Skip to content
CI

build(deps): bump rustls-webpki from 0.103.7 to 0.103.13 #4006

Sign in to view logs

build(deps): bump rustls-webpki from 0.103.7 to 0.103.13

build(deps): bump rustls-webpki from 0.103.7 to 0.103.13 #4006

Workflow file for this run

.github/workflows/ci.yml at e804ac9
name: CI
on:
push:
branches:
- main
tags:
- "pharia-kernel-v*"
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
CARGO_PROFILE_TEST_DEBUG: 0
jobs:
# We once encountered a a failing build on macOS after merging changes from dependabot:
# While we technically did not have a bug, our dev setup is mostly MacOS and we need to ensure
# we can always build the project on MacOS.
build-macos:
runs-on: macos-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-wasip2
- uses: Swatinem/rust-cache@v2
- run: cargo build
tests:
# Cargo nextest runs test as individual processes and benefits from the number of cores.
runs-on: cpu-runner-16c-64gb-01
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-wasip2
- uses: taiki-e/install-action@v2
with:
tool: wasm-tools,cargo-nextest@0.9.98
- uses: Swatinem/rust-cache@v2
- uses: actions/setup-python@v6
with:
python-version: "3.12"
# UV is required by `cargo` test in order to manage virtual environments for building the
# Python skills used for integration testing.
- name: Install uv
uses: astral-sh/setup-uv@v6
- run: cargo nextest run --workspace --all-features
- run: cargo test --doc
env:
TEST_REGISTRY: ghcr.io
TEST_BASE_REPOSITORY: aleph-alpha/pharia-kernel
TEST_REGISTRY_USER: ${{ github.actor }}
TEST_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
PHARIA_AI_TOKEN: ${{ secrets.PHARIA_AI_TOKEN }}
INFERENCE_URL: https://inference-api.product.pharia.com
DOCUMENT_INDEX_URL: https://document-index.product.pharia.com
AUTHORIZATION_URL: https://pharia-iam.product.pharia.com
OPENAI_INFERENCE__URL: https://api.openai.com/v1
OPENAI_INFERENCE__TOKEN: ${{ secrets.OPENAI_API_KEY }}
lints:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
- uses: Swatinem/rust-cache@v2
- run: cargo fmt -- --check
- run: cargo clippy --workspace --all-features --all-targets -- -D warnings
- run: |
cargo install cargo-shear
cargo shear
build-image:
# We were seeing image build times of 14:46 minutes on ubuntu-latest.
# 8c-32gb brought this down to 7:20 minutes while being billed at $0.032/minute (~$0.23/build)
# 16c-64gb comes in at 6:18 minutes while being billed at $0.064/minute (~$0.40/build)
runs-on: cpu-runner-16c-64gb-01
if: github.event_name != 'pull_request' || startsWith(github.head_ref, 'release-please--')
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v5
- name: Generate image ID
id: generate-image-id
run: |
if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
echo "IMAGE_ID=$(echo ${{ github.ref_name }} | cut -dv -f2)" >> $GITHUB_ENV
else
echo "IMAGE_ID=$(date +%F)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
fi
shell: bash
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056
with:
image: pharia-kernel
tags: latest ${{ env.IMAGE_ID }}
oci: true
containerfiles: |
./Containerfile
- name: Export image to tarball
run: podman save localhost/pharia-kernel:${{ env.IMAGE_ID }} -o /tmp/pharia-kernel.tar
- name: Upload image artifact
uses: actions/upload-artifact@v4
with:
name: pharia-kernel-image
path: /tmp/pharia-kernel.tar
retention-days: 1
- name: Log in to GitHub
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push to GitHub
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c
with:
image: pharia-kernel
tags: ${{ env.IMAGE_ID }}
registry: ghcr.io/aleph-alpha/pharia-kernel
outputs:
image_id: ${{ env.IMAGE_ID }}
test-image:
# We are not time bound by this job, so ubuntu-latest is fine.
runs-on: ubuntu-latest
if: github.event_name != 'pull_request' || startsWith(github.head_ref, 'release-please--')
needs: [build-image]
permissions:
contents: read
env:
IMAGE_ID: ${{ needs.build-image.outputs.image_id }}
steps:
- uses: actions/checkout@v5
- name: Download image artifact
uses: actions/download-artifact@v6
with:
name: pharia-kernel-image
path: /tmp
- name: Load image from tarball
run: podman load -i /tmp/pharia-kernel.tar
- name: Container test
run: bash -x ./tests/test-container.sh pharia-kernel:$IMAGE_ID
- name: Integration test
run: |
(podman run -p 8081:8081 pharia-kernel:$IMAGE_ID | cat) &
bash -x ./tests/test-image.sh 8081 127.0.0.1
dependabot-auto-merge:
needs: [tests, lints, test-image]
permissions:
pull-requests: write
contents: write
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
steps:
- name: Auto-approve
run: gh pr review "$PR_URL" --approve
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Enable auto-merge
run: gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}