Skip to content

main

main #7523

Workflow file for this run

name: main
on:
pull_request:
branches:
- master
push:
branches:
- master
tags:
- v*
schedule:
- cron: 32 2 * * *
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
ACTIONLINT_VERSION: 1.7.6 # https://github.com/rhysd/actionlint/releases
AGE_VERSION: 1.2.1 # https://github.com/FiloSottile/age/releases
CHOCOLATEY_VERSION: 2.4.1 # https://github.com/chocolatey/choco/releases
EDITORCONFIG_CHECKER_VERSION: 3.1.1 # https://github.com/editorconfig-checker/editorconfig-checker/releases
FIND_TYPOS_VERSION: 0.0.3 # https://github.com/twpayne/find-typos/tags
GO_VERSION: 1.23.4 # https://go.dev/doc/devel/release
GOFUMPT_VERSION: 0.7.0 # https://github.com/mvdan/gofumpt/releases
GOLANGCI_LINT_VERSION: 1.63.4 # https://github.com/golangci/golangci-lint/releases
GOLINES_VERSION: 0.12.2 # https://github.com/segmentio/golines/releases
GORELEASER_VERSION: 2.5.1 # https://github.com/goreleaser/goreleaser/releases
GOVERSIONINFO_VERSION: 1.4.1 # https://github.com/josephspurrier/goversioninfo/releases
PYTHON_VERSION: '3.10' # https://www.python.org/downloads/
RAGE_VERSION: 0.11.1 # https://github.com/str4d/rage/releases
UV_VERSION: 0.5.16 # https://github.com/astral-sh/uv/releases
jobs:
changes:
runs-on: ubuntu-22.04
outputs:
code: ${{ steps.filter.outputs.code }}
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- id: filter
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
with:
filters: |
code:
- '**/*.go'
- '.github/actions/setup-go/action.yml'
- '.github/workflows/main.yml'
- '.goreleaser.yaml'
- 'Makefile'
- 'assets/**/*.tmpl'
- 'assets/docker/**'
- 'assets/scripts/*.py'
- 'assets/scripts/generate-commit.go'
- 'assets/scripts/stow-to-chezmoi.sh'
- 'assets/vagrant/**'
- 'completions/**'
- 'go.*'
- 'internal/**/!(install.sh.tmpl)'
codeql:
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: ubuntu-22.04
permissions:
security-events: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 1
- uses: ./.github/actions/setup-go
with:
go-version: ${{ env.GO_VERSION }}
upload-cache: false
- uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
with:
languages: go
- uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
misspell:
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1
with:
locale: US
ignore: ackward,importas
test-alpine:
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
with:
path: |
~/.go-alpine
key: alpine-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
alpine-go-
- name: test
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
run: |
export DOCKER_GOCACHE="$HOME/.go-alpine"
./assets/docker/test.sh alpine
test-archlinux:
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
with:
path: |
~/.go-archlinux
key: archlinux-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
archlinux-go-
- name: test
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
run: |
export DOCKER_GOCACHE="$HOME/.go-archlinux"
./assets/docker/test.sh archlinux
test-macos:
name: test-macos-${{ matrix.test-index }}
strategy:
fail-fast: false
matrix:
test-index: [0, 1, 2]
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: macos-15
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/setup-go
with:
go-version: ${{ env.GO_VERSION }}
- name: build
run: |
go build -v ./...
- name: run
run: |
go run . --version
- name: install-age
run: |
brew install age
age --version
- name: install-rage
run: |
brew tap str4d.xyz/rage https://str4d.xyz/rage
brew install rage
rage --version
- name: install-keepassxc
run: |
brew install keepassxc
keepassxc-cli --version
- name: test
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
run: |
if [ "${{ matrix.test-index }}" = "0" ]; then
go test ./... -short -race
go test ./internal/cmd -run=TestScript -filter='^[0-9a-dA-D]' -race
elif [ "${{ matrix.test-index }}" = "1" ]; then
go test ./internal/cmd -run=TestScript -filter='^[e-iE-I]' -race
else
go test ./internal/cmd -run=TestScript -filter='^[j-zJ-Z]' -race
fi
test-oldstable-go:
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
with:
go-version: oldstable
- name: build
run: |
go build -v ./...
- name: run
run: |
go run . --version
- name: install-age
run: |
cd "$(mktemp -d)"
curl -fsSL "https://github.com/FiloSottile/age/releases/download/v${AGE_VERSION}/age-v${AGE_VERSION}-linux-amd64.tar.gz" | tar xzf -
sudo install -m 755 age/age /usr/local/bin
sudo install -m 755 age/age-keygen /usr/local/bin
- name: install-rage
run: |
cd "$(mktemp -d)"
curl -fsSL "https://github.com/str4d/rage/releases/download/v${RAGE_VERSION}/rage-v${RAGE_VERSION}-x86_64-linux.tar.gz" | tar xzf -
sudo install -m 755 rage/rage /usr/local/bin
sudo install -m 755 rage/rage-keygen /usr/local/bin
- name: test
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
run: |
go test ./...
test-release:
needs: changes
runs-on: ubuntu-20.04 # use older Ubuntu for older glibc
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- uses: ./.github/actions/setup-go
with:
cache-prefix: release-go
go-version: ${{ env.GO_VERSION }}
- name: install-release-dependencies
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
run: |
sudo apt-get --quiet update
sudo apt-get --no-install-suggests --no-install-recommends --quiet --yes install musl-tools snapcraft
mkdir -p /opt/chocolatey
wget -q -O - "https://github.com/chocolatey/choco/releases/download/${CHOCOLATEY_VERSION}/chocolatey.v${CHOCOLATEY_VERSION}.tar.gz" | tar -xz -C "/opt/chocolatey"
echo '#!/bin/bash' >> /usr/local/bin/choco
echo 'mono /opt/chocolatey/choco.exe $@' >> /usr/local/bin/choco
chmod +x /usr/local/bin/choco
- name: create-syso
run: |
make create-syso
- name: build-release
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf
with:
version: ${{ env.GORELEASER_VERSION }}
args: release --skip=sign --snapshot --timeout=1h
- name: upload-artifact-chezmoi-darwin-amd64
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: chezmoi-darwin-amd64
path: dist/chezmoi-nocgo_darwin_amd64_v1/chezmoi
- name: upload-artifact-chezmoi-darwin-arm64
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: chezmoi-darwin-arm64
path: dist/chezmoi-nocgo_darwin_arm64_v8.0/chezmoi
- name: upload-artifact-chezmoi-linux-amd64
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: chezmoi-linux-amd64
path: dist/chezmoi-cgo-glibc_linux_amd64_v1/chezmoi
- name: upload-artifact-chezmoi-linux-musl-amd64
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: chezmoi-linux-amd64-musl
path: dist/chezmoi-cgo-musl_linux_amd64_v1/chezmoi
- name: upload-artifact-chezmoi-windows-amd64.exe
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: chezmoi-windows-amd64
path: dist/chezmoi-nocgo_windows_amd64_v1/chezmoi.exe
test-ubuntu:
name: test-ubuntu-umask${{ matrix.umask }}-${{ matrix.test-index }}
strategy:
fail-fast: false
matrix:
umask:
- "022"
- "002"
test-index: [0, 1]
needs: changes
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
if: github.event_name == 'push' || needs.changes.outputs.code == 'true' || (matrix.umask == '022' && matrix.test-index == 0)
with:
fetch-depth: 0
- uses: ./.github/actions/setup-go
if: github.event_name == 'push' || needs.changes.outputs.code == 'true' || (matrix.umask == '022' && matrix.test-index == 0)
with:
go-version: ${{ env.GO_VERSION }}
- name: install-age
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
run: |
cd "$(mktemp -d)"
curl -fsSL "https://github.com/FiloSottile/age/releases/download/v${AGE_VERSION}/age-v${AGE_VERSION}-linux-amd64.tar.gz" | tar xzf -
sudo install -m 755 age/age /usr/local/bin
sudo install -m 755 age/age-keygen /usr/local/bin
- name: install-rage
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
run: |
cd "$(mktemp -d)"
curl -fsSL "https://github.com/str4d/rage/releases/download/v${RAGE_VERSION}/rage-v${RAGE_VERSION}-x86_64-linux.tar.gz" | tar xzf -
sudo install -m 755 rage/rage /usr/local/bin
sudo install -m 755 rage/rage-keygen /usr/local/bin
- name: build
if: github.event_name == 'push' || needs.changes.outputs.code == 'true' || (matrix.umask == '022' && matrix.test-index == 0)
run: |
go build -v ./...
- name: run
if: github.event_name == 'push' || needs.changes.outputs.code == 'true' || (matrix.umask == '022' && matrix.test-index == 0)
run: |
go run . --version
- name: test-umask-${{ matrix.umask }}
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
TEST_FLAGS: '-ldflags="-X github.com/twpayne/chezmoi/v2/internal/chezmoitest.umaskStr=0o${{ matrix.umask }}" -race -timeout=1h'
run: |
if [ "${{ matrix.test-index }}" = "0" ]; then
go test ./... -short ${{ env.TEST_FLAGS }}
go test ./internal/cmd -run=TestScript -filter='^[0-9a-hA-h]' ${{ env.TEST_FLAGS }}
else
go test ./internal/cmd -run=TestScript -filter='^[i-zI-Z]' ${{ env.TEST_FLAGS }}
fi
test-website:
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/setup-go
with:
cache-prefix: website-go
go-version: ${{ env.GO_VERSION }}
- uses: astral-sh/setup-uv@887a942a15af3a7626099df99e897a18d9e5ab3a
with:
enable-cache: true
version: ${{ env.UV_VERSION }}
- name: install-website-dependencies
run: |
uv python install ${{ env.PYTHON_VERSION }}
uv sync --locked
- name: build-website
run: uv run -v task build-docs
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
test-windows:
name: test-windows-${{ matrix.test-index }}
strategy:
fail-fast: false
matrix:
test-index: [0, 1, 2]
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: windows-2022
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/setup-go
with:
go-version: ${{ env.GO_VERSION }}
- name: build
run: |
go build -v ./...
- name: run
run: |
go run . --version
- name: test
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
run: |
if (${{ matrix.test-index }} -eq 0) {
go test ./... -short -race
go test ./internal/cmd -run=TestScript -filter='^[0-9a-cA-C]' -race
} elseif (${{ matrix.test-index }} -eq 1) {
go test ./internal/cmd -run=TestScript -filter='^[d-lD-L]' -race
} else {
go test ./internal/cmd -run=TestScript -filter='^[m-zM-Z]' -race
}
check:
runs-on: ubuntu-22.04
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- uses: ./.github/actions/setup-go
with:
go-version: ${{ env.GO_VERSION }}
upload-cache: false
- name: generate
run: |
go generate
git diff --exit-code
- name: actionlint
run: |
go install "github.com/rhysd/actionlint/cmd/actionlint@v${ACTIONLINT_VERSION}"
actionlint
- uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38
with:
ignore_paths: completions
- name: editorconfig-checker
run: |
GOOS="$(go env GOOS)"
GOARCH="$(go env GOARCH)"
curl -sSfL "https://github.com/editorconfig-checker/editorconfig-checker/releases/download/v${EDITORCONFIG_CHECKER_VERSION}/ec-${GOOS}-${GOARCH}.tar.gz" | tar -xzf -
"bin/ec-${GOOS}-${GOARCH}"
- name: lint-whitespace
run: |
go run ./internal/cmds/lint-whitespace
- name: lint-txtar
run: |
find . -name '*.txtar' -print0 | xargs -0 go run ./internal/cmds/lint-txtar
- name: find-typos
run: |
go install "github.com/twpayne/find-typos@v${FIND_TYPOS_VERSION}"
find-typos -format=github-actions chezmoi .
- name: lint-commit-messages
if: github.event_name == 'push'
run: |
go run ./internal/cmds/lint-commit-messages HEAD~1..HEAD
- name: lint-commit-messages
if: github.event_name == 'pull_request' && github.event.pull_request.draft == false
run: |
go run ./internal/cmds/lint-commit-messages ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }}..${{ github.event.pull_request.head.sha }}
lint:
name: lint-${{ matrix.runs-on }}
strategy:
fail-fast: false
matrix:
runs-on:
- macos-15
- ubuntu-22.04
- windows-2022
needs: changes
if: github.event_name == 'push' || needs.changes.outputs.code == 'true'
runs-on: ${{ matrix.runs-on }}
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/setup-go
with:
go-version: ${{ env.GO_VERSION }}
upload-cache: false
- uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8
with:
version: v${{ env.GOLANGCI_LINT_VERSION }}
args: --timeout=5m
release: # FIXME this should be merged into test-release above
if: startsWith(github.ref, 'refs/tags/')
needs:
- check
- lint
- test-alpine
- test-archlinux
- test-macos
- test-oldstable-go
- test-release
- test-ubuntu
- test-website
- test-windows
runs-on: ubuntu-20.04 # use older Ubuntu for older glibc
permissions:
contents: write
steps:
- name: install-build-dependencies
run: |
sudo apt-get --quiet update
sudo apt-get --no-install-suggests --no-install-recommends --quiet --yes install musl-tools snapcraft
mkdir -p /opt/chocolatey
wget -q -O - "https://github.com/chocolatey/choco/releases/download/${CHOCOLATEY_VERSION}/chocolatey.v${CHOCOLATEY_VERSION}.tar.gz" | tar -xz -C "/opt/chocolatey"
echo '#!/bin/bash' >> /usr/local/bin/choco
echo 'mono /opt/chocolatey/choco.exe $@' >> /usr/local/bin/choco
chmod +x /usr/local/bin/choco
- name: check-snapcraft-credentials
run: snapcraft whoami
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- uses: ./.github/actions/setup-go
with:
cache-prefix: release-go
go-version: ${{ env.GO_VERSION }}
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da
- name: create-syso
run: |
make create-syso
- uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf
with:
version: ${{ env.GORELEASER_VERSION }}
args: release --timeout=1h
env:
CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
SCOOP_GITHUB_TOKEN: ${{ secrets.SCOOP_GITHUB_TOKEN }}
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
WINGET_GITHUB_TOKEN: ${{ secrets.WINGET_GITHUB_TOKEN }}
deploy-website:
needs:
- release
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- uses: ./.github/actions/setup-go
with:
cache-prefix: website-go
go-version: ${{ env.GO_VERSION }}
- uses: astral-sh/setup-uv@887a942a15af3a7626099df99e897a18d9e5ab3a
with:
enable-cache: true
version: ${{ env.UV_VERSION }}
- name: prepare-chezmoi.io
run: |
uv sync --locked
uv python install ${{ env.PYTHON_VERSION }}
uv run -v task build-docs
env:
CHEZMOI_GITHUB_TOKEN: ${{ secrets.CHEZMOI_GITHUB_TOKEN }}
- name: push-chezmoi.io
run: |
uv run -v task deploy-docs
- name: prepare-get.chezmoi.io
run: |
cp assets/scripts/install.sh assets/get.chezmoi.io/index.html
cp assets/scripts/install-local-bin.sh assets/get.chezmoi.io/lb
cp assets/scripts/install.ps1 assets/get.chezmoi.io/ps1
cp LICENSE assets/get.chezmoi.io/LICENSE
- name: push-get.chezmoi.io
uses: cpina/github-action-push-to-another-repository@07c4d7b3def0a8ebe788a8f2c843a4e1de4f6900
env:
SSH_DEPLOY_KEY: ${{ secrets.GET_CHEZMOI_IO_SSH_DEPLOY_KEY }}
with:
source-directory: assets/get.chezmoi.io
destination-github-username: chezmoi
destination-repository-name: get.chezmoi.io
target-branch: gh-pages
commit-message: 'chore: Update from ORIGIN_COMMIT'
user-email: [email protected]