feat: jobs tuning #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| GO_VERSION: "1.23" | |
| PYTHON_VERSION: "3.12" | |
| GOFLAGS: "-mod=readonly" | |
| GOPATH: ${{ github.workspace }}/.go | |
| GOMODCACHE: ${{ github.workspace }}/.go/pkg/mod | |
| GOCACHE: ${{ github.workspace }}/.go/cache | |
| jobs: | |
| gate: | |
| name: PR · access gate | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 1 | |
| outputs: | |
| allow: ${{ steps.decide.outputs.allow }} | |
| steps: | |
| - id: decide | |
| env: | |
| EVENT: ${{ github.event_name }} | |
| SAME_REPO: ${{ github.event.pull_request.head.repo.full_name == github.repository }} | |
| ACTOR: ${{ github.event.pull_request.user.login }} | |
| ASSOC: ${{ github.event.pull_request.author_association }} | |
| run: | | |
| set -eu | |
| if [[ "$EVENT" == "push" ]]; then | |
| echo "allow=true" >> "$GITHUB_OUTPUT" | |
| echo "::notice::push event — CI allowed." | |
| exit 0 | |
| fi | |
| # Only PR path remains. | |
| allow=false | |
| reason="not a contributor" | |
| if [[ "$SAME_REPO" != "true" ]]; then | |
| reason="PR comes from a fork" | |
| elif [[ "$ACTOR" == "dependabot[bot]" ]]; then | |
| reason="Dependabot PRs do not run on the self-hosted runner" | |
| else | |
| case "$ASSOC" in | |
| OWNER|COLLABORATOR|MEMBER|CONTRIBUTOR) | |
| allow=true | |
| ;; | |
| *) | |
| reason="author_association='$ASSOC' is not in {OWNER,COLLABORATOR,MEMBER,CONTRIBUTOR}" | |
| ;; | |
| esac | |
| fi | |
| echo "allow=$allow" >> "$GITHUB_OUTPUT" | |
| if [[ "$allow" == "true" ]]; then | |
| echo "::notice::PR allowed for self-hosted CI (actor=$ACTOR, assoc=$ASSOC)." | |
| else | |
| echo "::warning::Self-hosted CI skipped for this PR. Reason: $reason." | |
| fi | |
| go-test: | |
| name: Go · test | |
| needs: gate | |
| if: needs.gate.outputs.allow == 'true' | |
| runs-on: [self-hosted, linux] | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| clean: true | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Verify modules tidy | |
| run: | | |
| go mod download | |
| go mod verify | |
| - name: Build | |
| run: go build ./... | |
| - name: Vet | |
| run: go vet ./... | |
| - name: Test (with coverage) | |
| run: go test -race -covermode=atomic -coverprofile=coverage.out ./... | |
| - name: Coverage summary | |
| run: go tool cover -func=coverage.out | tail -20 | |
| - name: Upload coverage artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: go-coverage | |
| path: coverage.out | |
| retention-days: 7 | |
| go-lint: | |
| name: Go · lint | |
| needs: gate | |
| if: needs.gate.outputs.allow == 'true' | |
| runs-on: [self-hosted, linux] | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| clean: true | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: gofmt check | |
| run: | | |
| fmt_out=$(gofmt -l -s $(go list -f '{{.Dir}}' ./...)) | |
| if [ -n "$fmt_out" ]; then | |
| echo "::error::gofmt would reformat:" | |
| echo "$fmt_out" | |
| exit 1 | |
| fi | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: v1.62 | |
| args: --timeout=5m | |
| skip-cache: false | |
| python-test: | |
| name: Python · test | |
| needs: gate | |
| if: needs.gate.outputs.allow == 'true' | |
| runs-on: [self-hosted, linux] | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: addon/skyfield | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| clean: true | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: pip | |
| cache-dependency-path: addon/skyfield/requirements*.txt | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Cache JPL ephemeris (de421.bsp) | |
| uses: actions/cache@v4 | |
| with: | |
| path: addon/skyfield/skyfield-data/de421.bsp | |
| key: skyfield-de421-v1 | |
| - name: Pre-fetch JPL ephemeris if missing | |
| run: | | |
| mkdir -p skyfield-data | |
| if [ ! -f skyfield-data/de421.bsp ]; then | |
| python -c "from skyfield.api import Loader; Loader('./skyfield-data')('de421.bsp')" | |
| fi | |
| - name: Unit + integration tests | |
| run: python -m unittest discover --start-directory . --pattern 'test_*.py' --verbose | |
| python-lint: | |
| name: Python · lint | |
| needs: gate | |
| if: needs.gate.outputs.allow == 'true' | |
| runs-on: [self-hosted, linux] | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: addon/skyfield | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| clean: true | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: pip | |
| cache-dependency-path: addon/skyfield/requirements-dev.txt | |
| - name: Install ruff | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: ruff check | |
| run: ruff check . | |
| - name: ruff format check | |
| run: ruff format --check . |