feat: Rust semver-checks workflow against base branch

.github/workflows/rs-semver-checks.yml

@@ -0,0 +1,145 @@
+name: Rust semver-checks
+
+on:
+  # Allow this workflow to be called by another workflow
+  workflow_call:
+    inputs:
+      baseline-rev:
+        description: "The base rev to compare against. Defaults to the PR's base branch."
+        type: string
+        required: false 
+      apt-dependencies:
+        description: "A list of space-separated apt dependencies to install before running."
+        type: string
+        default: ""
+        required: false
+    secrets:
+      GITHUB_PAT:
+        description: 'The github token for the user that will post comments.'
+        required: true
+
+env:
+  CARGO_TERM_COLOR: always
+  SCCACHE_GHA_ENABLED: "true"
+  RUSTC_WRAPPER: "sccache"
+
+jobs:
+  semver-checks:
+    name: Rust semver-checks 🦀
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_PAT }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: PR_BRANCH
+      - name: Checkout baseline
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.baseline-rev || github.event.pull_request.base.sha || github.event.merge_group.base.sha }}
+          path: BASELINE_BRANCH
+      - uses: mozilla-actions/[email protected]
+      - name: Install apt dependencies
+        if: ${{ inputs.apt-dependencies != '' }}
+        run: |
+          echo "Installing apt dependencies: $APT_DEPENDENCIES"
+          sudo apt-get install -y $APT_DEPENDENCIES
+        env:
+          APT_DEPENDENCIES: ${{ inputs.apt-dependencies }}
+      - name: Install stable toolchain
+        uses: dtolnay/rust-toolchain@stable
+      - name: Install cargo-semver-checks
+        run: cargo install cargo-semver-checks
+
+      # Run cargo-semver-checks against the PR's target branch.
+      - name: Check for public API changes
+        id: check-changes
+        run: |
+          # Don't fail the workflow when semver-checks returns a non-zero exit code.
+          set +e
+
+          cd PR_BRANCH
+          cargo semver-checks --color never --baseline-root ../BASELINE_BRANCH > diagnostic.txt
+          if [ "$?" -ne 0 ]; then
+            echo "breaking=true" >> $GITHUB_OUTPUT
+          else
+            echo "breaking=false" >> $GITHUB_OUTPUT
+          fi
+
+          {
+            echo 'semver_checks_diagnostic<<EOF'
+            cat diagnostic.txt
+            echo
+            echo EOF
+          } >> $GITHUB_OUTPUT
+
+      # Check if the PR title contains a breaking change flag,
+      # to change the feedback message.
+      - name: Check for breaking change flag
+        if: github.event_name == 'pull_request'
+        id: breaking-pr
+        run: |
+          if [[ "${PR_TITLE}" =~ ^.*\!:.*$ ]]; then
+            echo "breaking=true" >> $GITHUB_OUTPUT
+          else
+            echo "breaking=false" >> $GITHUB_OUTPUT
+          fi
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+
+      # Debug step
+      - run: |
+          echo "breaking: ${{ steps.check-changes.outputs.breaking }}"
+          echo "breaking-pr: ${{ steps.breaking-pr.outputs.breaking }}"
+
+      # Post a diagnostics comment if there are breaking changes and the PR has been marked as breaking.
+      - name: Post a comment about the breaking changes. PR marked as breaking.
+        if: ${{ github.event_name == 'pull_request' && steps.check-changes.outputs.breaking == 'true' && steps.breaking-pr.outputs.breaking == 'true' }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: rs-semver-checks
+          message: |
+            This PR contains breaking changes to the public Rust API.
+
+            <details>
+              <summary>cargo-semver-checks summary</summary>
+
+              ```
+              ${{ steps.check-changes.outputs.semver_checks_diagnostic }}
+              ```
+
+            </details>
+          GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
+
+      # Post a help comment if there are breaking changes, and the PR hasn't been marked as breaking.
+      - name: Post a comment about the breaking changes. PR *not* marked as breaking.
+        if: ${{ github.event_name == 'pull_request' && steps.check-changes.outputs.breaking == 'true' && steps.breaking-pr.outputs.breaking == 'false' }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: rs-semver-checks
+          message: |
+            This PR contains breaking changes to the public Rust API.
+            Please deprecate the old API instead (if possible), or mark the PR with a `!` to indicate a breaking change.
+
+            <details>
+              <summary>cargo-semver-checks summary</summary>
+
+              ```
+              ${{ steps.check-changes.outputs.semver_checks_diagnostic }}
+              ```
+
+            </details>
+          GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
+      - name: Fail if there are undeclared breaking changes
+        if: ${{ steps.check-changes.outputs.breaking == 'true' && steps.breaking-pr.outputs.breaking == 'false' }}
+        run: exit 1
+
+      # Delete previous comments when the issues have been resolved
+      # This step doesn't run if any of the previous checks fails.
+      - name: Delete previous comments
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: ${{ github.event_name == 'pull_request' && steps.check-changes.outputs.breaking == 'false' }}
+        with:
+          header: rs-semver-checks
+          delete: true
+          GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}

README.md

@@ -14,6 +14,11 @@ tokens](https://github.com/settings/personal-access-tokens/new) with the
 
 The following workflows are available:
 
+- [`drop-cache`](#drop-cache): Drops the cache for a branch when a pull request is closed.
+- [`pr-title`](#pr-title): Checks the title of pull requests to ensure they follow the conventional commits format.
+- [`rs-semver-checks`](#rs-semver-checks): Runs `cargo-semver-checks` on a PR against the base branch, and reports back if there are breaking changes.
+- [`add-to-project`](#add-to-project): Adds new issues to a GitHub project board when they are created.
+
 ### [`drop-cache`](https://github.com/CQCL/hugrverse-actions/blob/main/.github/workflows/drop-cache.yml)
 
 Drops the cache for a branch when a pull request is closed. This helps to avoid
@@ -70,6 +75,38 @@ The fine-grained `GITHUB_PAT` secret must include the following permissions:
 | --- | --- |
 | Pull requests | Read and write |
 
+### [`rs-semver-checks`](https://github.com/CQCL/hugrverse-actions/blob/main/.github/workflows/rs-semver-checks.yml)
+
+Runs `cargo-semver-checks` on a PR against the base branch, and reports back if
+there are breaking changes.
+Suggests adding a breaking change flag to the PR title if necessary. 
+
+#### Usage
+```yaml
+name: Rust Semver Checks
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+    rs-semver-checks:
+        uses: CQCL/hugrverse-actions/.github/workflows/rs-semver-checks.yml@main
+        secrets:
+            GITHUB_PAT: ${{ secrets.GITHUB_PAT }}
+```
+
+The workflow compares against the base branch of the PR by default. Use the `baseline-rev` input to specify a different base commit.
+
+#### Token Permissions
+
+The fine-grained `GITHUB_PAT` secret must include the following permissions:
+
+| Permission | Access |
+| --- | --- |
+| Pull requests | Read and write |
+
+
 ### [`add-to-project`](https://github.com/CQCL/hugrverse-actions/blob/main/.github/workflows/add-to-project.yml)
 
 Adds new issues to a GitHub project board when they are created.