name: Run checks and build archives on: push: branches: - main - develop tags: - "v*.*.*" pull_request: types: [opened, synchronize, reopened] jobs: coverage-and-sonar: runs-on: ubuntu-latest permissions: contents: read pull-requests: read steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Install Nix uses: cachix/install-nix-action@v31 with: nix_path: nixpkgs=channel:nixos-unstable - name: Set up cachix uses: cachix/cachix-action@v17 with: name: phundrak authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - name: Format Check shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}" run: just format-check - name: Audit shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}" run: just audit - name: Coverage shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}" run: just coverage-ci - name: Lint shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}" run: just lint-report - name: Sonar analysis uses: SonarSource/sonarqube-scan-action@v6 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} build: needs: coverage-and-sonar strategy: matrix: target: ["linux-x86_64", "linux-aarch64", "windows-x86_64"] runs-on: ubuntu-latest permissions: contents: read pull-requests: read steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix uses: cachix/install-nix-action@v31 with: nix_path: nixpkgs=channel:nixos-unstable - name: Set up cachix uses: cachix/cachix-action@v17 with: name: phundrak authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - name: Build jj-cz archive run: nix build .#${{matrix.target}}-archive - name: Upload artifact uses: actions/upload-artifact@v3 with: name: jj-cz-${{matrix.target}} path: result/dist/*