secrets-outside-env: flag secrets in reusable workflow calls #1248
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodSpeed Benchmarks | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| - labeled | |
| # `workflow_dispatch` allows CodSpeed to trigger backtest | |
| # performance analysis in order to generate initial data. | |
| workflow_dispatch: | |
| permissions: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| benchmarks: | |
| name: Run benchmarks | |
| # PRs only get benchmarked if they have the `run-benchmarks` label. | |
| # Forks don't have access to CodSpeed secrets, so skip them. | |
| if: | | |
| !github.event.pull_request.head.repo.fork | |
| && (contains(github.event.pull_request.labels.*.name, 'run-benchmarks') | |
| || github.event_name == 'push' | |
| || github.event_name == 'workflow_dispatch') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 | |
| with: | |
| cache-all-crates: true | |
| - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 | |
| - name: Build zizmor (release) | |
| run: cargo build --release | |
| - name: Run the benchmarks | |
| uses: CodSpeedHQ/action@2ac572851726409c88c02a307f1ea2632a9ea59b # v4.11.0 | |
| with: | |
| mode: walltime | |
| run: make bench |