-
Notifications
You must be signed in to change notification settings - Fork 275
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(ci): integrate cargo-semver-checks #1166
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like to see cargo-semver-check being integrated!
with: | ||
ref: ${{ github.event.pull_request.head.ref }} | ||
repository: ${{ github.event.pull_request.head.repo.full_name }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't the default of checkout to use the head? Could this be removed with the same outcome → simpler config?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As an aside - if there's something obvious like this that can be removed which would make you give an approval, feel free to slap the approval on and trust that the maintainers will do the right thing with the code. With all of us in various time zones, this helps move things along rather than PRs getting stagnated waiting for the next round of approval.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't the default of checkout to use the head?
Nope, it checks out the merge commit as default: https://github.com/actions/checkout?tab=readme-ov-file#checkout-pull-request-head-commit-instead-of-merge-commit
I also used repository
here since we want to check out from the source (forked repository) instead of destination.
Apparently I tried to think ahead of time here, it might work with/without these settings. I'd say let's give it a shot and see what happens :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if it might also be possible to make this ensure that a breaking PR has a !, check that there are changes in the breaking changes doc, and add a breaking change label.
+1 to remove the unnecessary checkout config
👋 Hi all! @orhun is exactly right that the current action is best when used immediately before release, and that a better workflow we want to support in the future is running on each PR. We ran into some security concerns around being able to post comments and set labels safely after scanning an arbitrary PR, which e.g. might contain a malicious This is a problem that I'm confident has a solution. I'm currently in the middle of a fundraising push aimed at securing funding to solve this problem and add several other missing pieces of functionality. Wish me luck! 🤞 If I'm successful, then PRs with breaking changes will be able to be labeled e.g. Please ping me if you run into any issues and I'd be happy to help! If you find the tool helpful, I also love hearing about that too 😁 And if you are able to support its development, support on GitHub Sponsors goes a long way 🙏 |
Good idea! I think we can do that in a follow-up PR.
Hey @obi1kenobi! 👋🏼
Best of luck! Very excited to see the future of |
Personal opinion: GitHub Actions should only run after approving it as every PR can add things to the |
I agree with the sentiment! I use two things in my own repos for this:
Unfortunately for our desired |
It is intended to be run before publishing the crate but I don't feel like that is aligned with our workflow since we are already tracking the breaking changes in a separate document. That is why I integrated it into
check-pr.yml
where it is being run for PRs.I had some experiments with
cargo-semver-checks
before and I think it is pretty useful. I have an open PR where I also improved the workflow a bit: obi1kenobi/cargo-semver-checks-action#65 - in the future we will be able to add comments to the PRs about semver violations.Let me know what you think!
Inviting @obi1kenobi to the discussion 🐻