Skip to content

Improve CI and LuaRocks manual publishing workflows#14

Merged
HubertRonald merged 2 commits into
masterfrom
feature/improve-ci-luarocks-workflow
Jun 5, 2026
Merged

Improve CI and LuaRocks manual publishing workflows#14
HubertRonald merged 2 commits into
masterfrom
feature/improve-ci-luarocks-workflow

Conversation

@HubertRonald
Copy link
Copy Markdown
Owner

@HubertRonald HubertRonald commented Jun 5, 2026

Summary

This PR improves the GitHub Actions workflows for LuaSF by making CI more focused and LuaRocks publishing safer.

The main goal is to avoid accidental package publishing while keeping a clean manual workflow for validating and publishing LuaRocks releases.

What changed

CI workflow

Updated .github/workflows/ci.yml to:

  • Run manually through workflow_dispatch.
  • Run automatically on pull requests to master.
  • Use path filters so CI only runs when relevant files change.
  • Test LuaSF across multiple Lua versions.
  • Run the full test suite.
  • Run the example scripts.

The CI workflow now focuses on relevant project files such as:

  • src/**
  • spec/**
  • examples/**
  • LuaSF.lua
  • LuaStat.lua
  • *.rockspec
  • .github/workflows/ci.yml

This avoids triggering CI for unrelated documentation-only changes unless the workflow is manually executed.

LuaRocks publishing workflow

Updated .github/workflows/publish-luarocks.yml to keep publishing manual and protected.

The workflow now supports:

  • Manual execution through workflow_dispatch.
  • A configurable rockspec input.
  • A publish boolean input.
  • Validation-only mode by default.
  • Optional publishing only when publish = true.
  • Rockspec validation with luarocks lint.
  • Local package build with luarocks make.
  • Runtime checks for:
    • require("luasf")
    • require("LuaSF")
    • require("LuaStat")

Safety improvements

Publishing to LuaRocks is now protected by several safeguards:

  • The workflow does not run on push.
  • The workflow does not run on pull requests.
  • The workflow does not run automatically on tags or releases.
  • Publishing is disabled by default with publish = false.
  • Publishing only happens when manually enabled with publish = true.
  • The publish job uses the luarocks-production environment for an additional approval layer.
  • The LuaRocks API key remains protected through the LUAROCKS_API_KEY GitHub Actions secret.

Why this matters

LuaSF is now published on LuaRocks, so publishing must be handled carefully.

This PR ensures that normal development activity, documentation changes, or merges into master do not accidentally publish a new LuaRocks package.

How to validate

Run CI manually from GitHub Actions:

Actions -> CI -> Run workflow

Validate the LuaRocks package without publishing:

Actions -> Publish to LuaRocks -> Run workflow
rockspec: luasf-0.4.0-1.rockspec
publish: false

Publish only when intentionally needed:

Actions -> Publish to LuaRocks -> Run workflow
rockspec: luasf-0.4.0-1.rockspec
publish: true

When publish = true, GitHub should require approval through the luarocks-production environment before uploading to LuaRocks.

Notes

This PR only updates CI/CD and publishing workflows.

It does not change LuaSF library code, tests, examples, documentation, or public API behavior.

@HubertRonald HubertRonald merged commit 737a9e1 into master Jun 5, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HubertRonald