grenade/cull-gmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: migrate to workspace structure and 3-file CI pipeline at toolkit 4.9.6

Browse Source 
Signed-off-by: Jeremiah Russell <jerry@jrussell.ie>
This commit is contained in:
Jeremiah Russell
2026-03-13 08:25:47 +00:00
parent 363550326e
commit 38a0193010
45 changed files with 210 additions and 893 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
.circleci/config.yml
View File

@@ -1,55 +1,16 @@
version: 2.1
parameters:
fingerprint:
type: string
default: SHA256:OkxsH8Z6Iim6WDJBaII9eTT9aaO1f3eDc6IpsgYYPVg
min_rust_version:
type: string
default: "1.88"
release_flag:
type: boolean
default: false
description: "If true, the release workflow will be executed."
success_flag:
type: boolean
default: false
description: "If true, the success pipeline will be executed."
validation_flag:
type: boolean
default: false
description: "If true, the validation pipeline will be executed."
orbs:
toolkit: jerus-org/circleci-toolkit@4.4.2
# Custom executors removed - using toolkit rolling executors instead
toolkit: jerus-org/circleci-toolkit@4.9.6
workflows:
check_last_commit:
when:
and:
- not:
equal: [scheduled_pipeline, << pipeline.trigger_source >>]
- not: << pipeline.parameters.success_flag >>
- not: << pipeline.parameters.release_flag >>
- not: << pipeline.parameters.validation_flag >>
jobs:
- toolkit/choose_pipeline:
name: choose pipeline based on committer
context: bot-check
validation:
when:
and:
- not:
equal: [scheduled_pipeline, << pipeline.trigger_source >>]
- not: << pipeline.parameters.success_flag >>
- << pipeline.parameters.validation_flag >>
- not: << pipeline.parameters.release_flag >>
jobs:
# Signature verification for trusted PRs (with write access for comments)
- toolkit/verify_commit_signatures:
name: verify_commit_signatures_trusted
context: bot-check
@@ -60,121 +21,63 @@ workflows:
ignore:
- main
- /pull\/[0-9]+/
# Signature verification for forked PRs (read-only, no comments)
- toolkit/verify_commit_signatures:
name: verify_commit_signatures_forked
post_comment: false
update_pcu: false
filters:
branches:
only: /pull\/[0-9]+/
- toolkit/label:
only:
- /pull\/[0-9]+/
- toolkit/required_builds_rolling:
min_rust_version: << pipeline.parameters.min_rust_version >>
context: pcu-app
update_pcu: true
- toolkit/optional_builds:
min_rust_version: << pipeline.parameters.min_rust_version >>
filters:
branches:
ignore: main
- toolkit/test_doc_build:
min_rust_version: << pipeline.parameters.min_rust_version >>
filters:
branches:
ignore: main
- toolkit/idiomatic_rust:
min_rust_version: << pipeline.parameters.min_rust_version >>
filters:
branches:
ignore: main
- toolkit/common_tests_rolling:
min_rust_version: << pipeline.parameters.min_rust_version >>
- toolkit/security:
name: security audit only
sonarcloud: false
filters:
branches:
only:
- main
- toolkit/required_builds:
min_rust_version: << pipeline.parameters.min_rust_version >>
- toolkit/optional_builds:
min_rust_version: << pipeline.parameters.min_rust_version >>
- toolkit/test_doc_build:
min_rust_version: << pipeline.parameters.min_rust_version >>
- toolkit/common_tests:
min_rust_version: << pipeline.parameters.min_rust_version >>
test_runner: nextest
nextest_profile: ci
post-steps:
- store_test_results:
path: target/nextest/ci/junit.xml
- toolkit/idiomatic_rust:
min_rust_version: << pipeline.parameters.min_rust_version >>
- toolkit/security:
name: security audit only
sonarcloud: false
ignore_advisories: RUSTSEC-2025-0066
filters:
branches:
only: /pull\/[0-9]+/
- /pull\/[0-9]+/
- toolkit/security:
name: security with sonarcloud
context: SonarCloud
ignore_advisories: RUSTSEC-2025-0066
filters:
branches:
ignore:
- /pull\/[0-9]+/
- main
- toolkit/update_prlog:
- toolkit/code_coverage:
min_rust_version: << pipeline.parameters.min_rust_version >>
context: SonarCloud
filters:
branches:
ignore:
- /pull\/[0-9]+/
- main
requires:
- verify_commit_signatures_trusted
- toolkit/required_builds
- toolkit/test_doc_build
- toolkit/idiomatic_rust
- security audit only
- security with sonarcloud
- toolkit/common_tests
context:
- release
- bot-check
ssh_fingerprint: << pipeline.parameters.fingerprint >>
min_rust_version: << pipeline.parameters.min_rust_version >>
on_success:
when:
and:
- not:
equal: [scheduled_pipeline, << pipeline.trigger_source >>]
- << pipeline.parameters.success_flag >>
- not: << pipeline.parameters.validation_flag >>
- not: << pipeline.parameters.release_flag >>
jobs:
- toolkit/end_success
release:
when:
and:
- or:
- and:
- equal: [scheduled_pipeline, << pipeline.trigger_source >>]
- equal: ["release check", << pipeline.schedule.name >>]
- << pipeline.parameters.release_flag >>
- not: << pipeline.parameters.success_flag >>
- not: << pipeline.parameters.validation_flag >>
jobs:
- toolkit/save_next_version:
min_rust_version: << pipeline.parameters.min_rust_version >>
- toolkit/make_release:
requires:
- toolkit/save_next_version
pre-steps:
- attach_workspace:
at: /tmp/workspace
- run:
name: Set SEMVER based on next-version file
command: |
set +ex
export SEMVER=$(cat /tmp/workspace/next-version)
echo $SEMVER
echo "export SEMVER=$SEMVER" >> "$BASH_ENV"
context:
- release
- bot-check
ssh_fingerprint: << pipeline.parameters.fingerprint >>
min_rust_version: << pipeline.parameters.min_rust_version >>
when_get_version: false
- toolkit/no_release:
min_rust_version: << pipeline.parameters.min_rust_version >>
requires:
- toolkit/save_next_version:
- failed