From a4ad60dd6acb297ad12dd7e97a51c62db5932a3c Mon Sep 17 00:00:00 2001 From: Taiki Endo Date: Tue, 5 May 2026 22:36:13 +0900 Subject: [PATCH] ci: Use taiki-e/github-actions/.github/workflows/action-release.yml --- .github/.cspell/project-dictionary.txt | 2 - .github/workflows/ci.yml | 16 +- .github/workflows/manifest.yml | 2 +- .github/workflows/release.yml | 405 +------------------------ main.sh | 3 +- tools/ci/release-post-commit.sh | 82 +++++ tools/rustup-hash.sh | 2 +- 7 files changed, 100 insertions(+), 412 deletions(-) create mode 100755 tools/ci/release-post-commit.sh diff --git a/.github/.cspell/project-dictionary.txt b/.github/.cspell/project-dictionary.txt index 1246878d..e0c997bc 100644 --- a/.github/.cspell/project-dictionary.txt +++ b/.github/.cspell/project-dictionary.txt @@ -34,7 +34,6 @@ rdme rootfs sccache SHASUMS -shortstat sigstore startswith syft @@ -43,7 +42,6 @@ udeps USERPROFILE wasmtime watchexec -worktree xbuild xscale xwin diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58967267..4eb7f42b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,20 +32,20 @@ concurrency: jobs: miri: - uses: taiki-e/github-actions/.github/workflows/miri.yml@f6ed3145dbc8b13f5aab1cb5a7fb3f37634f8b54 # main + uses: taiki-e/github-actions/.github/workflows/miri.yml@4b7dd02e8c8bba1591c00f1442fc8cc29953d8f6 # main with: # NB: sync with test job's --exclude option args: --exclude install-action-internal-codegen msrv: - uses: taiki-e/github-actions/.github/workflows/msrv.yml@f6ed3145dbc8b13f5aab1cb5a7fb3f37634f8b54 # main + uses: taiki-e/github-actions/.github/workflows/msrv.yml@4b7dd02e8c8bba1591c00f1442fc8cc29953d8f6 # main test-manifest-schema: - uses: taiki-e/github-actions/.github/workflows/test.yml@f6ed3145dbc8b13f5aab1cb5a7fb3f37634f8b54 # main + uses: taiki-e/github-actions/.github/workflows/test.yml@4b7dd02e8c8bba1591c00f1442fc8cc29953d8f6 # main with: # NB: sync with miri job's --exclude option test-args: --exclude install-action-internal-codegen no-std: false tidy: - uses: taiki-e/github-actions/.github/workflows/tidy.yml@f6ed3145dbc8b13f5aab1cb5a7fb3f37634f8b54 # main + uses: taiki-e/github-actions/.github/workflows/tidy.yml@4b7dd02e8c8bba1591c00f1442fc8cc29953d8f6 # main permissions: contents: write # for creating branch for pr pull-requests: write # unused (used in `codegen-automerge: true` case) @@ -117,8 +117,6 @@ jobs: - uses: ./ with: tool: ${{ steps.tool-list.outputs.tool }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Test all shells listed in https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell - name: Test bash run: just --version && shfmt --version && protoc --version && rustc --version && cargo --version && rustup --version @@ -159,7 +157,7 @@ jobs: - run: env - uses: ./ with: - # NB: Update alias list in release.yml, case for aliases in main.sh, + # NB: Update alias list in tools/ci/release-post-commit.sh, case for aliases in main.sh, # and match for alias for tools/codegen/src/tools-markdown.rs. tool: | nextest @@ -167,8 +165,6 @@ jobs: typos-cli wasm-bindgen-cli wasmtime-cli - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test bash run: cargo-nextest nextest --version && taplo --version shell: bash @@ -319,8 +315,6 @@ jobs: - uses: ./ with: tool: ${{ steps.tool-list.outputs.tool }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test bash run: just --version && shfmt --version shell: bash diff --git a/.github/workflows/manifest.yml b/.github/workflows/manifest.yml index 3da0be15..2aca7b08 100644 --- a/.github/workflows/manifest.yml +++ b/.github/workflows/manifest.yml @@ -32,7 +32,7 @@ concurrency: jobs: manifest: - uses: taiki-e/github-actions/.github/workflows/gen.yml@f6ed3145dbc8b13f5aab1cb5a7fb3f37634f8b54 # main + uses: taiki-e/github-actions/.github/workflows/gen.yml@4b7dd02e8c8bba1591c00f1442fc8cc29953d8f6 # main permissions: contents: write # for creating branch for pr pull-requests: write # for gh pr review --approve diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 580056aa..6c025a98 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,408 +32,21 @@ concurrency: cancel-in-progress: false jobs: - prepare: - if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action' - runs-on: ubuntu-24.04 - timeout-minutes: 60 - steps: - - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 - with: - tool: parse-changelog - fallback: none - - id: check - run: | - IFS=$'\n\t' - trap -- 's=$?; printf >&2 "%s\n" "${0##*/}:${LINENO}: \`${BASH_COMMAND}\` exit with ${s}"; exit ${s}' ERR - retry() { - for i in {1..10}; do - if "$@"; then - return 0 - else - sleep "${i}" - fi - done - "$@" - } - bail() { - printf '::error::%s\n' "$*" - exit 1 - } - if { sed --help 2>&1 || true; } | grep -Eq -e '-i extension'; then - in_place=(-i '') - else - in_place=(-i) - fi - - # shellcheck disable=SC2153 - version="${VERSION}" - printf 'version(input): %s\n' "${version}" - # shellcheck disable=SC2153 - tag_prefix="${TAG_PREFIX}" - printf 'tag_prefix: %s\n' "${tag_prefix}" - # shellcheck disable=SC2153 - changelog="${CHANGELOG}" - printf 'changelog: %s\n' "${changelog}" - - # Get the current date. - release_date=$(date -u '+%Y-%m-%d') - printf 'release-date: %s\n' "${release_date}" - printf 'release-date=%s\n' "${release_date}" >>"${GITHUB_OUTPUT}" - - # Get the current revision. - rev=$(git rev-parse HEAD) - printf 'rev: %s\n' "${rev}" - printf 'rev=%s\n' "${rev}" >>"${GITHUB_OUTPUT}" - - prev_version=$(parse-changelog --title-no-link "${changelog}" | cut -d' ' -f1) - - # Determine the new version number and tag name. - case "${version}" in - major | minor | patch) - if [[ ! "${prev_version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - bail "pre-release/build-metadata" - fi - major="${prev_version%%.*}" - minor_patch="${prev_version#*.}" - minor="${minor_patch%%.*}" - patch="${minor_patch#*.}" - case "${version}" in - major) version="$((major+1)).0.0" ;; - minor) version="${major}.$((minor+1)).0" ;; - patch) version="${major}.${minor}.$((patch+1))" ;; - esac - ;; - *) version="${version#v}" ;; - esac - if [[ ! "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z\.-]+)?(\+[0-9A-Za-z\.-]+)?$ ]]; then - bail "invalid version format '${version}'" - fi - printf 'version: %s\n' "${version}" - printf 'version=%s\n' "${version}" >>"${GITHUB_OUTPUT}" - tag="${tag_prefix}${version}" - printf 'tag: %s\n' "${tag}" - printf 'tag=%s\n' "${tag}" >>"${GITHUB_OUTPUT}" - - # Make sure the same release has not been created in the past. - if gh release view "${tag}" &>/dev/null; then - bail "tag '${tag}' has already been created and pushed" - fi - # Make sure that the release was created from an allowed branch. - if ! git branch | grep -Eq '\* '"${BRANCH}"'$'; then - bail "current branch is not '${BRANCH}'" - fi - - changed_paths=() - retry git fetch origin --tags &>/dev/null - tags=$(git --no-pager tag | { grep -E "^${tag_prefix}[0-9]+" || true; }) - if [[ -n "${tags}" ]]; then - printf 'has-tags=true\n' >>"${GITHUB_OUTPUT}" - # Make sure the same release does not exist in changelog. - if grep -Eq "^## \\[${version//./\\.}\\]" "${changelog}"; then - bail "release ${version} already exist in ${changelog}" - fi - if grep -Eq "^\\[${version//./\\.}\\]: " "${changelog}"; then - bail "link to ${version} already exist in ${changelog}" - fi - - # Update changelog. - changed_paths+=("${changelog}") - remote_url=$(grep -E '^\[Unreleased\]: https://' "${changelog}" | sed -E 's/^\[Unreleased\]: //; s/\.\.\.HEAD$//') - prev_tag="${remote_url#*/compare/}" - remote_url="${remote_url%/compare/*}" - sed -E "${in_place[@]}" \ - -e "s/^## \\[Unreleased\\]/## [Unreleased]\\n\\n## [${version}] - ${release_date}/" \ - -e "s#^\[Unreleased\]: https://.*#[Unreleased]: ${remote_url}/compare/${tag}...HEAD\\n[${version}]: ${remote_url}/compare/${prev_tag}...${tag}#" "${changelog}" - if ! grep -Eq "^## \\[${version//./\\.}\\] - ${release_date}$" "${changelog}"; then - bail "failed to update ${changelog}" - fi - if ! grep -Eq "^\\[${version//./\\.}\\]: " "${changelog}"; then - bail "failed to update ${changelog}" - fi - else - # Make sure the release exists in changelog. - if ! grep -Eq "^## \\[${version//./\\.}\\] - ${release_date}$" "${changelog}"; then - bail "release ${version} does not exist in ${changelog} or has wrong release date" - fi - if ! grep -Eq "^\\[${version//./\\.}\\]: " "${changelog}"; then - bail "link to ${version} does not exist in ${changelog}" - fi - fi - # Make sure that a valid release note for this version exists. - # https://github.com/taiki-e/parse-changelog - changes=$(parse-changelog "${changelog}" "${version}") - if [[ -z "${changes}" ]]; then - bail "changelog for ${version} has no body" - fi - printf '============== CHANGELOG ==============\n' - printf '%s\n' "${changes}" - printf '=======================================\n' - - if [[ -n "${tags}" ]]; then - git -c color.ui=always diff "${changed_paths[@]}" - git add "${changed_paths[@]}" - fi - # Make sure that there is no unintended change. - git add -N . - git -c color.ui=always diff --exit-code - - ( - set -x - git show HEAD --shortstat - ) - env: - VERSION: ${{ inputs.version }} - TAG_PREFIX: v - CHANGELOG: CHANGELOG.md - BRANCH: main - outputs: - has-tags: ${{ steps.check.outputs.has-tags }} - release-date: ${{ steps.check.outputs.release-date }} - rev: ${{ steps.check.outputs.rev }} - tag: ${{ steps.check.outputs.tag }} - version: ${{ steps.check.outputs.version }} - release: if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action' - needs: prepare - runs-on: ubuntu-24.04 - timeout-minutes: 60 - environment: - name: release - deployment: false + uses: taiki-e/github-actions/.github/workflows/action-release.yml@4b7dd02e8c8bba1591c00f1442fc8cc29953d8f6 # main permissions: contents: write # for taiki-e/create-gh-release-action - steps: - - uses: taiki-e/checkout-action@7d1e50e93dc4fb3bba58f85018fadf77898aee8b # v1.4.2 - - uses: taiki-e/install-action@7ea35f098a7369cd23488403f58be9c491a6c55f # v2.77.0 - with: - tool: parse-changelog - fallback: none - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 - id: push-token - with: - client-id: ${{ secrets.PUSH_TOKEN_APP_CLIENT_ID }} - private-key: ${{ secrets.PUSH_TOKEN_APP_PRIVATE_KEY }} - - name: Create and push release commit and tag - id: push - run: | - IFS=$'\n\t' - trap -- 's=$?; printf >&2 "%s\n" "${0##*/}:${LINENO}: \`${BASH_COMMAND}\` exit with ${s}"; exit ${s}' ERR - retry() { - for i in {1..10}; do - if "$@"; then - return 0 - else - sleep "${i}" - fi - done - "$@" - } - bail() { - printf '::error::%s\n' "$*" - exit 1 - } - if { sed --help 2>&1 || true; } | grep -Eq -e '-i extension'; then - in_place=(-i '') - else - in_place=(-i) - fi - - git config user.name 'Taiki Endo' - git config user.email 'te316e89@gmail.com' - - # shellcheck disable=SC2153 - version="${VERSION}" - # shellcheck disable=SC2153 - tag="${TAG}" - # shellcheck disable=SC2153 - changelog="${CHANGELOG}" - # shellcheck disable=SC2153 - release_date="${RELEASE_DATE}" - - # Make sure the current revision is same as prepare step. - # --unshallow is necessary to successfully push the - # "releases/${major_version_tag}" branch in the subsequent step. - retry git fetch origin --unshallow &>/dev/null - rev=$(git rev-parse HEAD) - if [[ "${rev}" != "${PREPARE_REV}" ]]; then - bail "revision difference between prepare step" - fi - - # Make sure the same release has not been created in the past. - if gh release view "${tag}" &>/dev/null; then - bail "tag '${tag}' has already been created and pushed" - fi - # Make sure that the release was created from an allowed branch. - if ! git branch | grep -Eq '\* '"${BRANCH}"'$'; then - bail "current branch is not '${BRANCH}'" - fi - - changed_paths=() - if [[ "${HAS_TAGS}" == "true" ]]; then - # Update changelog. - changed_paths+=("${changelog}") - remote_url=$(grep -E '^\[Unreleased\]: https://' "${changelog}" | sed -E 's/^\[Unreleased\]: //; s/\.\.\.HEAD$//') - prev_tag="${remote_url#*/compare/}" - remote_url="${remote_url%/compare/*}" - sed -E "${in_place[@]}" \ - -e "s/^## \\[Unreleased\\]/## [Unreleased]\\n\\n## [${version}] - ${release_date}/" \ - -e "s#^\[Unreleased\]: https://.*#[Unreleased]: ${remote_url}/compare/${tag}...HEAD\\n[${version}]: ${remote_url}/compare/${prev_tag}...${tag}#" "${changelog}" - if ! grep -Eq "^## \\[${version//./\\.}\\] - ${release_date}$" "${changelog}"; then - bail "failed to update ${changelog}" - fi - if ! grep -Eq "^\\[${version//./\\.}\\]: " "${changelog}"; then - bail "failed to update ${changelog}" - fi - fi - changes=$(parse-changelog "${changelog}" "${version}") - printf '============== CHANGELOG ==============\n' - printf '%s\n' "${changes}" - printf '=======================================\n' - - if [[ "${HAS_TAGS}" == "true" ]]; then - # Create a release commit. - ( - set -x - git add "${changed_paths[@]}" - git commit -m "Release ${version}" - ) - fi - - major_version_tag="v${version%%.*}" - ( - set -x - git tag "${tag}" - git branch "releases/${major_version_tag}" - git tag -f "${major_version_tag}" - ) - refs=("refs/heads/${BRANCH}" "refs/tags/${tag}" "refs/heads/releases/${major_version_tag}" "+refs/tags/${major_version_tag}") - - tools=() - for tool in tools/codegen/base/*.json; do - tool="${tool##*/}" - tools+=("${tool%.*}") - done - # Aliases. - # NB: Update case for aliases in main.sh, tool input option in test-alias job - # in .github/workflows/ci.yml, and match for alias for tools/codegen/src/tools-markdown.rs. - tools+=( - nextest - taplo-cli - typos-cli - wasm-bindgen-cli - wasmtime-cli - ) - # Non-manifest-based tools. - tools+=(valgrind) - - branches=() - for tool in "${tools[@]}"; do - ( - set -x - git checkout -b "releases/${tool}" - sed -E "${in_place[@]}" action.yml \ - -e "s/required: true/required: false/g" \ - -e "s/# default: #publish:tool/default: ${tool}/g" - git add action.yml - git commit -m "${tool}" - git tag -f "${tool}" - git checkout refs/tags/"${tag}" - ) - refs+=("+refs/heads/releases/${tool}" "+refs/tags/${tool}") - branches+=("releases/${tool}") - done - - prev_credential_helper=$(git config get --local credential.helper || true) - if [[ -n "${prev_credential_helper}" ]]; then - printf 'credential helper is already set (%s)\n' "${prev_credential_helper}" - else - protocol="${GITHUB_SERVER_URL%%://*}" - hostname="${GITHUB_SERVER_URL#*://}" - ( - set -x - git config --local credential.helper cache - ) - git credential approve <&2 "%s\n" "${0##*/}:${LINENO}: \`${BASH_COMMAND}\` exit with ${s}"; exit ${s}' ERR +cd -- "$(dirname -- "$0")"/../.. + +tools=() +for tool in tools/codegen/base/*.json; do + tool="${tool##*/}" + tools+=("${tool%.*}") +done +# Aliases. +# NB: Update case for aliases in main.sh, tool input option in test-alias job +# in .github/workflows/ci.yml, and match for alias for tools/codegen/src/tools-markdown.rs. +tools+=( + nextest + taplo-cli + typos-cli + wasm-bindgen-cli + wasmtime-cli +) +# Non-manifest-based tools. +tools+=( + rust + valgrind +) + +for tool in "${tools[@]}"; do + ( + set -x + git checkout -b "releases/${tool}" + sed -Ei action.yml \ + -e "s/required: true/required: false/g" \ + -e "s/# default: #publish:tool/default: ${tool}/g" + git add action.yml + git commit -m "${tool}" + git tag -f "${tool}" + git checkout refs/tags/"${TAG}" + ) + refs+=("+refs/heads/releases/${tool}" "+refs/tags/${tool}") + branches+=("releases/${tool}") +done + +set -x + +# Copy manifests to tmp dir. +manifests=/tmp/manifests +rm -rf -- "${manifests}" +mkdir -p -- "${manifests}" +cp -- ./manifests/* "${manifests}" + +# Checkout manifest-schema branch +schema_version="$(grep -Eo "^version = \".*\" #publish:version" tools/manifest-schema/Cargo.toml)" +schema_version="$(cut -d\" -f2 <<<"${schema_version}")" +if [[ "${schema_version}" == '0.'* ]]; then + schema_version="0.$(cut -d. -f2 <<<"${schema_version}")" +else + schema_version="$(cut -d. -f1 <<<"${schema_version}")" +fi +schema_branch="manifest-schema-${schema_version}" + +if git fetch origin "${schema_branch}"; then + git checkout "origin/${schema_branch}" -B "${schema_branch}" +elif ! git checkout "${schema_branch}"; then + # New branch with no history. Credit: https://stackoverflow.com/a/13969482 + git checkout --orphan "${schema_branch}" + git rm -rf -- . || true + git commit -m 'Initial commit' --allow-empty +fi + +# Copy over schema +cp -- "${manifests}"/* ./ + +# Stage changes +git add . +# Detect changes, then commit and push if changes exist +if [[ "$(git status --porcelain=v1 | LC_ALL=C wc -l)" != "0" ]]; then + git commit -m 'Update manifest schema' +fi + +git checkout refs/tags/"${TAG}" diff --git a/tools/rustup-hash.sh b/tools/rustup-hash.sh index 78a4c91a..b122b620 100755 --- a/tools/rustup-hash.sh +++ b/tools/rustup-hash.sh @@ -17,7 +17,7 @@ targets=( powerpc64le-unknown-linux-gnu powerpc64le-unknown-linux-musl riscv64gc-unknown-linux-gnu - # riscv64gc-unknown-linux-musl # tier 2 without host tools + # riscv64gc-unknown-linux-musl # tier 2 without host tools: TODO: https://github.com/rust-lang/rust/issues/156191 s390x-unknown-linux-gnu # s390x-unknown-linux-musl # tier 3 x86_64-apple-darwin