chore(deps): update dependency protobuf to v33.2 #434
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| merge_group: | |
| pull_request: | |
| push: | |
| branches: | |
| - "main" | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.14" | |
| - name: Install pre-commit | |
| run: pip install pre-commit | |
| - name: Run pre-commit hooks | |
| run: pre-commit run --all-files | |
| docs: | |
| runs-on: ubuntu-latest | |
| needs: [pre-commit] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: bazel-contrib/setup-bazel@5528b8082a800fc1dcf8ff0de93a30fa1c061239 | |
| - name: Generate documentation | |
| run: bazel build //docs:docs | |
| env: | |
| USE_BAZEL_VERSION: "8.4.2" | |
| - name: Check docs are up-to-date | |
| run: | | |
| # Generate docs to bazel-bin | |
| # Compare with committed docs | |
| for file in bazel-bin/docs/*.md; do | |
| basename=$(basename "$file") | |
| if ! diff -q "$file" "docs/$basename"; then | |
| echo "Error: docs/$basename is out of date" | |
| echo "Run: bazel build //docs:docs && cp bazel-bin/docs/*.md docs/" | |
| exit 1 | |
| fi | |
| done | |
| shell: bash | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| needs: [pre-commit] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Strategic test matrix (13 jobs total): | |
| # - WORKSPACE mode: Bazel 8.4.2 (deprecated but supported on current LTS) | |
| # - bzlmod mode: Bazel 8.4.2 (current LTS) and 9.0.0rc2 (next major) | |
| # - All 3 OSes (ubuntu, macos, windows) with remote verification (9 jobs) | |
| # - Ubuntu only with local verification (3 jobs) | |
| # - Ubuntu with action_file license mode (1 job) | |
| include: | |
| # Remote verification: all OSes, all configs (9 jobs) | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "workspace", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: macos-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "workspace", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: windows-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "workspace", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: macos-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: windows-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "9.0.0rc2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: macos-latest, | |
| bazel_version: "9.0.0rc2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: windows-latest, | |
| bazel_version: "9.0.0rc2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| # Local verification: ubuntu only, all configs (3 jobs) | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "workspace", | |
| verification_backend: "local", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "bzlmod", | |
| verification_backend: "local", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "9.0.0rc2", | |
| build_system: "bzlmod", | |
| verification_backend: "local", | |
| license_source: "local_acquire", | |
| auth_token_path: "", | |
| } | |
| # Test action_file license mode (1 job) | |
| - { | |
| os: ubuntu-latest, | |
| bazel_version: "8.4.2", | |
| build_system: "bzlmod", | |
| verification_backend: "remote", | |
| license_source: "action_file", | |
| auth_token_path: "/tmp/coco-auth-token", | |
| } | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: bazel-contrib/setup-bazel@5528b8082a800fc1dcf8ff0de93a30fa1c061239 | |
| - name: Create auth token file for action_file mode | |
| if: matrix.auth_token_path != '' | |
| run: | | |
| AUTH_TOKEN="{\"external\": { \ | |
| \"connection_id\": \"6143ef52-0286-4d9e-9176-92ab2020bbd3\", \ | |
| \"github\": { \ | |
| \"url\": \"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=\${audience}\", \ | |
| \"authorization\": \"bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}\" \ | |
| }}}" | |
| echo "$AUTH_TOKEN" > ${{ matrix.auth_token_path }} | |
| shell: bash | |
| - name: Test root workspace | |
| run: | | |
| export COCOTEC_AUTH_TOKEN="{\"external\": { \ | |
| \"connection_id\": \"6143ef52-0286-4d9e-9176-92ab2020bbd3\", \ | |
| \"github\": { \ | |
| \"url\": \"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=\${audience}\", \ | |
| \"authorization\": \"bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}\" \ | |
| }}}" | |
| bazel test --config=ci --config=${{ matrix.build_system }} \ | |
| --repo_env=COCOTEC_AUTH_TOKEN \ | |
| --color=yes \ | |
| --keep_going \ | |
| --test_output=errors \ | |
| --@rules_coco//:license_source=${{ matrix.license_source }} \ | |
| --@rules_coco//:auth_token_path=${{ matrix.auth_token_path }} \ | |
| --@rules_coco//:verification_backend=${{ matrix.verification_backend }} \ | |
| //... | |
| shell: bash | |
| env: | |
| USE_BAZEL_VERSION: ${{ matrix.bazel_version }} | |
| BAZEL_SH: C:\msys64\usr\bin\bash.exe | |
| - name: Test e2e scenarios | |
| run: | | |
| export COCOTEC_AUTH_TOKEN="{\"external\": { \ | |
| \"connection_id\": \"6143ef52-0286-4d9e-9176-92ab2020bbd3\", \ | |
| \"github\": { \ | |
| \"url\": \"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=\${audience}\", \ | |
| \"authorization\": \"bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}\" \ | |
| }}}" | |
| # Run tests for each e2e scenario (auto-discover subdirectories) | |
| for dir in e2e/*/; do | |
| dir=${dir%/} # Remove trailing slash | |
| # Skip multi_version for action_file mode - it uses popili 1.5.0 | |
| # which doesn't support --machine-auth-token (requires 1.5.2+) | |
| if [ "${{ matrix.license_source }}" = "action_file" ] && [ "$dir" = "e2e/multi_version" ]; then | |
| echo "Skipping ${dir} (uses popili 1.5.0, action_file requires 1.5.2+)" | |
| continue | |
| fi | |
| echo "Testing ${dir}..." | |
| (cd "${dir}" && bazel test \ | |
| --config=${{ matrix.build_system }} \ | |
| --repo_env=COCOTEC_AUTH_TOKEN \ | |
| --color=yes \ | |
| --keep_going \ | |
| --test_output=errors \ | |
| --@rules_coco//:license_source=${{ matrix.license_source }} \ | |
| --@rules_coco//:auth_token_path=${{ matrix.auth_token_path }} \ | |
| --@rules_coco//:verification_backend=${{ matrix.verification_backend }} \ | |
| //...) || exit 1 | |
| done | |
| shell: bash | |
| env: | |
| USE_BAZEL_VERSION: ${{ matrix.bazel_version }} | |
| BAZEL_SH: C:\msys64\usr\bin\bash.exe | |
| # This allows us to have a branch protection rule for tests and deploys with matrix | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [pre-commit, docs, test] | |
| if: always() | |
| steps: | |
| - name: Successful build | |
| if: ${{ !(contains(needs.*.result, 'failure')) }} | |
| run: exit 0 | |
| - name: Failing build | |
| if: ${{ contains(needs.*.result, 'failure') }} | |
| run: exit 1 |