Add permissions to website deployment job (backport #4285) #6781
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
tags: | |
- '*' | |
branches: | |
- main | |
- '*.x' | |
jobs: | |
ci: | |
name: ci | |
strategy: | |
matrix: | |
system: ["ubuntu-20.04"] | |
jvm: ["8"] | |
scala: ["2.13.10", "2.12.17"] | |
espresso: ["2.4"] | |
circt: ["firtool-1.37.0"] | |
runs-on: ${{ matrix.system }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Tabby OSS Cad Suite | |
uses: ./.github/workflows/setup-oss-cad-suite | |
- name: Install Espresso | |
uses: ./.github/workflows/install-espresso | |
with: | |
version: ${{ matrix.espresso }} | |
- name: Setup Scala | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: ${{ matrix.jvm }} | |
cache: 'sbt' | |
- name: Install CIRCT | |
uses: ./.github/workflows/install-circt | |
with: | |
version: ${{ matrix.circt }} | |
- name: Test | |
run: sbt ++${{ matrix.scala }} test | |
- name: Binary compatibility | |
run: sbt ++${{ matrix.scala }} unipublish/mimaReportBinaryIssues | |
doc: | |
name: Formatting | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Scala | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: '11' | |
cache: 'sbt' | |
- name: Install CIRCT | |
uses: ./.github/workflows/install-circt | |
- name: Check Formatting | |
run: sbt fmtCheck | |
integration: | |
name: Integration Tests (w/ chiseltest) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Tabby OSS Cad Suite | |
uses: ./.github/workflows/setup-oss-cad-suite | |
- name: Install Espresso | |
uses: ./.github/workflows/install-espresso | |
- name: Install CIRCT | |
uses: ./.github/workflows/install-circt | |
- name: Setup Scala | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: '11' | |
cache: 'sbt' | |
- name: Integration Tests | |
# This is here instead of on the whole job because, if a job is skipped, so are dependent jobs. | |
# If this job were skipped, all_tests_passed would be skipped too. | |
# By having this "if" here, this job returns success so that all_tests_passed will succeed too. | |
if: github.event_name != 'pull_request' || | |
! contains(github.event.pull_request.labels.*.name, 'Skip chiseltest') | |
run: sbt integrationTests/test | |
std: | |
name: Standard Library Tests | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
scala: [ "2.13.10", "2.12.17" ] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install Tabby OSS Cad Suite | |
uses: ./.github/workflows/setup-oss-cad-suite | |
- name: Setup Scala | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: '11' | |
cache: 'sbt' | |
- name: Check Formatting (Scala 2.12 only) | |
if: startsWith(matrix.scala, '2.12') | |
run: sbt ++${{ matrix.scala }} standardLibrary/scalafmtCheckAll | |
- name: Unit Tests | |
run: sbt ++${{ matrix.scala }} standardLibrary/test | |
scala-cli-example: | |
name: Test Chisel Scala-CLI Example | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Need to fetch full history for deriving version | |
with: | |
fetch-depth: 0 | |
- name: Build and Test Chisel Scala-CLI Example | |
uses: ./.github/workflows/build-scala-cli-example | |
# Sentinel job to simplify how we specify which checks need to pass in branch | |
# protection and in Mergify. This job checks that all jobs were successful. | |
# | |
# When adding new jobs, please add them to `needs` below | |
check-tests: | |
name: "check tests" | |
needs: [ci, integration, std, doc, scala-cli-example] | |
runs-on: ubuntu-20.04 | |
if: success() # only run if all tests have passed | |
outputs: | |
success: ${{ steps.setoutput.outputs.success }} | |
steps: | |
- id: setoutput | |
run: echo "success=true" >> $GITHUB_OUTPUT | |
# Related to check-tests above, this job _always_ runs (even if tests fail | |
# and thus check-steps is skipped). This two sentinel job approach avoids an | |
# issue where failing tests causes a single sentinel job to be skipped which | |
# counts as passing for purposes of branch protection. | |
# | |
# See: https://brunoscheufler.com/blog/2022-04-09-the-required-github-status-check-that-wasnt | |
all_tests_passed: | |
name: "all tests passed" | |
runs-on: ubuntu-20.04 | |
if: always() # Always run so that we never skip this check | |
needs: check-tests | |
# Pass only if check-tests set its output value | |
steps: | |
- run: | | |
PASSED="${{ needs.check-tests.outputs.success }}" | |
if [[ $PASSED == "true" ]]; then | |
echo "### All tests passed! :rocket:" >> $GITHUB_STEP_SUMMARY | |
exit 0 | |
else | |
echo "### One or more tests FAILED! :bangbang:" >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
# sbt ci-release publishes all cross versions so this job needs to be | |
# separate from a Scala versions build matrix to avoid duplicate publishing | |
publish: | |
needs: [all_tests_passed] | |
runs-on: ubuntu-20.04 | |
if: github.event_name == 'push' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install CIRCT | |
uses: ./.github/workflows/install-circt | |
- name: Setup Scala | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: '8' | |
cache: 'sbt' | |
- name: Setup GPG (for Publish) | |
uses: olafurpg/setup-gpg@v3 | |
- name: Publish | |
run: sbt -DdisableFatalWarnings ci-release | |
env: | |
CI_SNAPSHOT_RELEASE: "+unipublish/publish" | |
CI_SONATYPE_RELEASE: "+unipublish/publishSigned" | |
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
PGP_SECRET: ${{ secrets.PGP_SECRET }} | |
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |