Skip to content

Commit a6fc6d6

Browse files
author
Topgrade Tester
committed
ci: harden workflows with timeouts, concurrency, fetch-depth, and modern cross install
- Add timeout-minutes to all jobs to prevent hung workflows - Add concurrency groups to cancel redundant runs - Add fetch-depth: 1 for faster shallow clones - Replace manual cross download with taiki-e/install-action - Keep all action SHAs pinned for security
1 parent e69f79c commit a6fc6d6

File tree

4 files changed

+30
-3
lines changed

4 files changed

+30
-3
lines changed

.github/workflows/ci.yml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,13 @@ jobs:
2121
fmt:
2222
name: Rustfmt
2323
runs-on: ubuntu-latest
24+
timeout-minutes: 10
2425
steps:
2526
- name: Checkout code
2627
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2728
with:
2829
persist-credentials: false
30+
fetch-depth: 1
2931

3032
- name: Run cargo fmt
3133
env:
@@ -37,11 +39,13 @@ jobs:
3739
custom-checks:
3840
name: Custom checks
3941
runs-on: ubuntu-latest
42+
timeout-minutes: 10
4043
steps:
4144
- name: Checkout code
4245
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4346
with:
4447
persist-credentials: false
48+
fetch-depth: 1
4549

4650
- name: Check if `Step` enum is sorted
4751
run: |
@@ -138,16 +142,18 @@ jobs:
138142
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
139143
with:
140144
persist-credentials: false
145+
fetch-depth: 1
141146

142147
- name: Setup Rust Cache
143148
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
144149
with:
145150
prefix-key: ${{ matrix.target }}
146151

147-
- name: Setup cross
152+
- name: Install cross
148153
if: matrix.use_cross == true
149-
run: |
150-
curl -fL --retry 3 "https://github.com/cross-rs/cross/releases/download/v${CROSS_VER}/cross-x86_64-unknown-linux-musl.tar.gz" | tar vxz -C /usr/local/bin
154+
uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2.60.0
155+
with:
156+
tool: cross@${{ env.CROSS_VER }}
151157

152158
- name: Run cargo/cross check
153159
run: |

.github/workflows/release_to_homebrew.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,14 @@ on:
77
permissions:
88
contents: read
99

10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
1014
jobs:
1115
homebrew-publish:
1216
runs-on: ubuntu-latest
17+
timeout-minutes: 30
1318
steps:
1419
- name: Bump formulae
1520
uses: dawidd6/action-homebrew-bump-formula@3428a0601bba3173ec0bdcc945be23fa27aa4c31 # v5

.github/workflows/release_to_pypi.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,15 @@ on:
77
permissions:
88
contents: read
99

10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
1014
jobs:
1115
# TODO: make linux/windows/macos/sdist a matrix. See how other workflows do it.
1216
linux:
1317
runs-on: ubuntu-latest
18+
timeout-minutes: 60
1419
strategy:
1520
matrix:
1621
target: [x86_64, x86, aarch64]
@@ -33,13 +38,15 @@ jobs:
3338

3439
windows:
3540
runs-on: windows-latest
41+
timeout-minutes: 60
3642
strategy:
3743
matrix:
3844
target: [x64, x86]
3945
steps:
4046
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
4147
with:
4248
persist-credentials: false
49+
fetch-depth: 1
4350

4451
- name: Build wheels
4552
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
@@ -54,13 +61,15 @@ jobs:
5461

5562
macos:
5663
runs-on: macos-latest
64+
timeout-minutes: 60
5765
strategy:
5866
matrix:
5967
target: [x86_64, aarch64]
6068
steps:
6169
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
6270
with:
6371
persist-credentials: false
72+
fetch-depth: 1
6473

6574
- name: Build wheels
6675
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
@@ -75,10 +84,12 @@ jobs:
7584

7685
sdist:
7786
runs-on: ubuntu-latest
87+
timeout-minutes: 20
7888
steps:
7989
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
8090
with:
8191
persist-credentials: false
92+
fetch-depth: 1
8293

8394
- name: Build sdist
8495
uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4

.github/workflows/release_to_winget.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,14 @@ on:
77
permissions:
88
contents: read
99

10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
1014
jobs:
1115
publish:
1216
runs-on: windows-latest
17+
timeout-minutes: 30
1318
steps:
1419
- uses: vedantmgoyal2009/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # main
1520
with:

0 commit comments

Comments
 (0)