Skip to content

ci: add Mergify merge queue and simplify CI #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
unclesp1d3r merged 2 commits into from
Feb 15, 2026
Merged

ci: add Mergify merge queue and simplify CI #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f932c64
ci: add Mergify merge queue and simplify CI workflow
unclesp1d3r Feb 15, 2026
a20b421
ci: fix cargo deny config path and remove advanced CodeQL workflow
unclesp1d3r Feb 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 2 additions & 42 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,38 +21,8 @@ env:
GITHUB_ACTIONS: true

jobs:
# Detect if Rust code has changed
changes:
runs-on: ubuntu-latest
outputs:
rust: ${{ steps.filter.outputs.rust }}
docs: ${{ steps.filter.outputs.docs }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
rust:
- '**/*.rs'
- '**/Cargo.toml'
- '**/Cargo.lock'
- '**/build.rs'
- 'justfile'
- 'rust-toolchain.toml'
- 'deny.toml'
docs:
- 'docs/**'
- '*.md'
- '.kiro/**'
- 'spec/**'

# Code quality checks - always run
quality:
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.rust == 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: dtolnay/rust-toolchain@0dd4a6d07aedb0ef7f65e79f3e229a6c102ae2e0 # 1.91.0
Expand All @@ -69,8 +39,6 @@ jobs:

test:
runs-on: ubuntu-latest
needs: changes
if: needs.changes.outputs.rust == 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
Expand All @@ -85,26 +53,21 @@ jobs:
- name: Build release
run: cargo build --release --all-features

# Test cross-platform - only run when Rust code changes
test-cross-platform:
strategy:
matrix:
include:
# Primary Support - Linux
- os: ubuntu-latest
platform: "Linux"
- os: ubuntu-22.04
platform: "Linux"
# Primary Support - macOS (using available runners)
- os: macos-latest
platform: "macOS"
# Primary Support - Windows
- os: windows-latest
platform: "Windows"

runs-on: ${{ matrix.os }}
needs: [changes, test]
if: needs.changes.outputs.rust == 'true'
needs: test
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
Expand All @@ -113,15 +76,12 @@ jobs:
cache: true
github_token: ${{ secrets.GITHUB_TOKEN }}

# Run tests and build the release binary
- run: cargo nextest run --all-features
- run: cargo build --release --all-features

# Generate coverage for TLS-enabled builds - only run when Rust code changes
coverage:
runs-on: ubuntu-latest
needs: [changes, test]
if: needs.changes.outputs.rust == 'true'
needs: test
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
Expand Down
35 changes: 0 additions & 35 deletions .github/workflows/codeql.yml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Run cargo deny check
run: cargo deny check --config deny.ci.toml
run: cargo deny check

- name: Run cargo outdated
run: cargo outdated --depth=1 --exit-code=1
Expand Down
66 changes: 47 additions & 19 deletions .mergify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,56 @@
queue_rules:
- name: default
merge_method: squash
merge_conditions:
- check-success = quality
- check-success = test
- "check-success = test-cross-platform (ubuntu-latest, Linux)"
- "check-success = test-cross-platform (ubuntu-22.04, Linux)"
- "check-success = test-cross-platform (macos-latest, macOS)"
- "check-success = test-cross-platform (windows-latest, Windows)"
- check-success = coverage

pull_request_rules:
- name: Queue PRs when approved
conditions:
- base = main
- "#approved-reviews-by >= 1"
- label != do-not-merge
actions:
queue:
name: default

- name: Auto-queue release-plz PRs
conditions:
- base = main
- "head ~= ^release-plz-"
actions:
queue:
name: default

- name: Auto-queue dependabot PRs
conditions:
- base = main
- author = dependabot[bot]
actions:
queue:
name: default

merge_protections:
- name: CI must pass
description: >-
All CI checks must pass or be legitimately skipped (path filtering).
Matrix job names differ between running and skipped states, so the
test-cross-platform rule uses an and/or pattern to handle both.
All CI checks must pass. This protection prevents manual merges
that bypass the merge queue.
if:
- base = main
success_conditions:
- or:
- check-success = quality
- check-skipped = quality
- or:
- check-success = test
- check-skipped = test
- or:
- and:
- "check-success = test-cross-platform (ubuntu-latest, Linux)"
- "check-success = test-cross-platform (ubuntu-22.04, Linux)"
- "check-success = test-cross-platform (macos-latest, macOS)"
- "check-success = test-cross-platform (windows-latest, Windows)"
- check-skipped = test-cross-platform
- or:
- check-success = coverage
- check-skipped = coverage
- check-success = quality
- check-success = test
- "check-success = test-cross-platform (ubuntu-latest, Linux)"
- "check-success = test-cross-platform (ubuntu-22.04, Linux)"
- "check-success = test-cross-platform (macos-latest, macOS)"
- "check-success = test-cross-platform (windows-latest, Windows)"
- check-success = coverage

- name: Do not merge outdated PRs
description: Make sure PRs are within 10 commits of the base branch before merging
Expand Down
Loading