updates and fixes

Author: ndbroadbent

.github/workflows/release.yml

@@ -191,3 +191,49 @@ jobs:
             artifacts/**/*.tar.gz
             artifacts/**/*.zip
             artifacts/**/*.sha256
+
+  docker_image:
+    name: Build and Push Docker Image
+    needs: release_create
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    env:
+      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Extract version
+        id: v
+        run: |
+          VERSION=$(grep -E '^version = ' Cargo.toml | head -1 | sed 's/version = "\(.*\)"/\1/')
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ env.DOCKERHUB_TOKEN }}
+
+      - name: Build and push multi-arch image
+        run: |
+          set -euo pipefail
+          VERSION="${{ steps.v.outputs.version }}"
+          echo "Building docspringcom/cigen:${VERSION} and :latest"
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            -f docker/cigen.Dockerfile \
+            --build-arg CIGEN_VERSION="${VERSION}" \
+            -t docspringcom/cigen:"${VERSION}" \
+            -t docspringcom/cigen:latest \
+            --push .

docker/cigen.Dockerfile

@@ -0,0 +1,23 @@
+FROM cimg/base:stable
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates curl jq bash git \
+ && rm -rf /var/lib/apt/lists/*
+
+ARG CIGEN_VERSION=0.0.0
+ARG TARGETARCH
+
+RUN set -e; \
+    case "$TARGETARCH" in \
+      "amd64") ARCH="amd64" ;; \
+      "arm64") ARCH="arm64" ;; \
+      *) echo "Unsupported arch: $TARGETARCH" >&2; exit 1 ;; \
+    esac; \
+    echo "Installing cigen v${CIGEN_VERSION} for ${ARCH}"; \
+    curl -fsSL -o /tmp/cigen.tar.gz \
+      "https://github.com/DocSpring/cigen/releases/download/v${CIGEN_VERSION}/cigen-linux-${ARCH}.tar.gz"; \
+    tar -xzf /tmp/cigen.tar.gz -C /usr/local/bin; \
+    chmod +x /usr/local/bin/cigen; \
+    rm -f /tmp/cigen.tar.gz
+
+ENTRYPOINT ["cigen"]

notes/dynamic_setup_redesign.md

@@ -0,0 +1,96 @@
+# Dynamic Setup Redesign (Two‑File CircleCI Architecture)
+
+This note summarizes the new direction for CIGen’s CircleCI dynamic setup, aligning with DocSpring’s production needs and replacing the previous per‑workflow split approach.
+
+## Goals
+
+- Use exactly two CircleCI configs:
+  - `.circleci/config.yml` — entrypoint. Contains:
+    - workflow `package_updates`: runs immediately when `pipeline.parameters.check_package_versions == true`.
+    - workflow `staging_postman_tests`: runs immediately when `pipeline.parameters.run_staging_postman_tests == true`.
+    - workflow `setup`: runs only when neither param is true; performs skip‑gating and posts a filtered continuation.
+  - `.circleci/main.yml` — CI/CD workflow (tests/build/deploy). Designed for dynamic skip.
+- No per‑job runtime skip on CircleCI when `dynamic=true`. Setup is the gate.
+- Skip gating in setup uses CircleCI’s cache save/restore only (no Redis).
+- Use a dedicated `docspringcom/cigen` runtime image (no Ruby dependency) for setup.
+- On CI, ensure `.circleci/config.yml` is up‑to‑date (self‑check), optionally auto‑commit+push and fail if drift is detected (opt‑in).
+
+## Behavior
+
+1. Immediate workflows (in `.circleci/config.yml`)
+
+- `package_updates` runs immediately if `check_package_versions` param is true.
+- `staging_postman_tests` runs immediately if `run_staging_postman_tests` param is true.
+- Otherwise, neither runs.
+
+2. Dynamic setup workflow (in `.circleci/config.yml`)
+
+- Image: `docspringcom/cigen:latest` (fallback curl installer for cigen until published).
+- Steps:
+  - `checkout`
+  - `cigen generate` → writes `.circleci/main.yml` (and re‑renders `.circleci/config.yml` for self‑check).
+  - Self‑check (opt‑in): verify current `.circleci/config.yml` matches what `cigen generate` would produce. If not:
+    - Optionally `git add && git commit && git push` (opt‑in), then fail the build to force a new run on the updated entrypoint.
+  - Skip analysis for `main` only:
+    - For each job+arch in `main` with `source_files`:
+      - Compute `JOB_HASH` in setup (same hashing logic as jobs).
+      - Write a variant job‑key: `/tmp/setup_keys/<job_arch>/job-key` (`${JOB_NAME}-${DOCKER_ARCH}-${JOB_HASH}`).
+      - `restore_cache` with key `job_status-exists-v1-{{ checksum "/tmp/setup_keys/<job_arch>/job-key" }}`
+      - If `/tmp/cigen_job_exists/done_${JOB_HASH}` exists, append `<job_arch>` to `/tmp/skip/main.txt`.
+      - Clear `/tmp/cigen_job_exists` before the next restore.
+  - `cigen generate --workflow main` with `CIGEN_SKIP_JOBS_FILE=/tmp/skip/main.txt` to prune jobs and transitive dependents; write filtered continuation.
+  - Continue with the filtered `.circleci/main.yml` via the Continuation API.
+
+3. Jobs (CircleCI with dynamic=true)
+
+- Do NOT inject per‑job runtime `restore_cache + halt`. Setup is the gate.
+- Still record an “exists” marker at end of job:
+  - touch `/tmp/cigen_job_exists/done_${JOB_HASH}`
+  - `save_cache` with key `job_status-exists-v1-{{ checksum "/tmp/cigen_job_status/job-key" }}`; paths `/tmp/cigen_job_exists`
+- Keep the job-status cache write if desired, but runtime halt is disabled for CircleCI dynamic.
+
+## CIGen Implementation Outline
+
+- Add `workflows_meta` (internal) to drive generation; but final shape is two files only:
+  - `config.yml` — contains param‑guarded `package_updates` and `staging_postman_tests`, and a synthesized `setup` workflow.
+  - `main.yml` — the CI/CD workflow.
+- Generator changes:
+  - Always emit `main.yml` for CircleCI dynamic.
+  - Synthesize `config.yml` with three workflows as above (no split files for package updates or staging).
+  - Disable per‑job runtime skip injection when `dynamic=true` and `provider=circleci`; still add exists‑cache save step at end of jobs with `source_files`.
+  - Add `CIGEN_SKIP_JOBS_FILE` support for `cigen generate --workflow main` to prune jobs and transitive dependents (already implemented).
+- Setup generation:
+  - Uses `docspring/cigen:latest`; fallback curl installer in case the image isn’t on the runner yet.
+  - Emits a deterministic loop of `restore_cache` probes (one per job variant in `main`) and collects a skip list.
+  - Emits a self‑check step (opt‑in) that regenerates `config.yml` and verifies drift.
+
+## Self‑Check (Opt‑In)
+
+- Config key (to be added):
+
+```yaml
+setup:
+  self_check:
+    enabled: true
+    commit_on_diff: true # optional: add+commit+push then fail
+```
+
+- If enabled, setup:
+  - Regenerates `.circleci/config.yml` into a temp path.
+  - If different from the existing entrypoint, optionally commit/push and fail the build.
+  - This ensures the dynamic entrypoint is always up‑to‑date.
+
+## Notes
+
+- This design avoids per‑job runtime halts in CircleCI and does all skip‑gating up front, matching DocSpring’s Ruby implementation goals.
+- “Immediate” workflows (package updates, staging postman) run right away via parameters; no hand‑off to setup.
+- Scheduled workflows are handled by setting the parameter on the schedule.
+- BASE_HASH/file hashing is anchored and cached at the file/content level and is millisecond‑fast.
+
+## Next Steps
+
+- Implement generation of combined `.circleci/config.yml` (package_updates + staging_postman_tests + setup) and `.circleci/main.yml` only.
+- Emit the skip‑probe loop in setup with static `restore_cache` steps per job variant in `main`.
+- Add setup self‑check (opt‑in) with optional auto‑commit+push.
+- Publish `docspring/cigen` and switch setup to use it without fallback.
+- Validate end‑to‑end on DocSpring: push branch, confirm pipeline behavior (immediate workflows via params, setup gating, minimal continuation).

src/commands/generate.rs

@@ -96,6 +96,19 @@ fn generate_from_jobs(
             anyhow::bail!("No jobs found for workflow '{}'", workflow_name);
         }
 
+        // Optional pruning via skip-jobs file (env var for setup use)
+        if let Ok(skip_file) = std::env::var("CIGEN_SKIP_JOBS_FILE")
+            && std::path::Path::new(&skip_file).exists()
+        {
+            let content = std::fs::read_to_string(&skip_file)?;
+            let mut skip: std::collections::HashSet<String> = content
+                .lines()
+                .map(|s| s.trim().to_string())
+                .filter(|s| !s.is_empty())
+                .collect();
+            prune_skipped_jobs(&mut workflow_jobs, &mut skip);
+        }
+
         // Apply package deduplication if any jobs have packages
         let has_packages = workflow_jobs.values().any(|job| job.packages.is_some());
         if has_packages {
@@ -241,11 +254,35 @@ fn generate_from_jobs(
             merged_workflow_configs.insert(workflow_name.clone(), merged);
         }
 
-        let has_setup = merged_workflow_configs
+        let mut has_setup = merged_workflow_configs
             .values()
             .any(|c| c.setup.unwrap_or(false));
 
-        if has_setup {
+        // If dynamic is enabled, force split outputs and synthesized setup
+        if loaded_config.config.dynamic.unwrap_or(false) {
+            has_setup = true;
+        }
+
+        if loaded_config.config.provider == "circleci"
+            && loaded_config.config.dynamic.unwrap_or(false)
+        {
+            // Generate combined two-file dynamic setup (config.yml + main.yml)
+            provider
+                .generate_all(
+                    &loaded_config.config,
+                    &workflows,
+                    &loaded_config.commands,
+                    &output_path,
+                )
+                .map_err(|e| {
+                    anyhow::anyhow!("Failed to generate dynamic CircleCI config: {}", e)
+                })?;
+
+            println!(
+                "✅ Generated CircleCI dynamic setup (config.yml + main.yml) to {}",
+                output_path.display()
+            );
+        } else if has_setup {
             // Split outputs with inferred filenames
             for (workflow_name, mut jobs_copy) in workflows.clone() {
                 if jobs_copy.values().any(|job| job.packages.is_some()) {
@@ -316,35 +353,44 @@ fn generate_from_jobs(
                 provider.name(),
                 output_path.display()
             );
-
-            // If dynamic mode is enabled but no explicit setup workflow exists, synthesize one
-            if loaded_config.config.dynamic.unwrap_or(false)
-                && !merged_workflow_configs.keys().any(|k| k == "setup")
-            {
-                println!("Generating synthesized setup workflow");
-                // Setup should go to provider default output path (config.yml) unless overridden
-                let setup_output = if let Some(setup_out) = &loaded_config.config.output_path {
-                    original_dir_path(Path::new(setup_out))
-                } else {
-                    original_dir_path(Path::new(provider.default_output_path()))
-                };
-                // Call provider-specific synthesized setup if available (only CircleCI for now)
-                // Provider-agnostic support: synthesize CircleCI setup when using CircleCI provider
-                if loaded_config.config.provider == "circleci" {
-                    cigen::providers::circleci::CircleCIProvider::new()
-                        .generator
-                        .generate_synthesized_setup(&loaded_config.config, &setup_output)
-                        .map_err(|e| {
-                            anyhow::anyhow!("Failed to generate synthesized setup: {}", e)
-                        })?;
-                }
-            }
         }
     }
 
     Ok(())
 }
 
+fn prune_skipped_jobs(
+    jobs: &mut HashMap<String, cigen::models::Job>,
+    skip: &mut std::collections::HashSet<String>,
+) {
+    // Remove explicitly skipped jobs
+    jobs.retain(|name, _| !skip.contains(name));
+
+    // Transitive pruning: drop jobs whose requires include missing jobs
+    loop {
+        let before = jobs.len();
+        let missing: std::collections::HashSet<String> = jobs
+            .iter()
+            .flat_map(|(name, job)| {
+                job.required_jobs()
+                    .into_iter()
+                    .filter(|r| !jobs.contains_key(r))
+                    .map(move |_| name.clone())
+            })
+            .collect();
+        if missing.is_empty() {
+            break;
+        }
+        for m in missing {
+            skip.insert(m.clone());
+            jobs.remove(&m);
+        }
+        if jobs.len() == before {
+            break;
+        }
+    }
+}
+
 fn generate_with_templates(
     outputs: &[cigen::models::OutputConfig],
     specific_output: Option<String>,

src/models/config.rs

@@ -75,8 +75,14 @@ pub struct Config {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub workflows: Option<HashMap<String, WorkflowConfig>>,
 
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub workflows_meta: Option<HashMap<String, WorkflowMeta>>,
+
     #[serde(skip_serializing_if = "Option::is_none")]
     pub checkout: Option<CheckoutSetting>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub setup_options: Option<SetupOptions>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -263,7 +269,9 @@ impl Default for Config {
             docker_build: None,
             package_managers: None,
             workflows: None,
+            workflows_meta: None,
             checkout: None,
+            setup_options: None,
         }
     }
 }
@@ -366,6 +374,37 @@ pub struct WorkflowConfig {
     pub checkout: Option<CheckoutSetting>,
 }
 
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct WorkflowMeta {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub continuation: Option<String>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub default: Option<bool>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub trigger_param: Option<String>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub scheduled: Option<bool>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SetupOptions {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub self_check: Option<SelfCheckOptions>,
+
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub runtime_image: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SelfCheckOptions {
+    pub enabled: bool,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub commit_on_diff: Option<bool>,
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct CheckoutConfig {
     #[serde(default = "default_shallow_checkout")]