name: "Prebuild checks" on: pull_request: workflow_dispatch: schedule: - cron: '13 23 * * *' # every day @ 23:13 # cancel any previous runs on the same PR concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true env: CARGOLOCK_COMMENT: Looks like you changed `Cargo.lock`. Please make sure to review the dependencies and update [internal version list](https://www.notion.so/satoshilabs/Rust-dependencies-a9cc6e8dab934def8eb27896c001e6e2). jobs: block-fixup: name: Block fixup if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Block Fixup Commit Merge uses: 13rac1/block-fixup-merge-action@v2.0.0 # Check the code for style correctness and perform some static code analysis. # Biggest part is the python one - using `flake8`, `isort`, `black`, `pylint` and `pyright`, # also checking Rust files by `rustfmt` and C files by `clang-format`. # Changelogs formats are checked. style_check: name: Style check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: ./.github/actions/environment - name: "Run style check" run: nix-shell --run "poetry run make style_check" - name: "Run .editorconfig check" run: nix-shell --run "poetry run make editor_check" # Check validity of coin definitions and protobuf files. defs_check: name: Defs check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: "recursive" - uses: ./.github/actions/environment - name: "Run defs check" run: nix-shell --run "poetry run make defs_check" # Check validity of auto-generated files. gen_check: name: Gen check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: "recursive" - uses: ./.github/actions/environment - name: "Run gen check" run: nix-shell --run "poetry run make gen_check" # Verifying that all commits changing some functionality have a changelog entry # or contain `[no changelog]` in the commit message. changelog_check: name: Changelog check if: ${{ github.ref != 'main' && github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - name: "Run changelog check" run: ./ci/check_changelog.sh # Checking the format of release commit messages. release_commit_msg_check: name: Release commit message check if: ${{ startsWith(github.ref, 'refs/tags/release/') && github.repository == 'trezor/trezor-firmware' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: ./.github/actions/environment - name: "Check release commit message format" run: ./ci/check_release_commit_messages.sh # Warn if core/embed/rust/Cargo.lock changed cargolock_check: name: Cargo.lock check if: ${{ github.ref != 'main' && github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - name: Ask git run: | git diff --exit-code origin/main -- core/embed/rust/Cargo.lock || echo cargo_modified=1 > $GITHUB_ENV cat $GITHUB_OUTPUT - name: Find Comment uses: peter-evans/find-comment@v3 if: ${{ env.cargo_modified == '1' }} id: fc with: issue-number: ${{ github.event.pull_request.number }} comment-author: 'github-actions[bot]' body-includes: cargolock-comment-${{ github.workflow }} - name: Create comment uses: peter-evans/create-or-update-comment@v4 if: ${{ env.cargo_modified == '1' && steps.fc.outputs.comment-id == '' }} with: issue-number: ${{ github.event.pull_request.number }} body: | ${{ env.CARGOLOCK_COMMENT }} edit-mode: replace