chore(ci): integrate cargo-semver-checks #1166
Conversation
orhun
requested review from
joshka,
kdheepak,
Valentin271 and
EdJoPaTo
as code owners
| with: | ||
| ref: ${{ github.event.pull_request.head.ref }} | ||
| repository: ${{ github.event.pull_request.head.repo.full_name }} |
There was a problem hiding this comment.
Isn't the default of checkout to use the head? Could this be removed with the same outcome → simpler config?
There was a problem hiding this comment.
As an aside - if there's something obvious like this that can be removed which would make you give an approval, feel free to slap the approval on and trust that the maintainers will do the right thing with the code. With all of us in various time zones, this helps move things along rather than PRs getting stagnated waiting for the next round of approval.
There was a problem hiding this comment.
Isn't the default of checkout to use the head?
Nope, it checks out the merge commit as default: https://github.com/actions/checkout?tab=readme-ov-file#checkout-pull-request-head-commit-instead-of-merge-commit
I also used repository here since we want to check out from the source (forked repository) instead of destination.
Apparently I tried to think ahead of time here, it might work with/without these settings. I'd say let's give it a shot and see what happens :)
|
👋 Hi all! @orhun is exactly right that the current action is best when used immediately before release, and that a better workflow we want to support in the future is running on each PR. We ran into some security concerns around being able to post comments and set labels safely after scanning an arbitrary PR, which e.g. might contain a malicious This is a problem that I'm confident has a solution. I'm currently in the middle of a fundraising push aimed at securing funding to solve this problem and add several other missing pieces of functionality. Wish me luck! 🤞 If I'm successful, then PRs with breaking changes will be able to be labeled e.g. Please ping me if you run into any issues and I'd be happy to help! If you find the tool helpful, I also love hearing about that too 😁 And if you are able to support its development, support on GitHub Sponsors goes a long way 🙏 |
Good idea! I think we can do that in a follow-up PR.
Hey @obi1kenobi! 👋🏼
Best of luck! Very excited to see the future of |
Personal opinion: GitHub Actions should only run after approving it as every PR can add things to the |
|
I agree with the sentiment! I use two things in my own repos for this:
Unfortunately for our desired |
It is intended to be run before publishing the crate but I don't feel like that is aligned with our workflow since we are already tracking the breaking changes in a separate document. That is why I integrated it into
check-pr.ymlwhere it is being run for PRs.I had some experiments with
cargo-semver-checksbefore and I think it is pretty useful. I have an open PR where I also improved the workflow a bit: obi1kenobi/cargo-semver-checks-action#65 - in the future we will be able to add comments to the PRs about semver violations.Let me know what you think!
Inviting @obi1kenobi to the discussion 🐻