_LLVM_COV_VERSION: 0.6.21 - CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb - CARGO_AUDIT_VERSION: 0.22.1 - CARGO_AUDIT_SHA256SUM: 9899e591c3abee79bd54e88c3b03d27bcf8dd073fb1690af9cd3089be1267a67 jobs: verify: runs-on: docker @@ -24,8 +17,7 @@ jobs: image: rust:slim steps: - name: Install action dependencies - run: | - apt-get install --no-install-recommends --update -y nodejs curl + run: apt-get install --no-install-recommends --update -y nodejs curl - name: Checkout code uses: actions/checkout@v6 @@ -36,32 +28,7 @@ jobs: rustup component add --toolchain nightly rustfmt clippy - name: Setup additional tooling - run: | - fetch() { - repo="$1"; tag="$2"; filename="$3"; digest="$4"; binary="$5" - - [ -d /tmp/tools ] || mkdir -p /tmp/tools - - curl -sSLO --output-dir /tmp \ - -w '%{stderr}HTTP %{response_code} %{url}\n' \ - "https://github.com/$repo/releases/download/$tag/$filename" - - printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest - sha256sum --check /tmp/digest - tar xf "/tmp/$filename" -C /tmp/tools - find /tmp/tools -type f -executable -name "$binary" \ - -exec mv '{}' /usr/local/bin ';' - } - - fetch casey/just ${{ env.JUST_VERSION }} \ - just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \ - ${{ env.JUST_SHA256SUM }} just - fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \ - cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \ - ${{ env.CARGO_LLVM_COV_SHA256SUM }} cargo-llvm-cov - fetch rustsec/rustsec v${{ env.CARGO_AUDIT_VERSION }} \ - cargo-audit-x86_64-unknown-linux-gnu-v0.22.1.tgz \ - ${{ env.CARGO_AUDIT_SHA256SUM }} cargo-audit + run: .forgejo/workflows/setup-tools.sh - name: Build run: just build diff --git a/.forgejo/workflows/publish.yaml b/.forgejo/workflows/publish.yaml index 26dc552..df15a3d 100644 --- a/.forgejo/workflows/publish.yaml +++ b/.forgejo/workflows/publish.yaml @@ -2,13 +2,6 @@ on: push: tags: - 'v*' -env: - JUST_VERSION: 1.45.0 - JUST_SHA256SUM: dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49 - CARGO_LLVM_COV_VERSION: 0.6.21 - CARGO_LLVM_COV_SHA256SUM: 57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb - CARGO_AUDIT_VERSION: 0.22.1 - CARGO_AUDIT_SHA256SUM: 9899e591c3abee79bd54e88c3b03d27bcf8dd073fb1690af9cd3089be1267a67 jobs: publish: runs-on: docker @@ -29,32 +22,7 @@ jobs: rustup component add --toolchain nightly rustfmt clippy - name: Setup additional tooling - run: | - fetch() { - repo="$1"; tag="$2"; filename="$3"; digest="$4"; binary="$5" - - [ -d /tmp/tools ] || mkdir -p /tmp/tools - - curl -sSLO --output-dir /tmp \ - -w '%{stderr}HTTP %{response_code} %{url}\n' \ - "https://github.com/$repo/releases/download/$tag/$filename" - - printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest - sha256sum --check /tmp/digest - tar xf "/tmp/$filename" -C /tmp/tools - find /tmp/tools -type f -executable -name "$binary" \ - -exec mv '{}' /usr/local/bin ';' - } - - fetch casey/just ${{ env.JUST_VERSION }} \ - just-${{ env.JUST_VERSION }}-x86_64-unknown-linux-musl.tar.gz \ - ${{ env.JUST_SHA256SUM }} just - fetch taiki-e/cargo-llvm-cov v${{ env.CARGO_LLVM_COV_VERSION }} \ - cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz \ - ${{ env.CARGO_LLVM_COV_SHA256SUM }} cargo-llvm-cov - fetch rustsec/rustsec v${{ env.CARGO_AUDIT_VERSION }} \ - cargo-audit-x86_64-unknown-linux-gnu-v0.22.1.tgz \ - ${{ env.CARGO_AUDIT_SHA256SUM }} cargo-audit + run: .forgejo/workflows/setup-tools.sh - name: Build release binary run: just full-build diff --git a/.forgejo/workflows/setup-tools.sh b/.forgejo/workflows/setup-tools.sh new file mode 100755 index 0000000..0daf5e3 --- /dev/null +++ b/.forgejo/workflows/setup-tools.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env sh + +set -eu + +JUST_VERSION="1.45.0" +JUST_SHA256SUM="dc3f958aaf8c6506dd90426e9b03f86dd15e74a6467ee0e54929f750af3d9e49" +CARGO_LLVM_COV_VERSION="0.6.21" +CARGO_LLVM_COV_SHA256SUM="57f491aedf7cdb261538ceb49cbb1ee9d27df7ca205a5e1a009caaf5cb911afb" +CARGO_AUDIT_VERSION="0.22.1" +CARGO_AUDIT_SHA256SUM="1890badd5f15831a9af4b074399fcd21e6f7c0fe42c84e9254cdffc9f813765c" + +TRIPLE="x86_64-unknown-linux-gnu" +TRIPLE_MUSL="x86_64-unknown-linux-musl" + +fetch() { + repo="$1"; tag="$2"; filename="$3"; digest="$4"; binary="$5" + + [ -d /tmp/tools ] || mkdir -p /tmp/tools + + curl -sSLO --output-dir /tmp \ + -w '%{stderr}HTTP %{response_code} %{url}\n' \ + "https://github.com/$repo/releases/download/$tag/$filename" + + printf '%s %s\n' "$digest" "/tmp/$filename" > /tmp/digest + sha256sum --check /tmp/digest + tar xf "/tmp/$filename" -C /tmp/tools + find /tmp/tools -type f -executable -name "$binary" \ + -exec mv '{}' /usr/local/bin ';' +} + +fetch casey/just "$JUST_VERSION" \ + "just-$JUST_VERSION-$TRIPLE_MUSL.tar.gz" \ + "$JUST_SHA256SUM" just + +fetch taiki-e/cargo-llvm-cov "v$CARGO_LLVM_COV_VERSION" \ + "cargo-llvm-cov-$TRIPLE.tar.gz" \ + "$CARGO_LLVM_COV_SHA256SUM" cargo-llvm-cov + +fetch rustsec/rustsec "v$CARGO_AUDIT_VERSION" \ + "cargo-audit-$TRIPLE-v$CARGO_AUDIT_VERSION.tgz" \ + "$CARGO_AUDIT_SHA256SUM" cargo-audit +