pingcap/tidb
5 workflows · maturity 67% · 2 patterns · GitHub ↗
Practices
✓ Matrix✓ Permissions○ Security scan○ AI review✓ Cache✓ Concurrency○ Reusable workflows
Detected patterns
Security dimensions
Workflows (5)
bazel-build-crossbuild matrix .github/workflows/bazel-build-crossbuild.yml
View raw YAML
name: Bazel Crossbuild for TiDB/Lightning
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
master:
name: Bazel Crossbuild
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
- ubuntu-24.04-arm
steps:
- uses: actions/checkout@v6
- name: Build Prepare
uses: ./.github/actions/tidb_build
with:
bazelrc: ${{ secrets.BAZELRC }}
gcp_sa_key: ${{ secrets.GCP_SA_KEY }}
go-version: 1.25
- name: Run Build
shell: bash
run: |
#!/bin/bash
unset CI
system_name=$(uname -s)
if [ "$system_name" == "Darwin" ]; then
sed -i '' '/bazel-cache/d' DEPS.bzl
sed -i '' '/ats.apps.svc/d' DEPS.bzl
sed -i '' '/bazel-cache/d' WORKSPACE
sed -i '' '/ats.apps.svc/d' WORKSPACE
elif [ "$system_name" == "Linux" ]; then
sed -i '/bazel-cache/d' DEPS.bzl
sed -i '/ats.apps.svc/d' DEPS.bzl
sed -i '/bazel-cache/d' WORKSPACE
sed -i '/ats.apps.svc/d' WORKSPACE
fi
make bazel_bin
bazel-lint-crossbuild matrix .github/workflows/bazel-lint-crossbuild.yml
View raw YAML
name: Bazel Lint Crossbuild
on:
pull_request:
branches:
- master
jobs:
master:
name: Bazel Lint
runs-on: ${{ matrix.os }}-latest
strategy:
matrix:
os:
- macos
- ubuntu
steps:
- uses: actions/checkout@v6
- name: Build Prepare
uses: ./.github/actions/tidb_build
with:
bazelrc: ${{ secrets.BAZELRC }}
gcp_sa_key: ${{ secrets.GCP_SA_KEY }}
go-version: 1.25
- name: Run Bazel Lint
shell: bash
run: |
#!/bin/bash
unset CI
system_name=$(uname -s)
if [ "$system_name" == "Darwin" ]; then
sed -i '' '/bazel-cache/d' DEPS.bzl
sed -i '' '/ats.apps.svc/d' DEPS.bzl
sed -i '' '/bazel-cache/d' WORKSPACE
sed -i '' '/ats.apps.svc/d' WORKSPACE
elif [ "$system_name" == "Linux" ]; then
sed -i '/bazel-cache/d' DEPS.bzl
sed -i '/ats.apps.svc/d' DEPS.bzl
sed -i '/bazel-cache/d' WORKSPACE
sed -i '/ats.apps.svc/d' WORKSPACE
fi
make bazel_lint_changed
integration-test-compile-br matrix perms .github/workflows/integration-test-compile-br.yml
View raw YAML
name: BR & Lightning
on:
workflow_dispatch:
push:
branches:
- master
- "release-[0-9].[0-9]*"
paths:
- "br/**"
- "!**.html"
- "!**.md"
- "!CNAME"
- "!LICENSE"
- "!br/docs/**"
- "!br/tests/**"
- "!br/docker/**"
#change trigger policy
pull_request:
types:
- labeled # <--
branches:
- master
- "release-[0-9].[0-9]*"
paths:
- "br/**"
- "!**.html"
- "!**.md"
- "!CNAME"
- "!LICENSE"
- "!br/docs/**"
- "!br/tests/**"
- "!br/docker/**"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
compile:
if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
name: Compile for ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Run build
run: make build_tools
compile-freebsd:
if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch'
name: Compile for FreeBSD job
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Compile for FreeBSD
run: GOOS=freebsd make build_tools
integration-test-dumpling matrix perms .github/workflows/integration-test-dumpling.yml
View raw YAML
name: Dumpling
on:
workflow_dispatch:
inputs:
debug:
type: boolean
description: "Run the build with tmate debugging enabled"
required: false
default: false
push:
branches:
- master
- release-*
paths:
- "dumpling/**"
- "br/pkg/storage/**"
- "br/pkg/utils/**"
- "br/pkg/summary/**"
- 'br/pkg/version/**'
- "store/helper/**"
- "tablecodec/**"
- "util/codec/**"
- "parser/model/**"
pull_request:
branches:
- master
- release-*
paths:
- 'dumpling/**'
- 'br/pkg/storage/**'
- 'br/pkg/utils/**'
- 'br/pkg/summary/**'
- 'br/pkg/version/**'
- 'store/helper/**'
- 'tablecodec/**'
- 'util/codec/**'
- 'parser/model/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
integration-test:
strategy:
fail-fast: true
matrix:
mysql_version:
- 5.7.35 # Note that OpenSSL is upgraded from 1.1.1 to 3.0.x in 5.7.43
- 8.0.45
- 8.4.8
runs-on: ubuntu-latest
timeout-minutes: 15
services:
mysql:
image: mysql:${{ matrix.mysql_version }}
env:
MYSQL_ALLOW_EMPTY_PASSWORD: yes
ports:
- 3306:3306
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- name: "checkout repository"
uses: actions/checkout@v4
- name: "set up golang"
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: "try to use build cache"
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
~/Library/Caches/go-build
~\AppData\Local\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: "download binary dependencies"
run: sh dumpling/install.sh
- name: "build tidb"
run: make server
- name: "build lightning"
run: make build_lightning
- name: "integration test"
run: make dumpling_integration_test VERBOSE="true"
- name: "set up tmate session if necessary"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && github.event.inputs.debug }}
uses: mxschmitt/action-tmate@v3
update-bazel-files perms .github/workflows/update-bazel-files.yml
View raw YAML
name: Update Bazel Files
on:
pull_request_target:
branches:
- master
types:
- opened
- synchronize
- reopened
- ready_for_review
permissions:
contents: write
pull-requests: read
concurrency:
group: update-bazel-files-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
update:
name: Update Bazel Files
if: >
github.event.pull_request.head.repo.full_name == github.repository ||
github.event.pull_request.maintainer_can_modify
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
token: ${{ secrets.BAZEL_PREPARE_PUSH_TOKEN || github.token }}
- name: Build Prepare
uses: ./.github/actions/tidb_build
with:
bazelrc: ${{ secrets.BAZELRC }}
gcp_sa_key: ${{ secrets.GCP_SA_KEY }}
go-version: 1.25
- name: Run Bazel Prepare
shell: bash
run: |
#!/bin/bash
unset CI
sed -i '/bazel-cache/d' DEPS.bzl
sed -i '/ats.apps.svc/d' DEPS.bzl
sed -i '/bazel-cache/d' WORKSPACE
sed -i '/ats.apps.svc/d' WORKSPACE
make bazel_prepare
- name: Commit Bazel Files
uses: stefanzweifel/git-auto-commit-action@v5
with:
branch: ${{ github.event.pull_request.head.ref }}
commit_message: "chore: update bazel file"
disable_globbing: true
file_pattern: >-
DEPS.bzl
:(top,glob)**/*.bazel
:(top,glob)**/*.bzl