diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 0000000..be1bfdc --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,3 @@ +self-hosted-runner: + labels: + - builder diff --git a/.github/release-please/config.json b/.github/release-please/config.json new file mode 100644 index 0000000..52958b7 --- /dev/null +++ b/.github/release-please/config.json @@ -0,0 +1,12 @@ +{ + "bootstrap-sha": "1126e01580c2b91674a6c016844e5b1b8c5b2b14", + "release-type": "simple", + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "packages": { + ".": { + "package-name": "registry", + "component": "registry" + } + } +} diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json new file mode 100644 index 0000000..e7ca613 --- /dev/null +++ b/.github/release-please/manifest.json @@ -0,0 +1,3 @@ +{ + ".": "0.7.0" +} diff --git a/.github/workflows/changelog_config.json b/.github/workflows/changelog_config.json deleted file mode 100644 index 9d01d64..0000000 --- a/.github/workflows/changelog_config.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "template": "${{CHANGELOG}}\n\n${{UNCATEGORIZED}}", - "pr_template": "- #${{NUMBER}} ${{TITLE}}", - "empty_template": "- no changes" -} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..b3374a5 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,35 @@ +name: lint + +on: + pull_request: + types: + - opened + - edited + - synchronize + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + pr: + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + reviewdog: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Lint actions + uses: reviewdog/action-actionlint@v1 + env: + SHELLCHECK_OPTS: "-e SC2086 -e SC2207 -e SC2128" + with: + reporter: github-pr-check + fail_on_error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 207d3a8..f9ab6b3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,162 +1,172 @@ -name: "publish-release" +name: "release" on: push: - tags: - - "v*" + branches: + - "main" + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" jobs: - npm-publish: - name: "Publish" - runs-on: builder - container: rust - defaults: - run: - shell: bash + release-please: + runs-on: ubuntu-latest + + outputs: + release-created: ${{ steps.release.outputs['release_created'] }} + tag-name: ${{ steps.release.outputs['tag_name'] }} + version: ${{ steps.release.outputs['version'] }} + pr: ${{ steps.release.outputs['pr'] }} steps: -### Setup - - name: Checkout repository + - name: Run release-please + id: release + uses: google-github-actions/release-please-action@v3 + with: + token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} + command: manifest + config-file: .github/release-please/config.json + manifest-file: .github/release-please/manifest.json + + - name: Show output from release-please + if: steps.release.outputs.releases_created + env: + RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }} + run: echo "${RELEASE_PLEASE_OUTPUT}" | jq + + bump-version: + if: needs.release-please.outputs.pr != null + runs-on: builder + needs: + - release-please + + permissions: + contents: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + ref: ${{ fromJson(needs.release-please.outputs.pr).headBranchName }} + + - name: Setup Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + + - name: Install cargo-edit + uses: baptiste0928/cargo-install@v1.3.0 + with: + crate: cargo-edit + + - name: Get version + id: version + run: | + version="$(jq -r '.[]' .github/release-please/manifest.json)" + echo "version=${version}" >> $GITHUB_OUTPUT + + - name: Set version in service + working-directory: service + run: cargo set-version ${{ steps.version.outputs.version }} + + - name: Set version in aqua + working-directory: aqua + run: npm version ${{ steps.version.outputs.version }} + + - name: Commit version bump + uses: stefanzweifel/git-auto-commit-action@v4 + with: + commit_message: "chore: Bump registry version to ${{ steps.version.outputs.version }}" + branch: ${{ fromJson(needs.release-please.outputs.pr).headBranchName }} + commit_user_name: fluencebot + commit_user_email: devops@fluence.one + commit_author: fluencebot + + registry: + runs-on: builder + + needs: release-please + if: needs.release-please.outputs.release-created + + permissions: + contents: write + id-token: write + + steps: + - name: Checkout uses: actions/checkout@v3 - - name: Set env - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + - name: Import secrets + uses: hashicorp/vault-action@v2.4.3 + with: + url: https://vault.fluence.dev + path: jwt/github + role: ci + method: jwt + jwtGithubAudience: "https://github.com/fluencelabs" + jwtTtl: 300 + exportToken: false + secrets: | + kv/npmjs/fluencebot token | NODE_AUTH_TOKEN - - name: "Install marine" - uses: baptiste0928/cargo-install@v1 + - name: Setup Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + + - name: Install Marine + uses: baptiste0928/cargo-install@v1.3.0 with: crate: marine - - uses: actions/setup-java@v3 - with: - distribution: 'adopt' - java-version: '11' - - - name: Cache npm - uses: actions/cache@v3 - with: - path: ~/.npm - key: ${{ runner.os }}-node-v03-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node-v03- - - - uses: actions/setup-node@v3 - with: - node-version: "15" - registry-url: "https://registry.npmjs.org" - - - name: Cache cargo - uses: actions/cache@v3 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - ~/.cargo/bin - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - - name: Install Rust - working-directory: ./service - run: | - rustup toolchain install nightly-2022-09-01-x86_64-unknown-linux-gnu - rustup default nightly-2022-09-01-x86_64-unknown-linux-gnu - rustup override set nightly-2022-09-01-x86_64-unknown-linux-gnu - rustup target add wasm32-wasi --toolchain nightly-2022-09-01-x86_64-unknown-linux-gnu - -### Build - - name: Build registry.wasm - working-directory: ./service + - name: Build service run: ./build.sh + working-directory: service - - name: Check Aqua compiles - working-directory: ./aqua - run: | - npm i - npm run build + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: "16" + registry-url: "https://registry.npmjs.org" + cache-dependency-path: "aqua/package-lock.json" + cache: "npm" + + - run: npm i + working-directory: aqua + + - run: npm run build + working-directory: aqua + + - name: Publish to NPM registry + run: npm publish --access public + working-directory: aqua - name: Create builtin distribution package - run: | - ./builtin-package/package.sh - - - name: Build Changelog - id: changelog - uses: mikepenz/release-changelog-builder-action@v3 - with: - configuration: ".github/workflows/changelog_config.json" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -## Publish - - name: Release - id: release - uses: softprops/action-gh-release@v1 - with: - name: registry ${{ env.RELEASE_VERSION }} - tag_name: ${{ env.RELEASE_VERSION }} - files: | - registry.tar.gz - body: ${{steps.changelog.outputs.changelog}} - draft: false - prerelease: false - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - ### Publish Aqua API - - name: Publish Aqua API - run: | - npm version ${{ env.RELEASE_VERSION }} --allow-same-version - npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - working-directory: ./aqua - -## Update node-distro repo - - name: Get tar.gz URL - id: package-url - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - result-encoding: string - script: | - try { - let assets = await github.repos.listReleaseAssets({ - owner: context.repo.owner, - repo: context.repo.repo, - release_id: "${{ steps.release.outputs.id }}", - }); - console.dir(assets); - let package = assets.data.find((a) => a.name === 'registry.tar.gz'); - let url = package.browser_download_url; - console.log("URL: " + url); - return url; - } catch (e) { - console.log("Err: " + e); - throw e; - } + run: ./builtin-package/package.sh - name: Calculate SHA256 + id: sha run: | + # Calculate sha256 du -hs registry.tar.gz - echo $(sha256sum registry.tar.gz) - echo "SHA256=$(sha256sum registry.tar.gz | awk '{ print $1 }')" >> $GITHUB_ENV + sha256sum registry.tar.gz + sha=($(sha256sum registry.tar.gz)) + echo "sha256=${sha}" >> $GITHUB_OUTPUT + + - name: Upload registry package + if: needs.release-please.outputs.release-created + uses: softprops/action-gh-release@v1 + with: + files: registry.tar.gz + tag_name: ${{ needs.release-please.outputs.tag-name }} - name: Update version in node-distro repo + if: needs.release-please.outputs.release-created uses: benc-uk/workflow-dispatch@v1 with: workflow: update_service repo: fluencelabs/node-distro - ref: 'main' + ref: "main" token: ${{ secrets.PERSONAL_TOKEN }} inputs: '{ "name": "registry", - "version": "${{ env.RELEASE_VERSION }}", - "url": "${{ steps.package-url.outputs.result }}", - "sha256": "${{ env.SHA256 }}" + "version": "${{ needs.release-please.outputs.version }}", + "url": "https://github.com/fluencelabs/registry/releases/download/${{ needs.release-please.outputs.tag-name }}/registry.tar.gz", + "sha256": "${{ steps.sha.outputs.sha256 }}" }' - - - name: Log notice - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - console.dir(core); - core.info("registry was updated to ${{ env.RELEASE_VERSION }} in node-distro repo"); diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml deleted file mode 100644 index 4f8420d..0000000 --- a/.github/workflows/tag.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: "tag" - -on: - workflow_dispatch: - -jobs: - tag: - name: "Tag" - runs-on: "ubuntu-latest" - - steps: - - uses: actions/checkout@v3 - - name: Bump version and push tag - id: tag_version - uses: mathieudutour/github-tag-action@v6.1 - with: - github_token: ${{ secrets.PERSONAL_TOKEN }} diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index 833ef87..0000000 --- a/package-lock.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "name": "registry", - "lockfileVersion": 2, - "requires": true, - "packages": {} -}