Skip to content

Add permissions to website deployment job (backport #4285) #6781

Add permissions to website deployment job (backport #4285)

Add permissions to website deployment job (backport #4285) #6781

Workflow file for this run

name: Continuous Integration
on:
workflow_dispatch:
pull_request:
push:
tags:
- '*'
branches:
- main
- '*.x'
jobs:
ci:
name: ci
strategy:
matrix:
system: ["ubuntu-20.04"]
jvm: ["8"]
scala: ["2.13.10", "2.12.17"]
espresso: ["2.4"]
circt: ["firtool-1.37.0"]
runs-on: ${{ matrix.system }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Tabby OSS Cad Suite
uses: ./.github/workflows/setup-oss-cad-suite
- name: Install Espresso
uses: ./.github/workflows/install-espresso
with:
version: ${{ matrix.espresso }}
- name: Setup Scala
uses: actions/setup-java@v4
with:
distribution: 'adopt'
java-version: ${{ matrix.jvm }}
cache: 'sbt'
- name: Install CIRCT
uses: ./.github/workflows/install-circt
with:
version: ${{ matrix.circt }}
- name: Test
run: sbt ++${{ matrix.scala }} test
- name: Binary compatibility
run: sbt ++${{ matrix.scala }} unipublish/mimaReportBinaryIssues
doc:
name: Formatting
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Scala
uses: actions/setup-java@v4
with:
distribution: 'adopt'
java-version: '11'
cache: 'sbt'
- name: Install CIRCT
uses: ./.github/workflows/install-circt
- name: Check Formatting
run: sbt fmtCheck
integration:
name: Integration Tests (w/ chiseltest)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Tabby OSS Cad Suite
uses: ./.github/workflows/setup-oss-cad-suite
- name: Install Espresso
uses: ./.github/workflows/install-espresso
- name: Install CIRCT
uses: ./.github/workflows/install-circt
- name: Setup Scala
uses: actions/setup-java@v4
with:
distribution: 'adopt'
java-version: '11'
cache: 'sbt'
- name: Integration Tests
# This is here instead of on the whole job because, if a job is skipped, so are dependent jobs.
# If this job were skipped, all_tests_passed would be skipped too.
# By having this "if" here, this job returns success so that all_tests_passed will succeed too.
if: github.event_name != 'pull_request' ||
! contains(github.event.pull_request.labels.*.name, 'Skip chiseltest')
run: sbt integrationTests/test
std:
name: Standard Library Tests
runs-on: ubuntu-20.04
strategy:
matrix:
scala: [ "2.13.10", "2.12.17" ]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Tabby OSS Cad Suite
uses: ./.github/workflows/setup-oss-cad-suite
- name: Setup Scala
uses: actions/setup-java@v4
with:
distribution: 'adopt'
java-version: '11'
cache: 'sbt'
- name: Check Formatting (Scala 2.12 only)
if: startsWith(matrix.scala, '2.12')
run: sbt ++${{ matrix.scala }} standardLibrary/scalafmtCheckAll
- name: Unit Tests
run: sbt ++${{ matrix.scala }} standardLibrary/test
scala-cli-example:
name: Test Chisel Scala-CLI Example
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
# Need to fetch full history for deriving version
with:
fetch-depth: 0
- name: Build and Test Chisel Scala-CLI Example
uses: ./.github/workflows/build-scala-cli-example
# Sentinel job to simplify how we specify which checks need to pass in branch
# protection and in Mergify. This job checks that all jobs were successful.
#
# When adding new jobs, please add them to `needs` below
check-tests:
name: "check tests"
needs: [ci, integration, std, doc, scala-cli-example]
runs-on: ubuntu-20.04
if: success() # only run if all tests have passed
outputs:
success: ${{ steps.setoutput.outputs.success }}
steps:
- id: setoutput
run: echo "success=true" >> $GITHUB_OUTPUT
# Related to check-tests above, this job _always_ runs (even if tests fail
# and thus check-steps is skipped). This two sentinel job approach avoids an
# issue where failing tests causes a single sentinel job to be skipped which
# counts as passing for purposes of branch protection.
#
# See: https://brunoscheufler.com/blog/2022-04-09-the-required-github-status-check-that-wasnt
all_tests_passed:
name: "all tests passed"
runs-on: ubuntu-20.04
if: always() # Always run so that we never skip this check
needs: check-tests
# Pass only if check-tests set its output value
steps:
- run: |
PASSED="${{ needs.check-tests.outputs.success }}"
if [[ $PASSED == "true" ]]; then
echo "### All tests passed! :rocket:" >> $GITHUB_STEP_SUMMARY
exit 0
else
echo "### One or more tests FAILED! :bangbang:" >> $GITHUB_STEP_SUMMARY
exit 1
fi
# sbt ci-release publishes all cross versions so this job needs to be
# separate from a Scala versions build matrix to avoid duplicate publishing
publish:
needs: [all_tests_passed]
runs-on: ubuntu-20.04
if: github.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install CIRCT
uses: ./.github/workflows/install-circt
- name: Setup Scala
uses: actions/setup-java@v4
with:
distribution: 'adopt'
java-version: '8'
cache: 'sbt'
- name: Setup GPG (for Publish)
uses: olafurpg/setup-gpg@v3
- name: Publish
run: sbt -DdisableFatalWarnings ci-release
env:
CI_SNAPSHOT_RELEASE: "+unipublish/publish"
CI_SONATYPE_RELEASE: "+unipublish/publishSigned"
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
PGP_SECRET: ${{ secrets.PGP_SECRET }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}