diff --git a/.github/workflows/bazel.ci.yml b/.github/workflows/bazel.ci.yml deleted file mode 100644 index 4754c9b5..00000000 --- a/.github/workflows/bazel.ci.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -name: Bazel CI - -# Controls when the action will run. -"on": - push: - branches: [main] - pull_request: - branches: [main] - workflow_dispatch: {} - -permissions: - contents: read - -concurrency: - # Cancel previous actions from the same PR: https://stackoverflow.com/a/72408109 - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - test: - uses: bazel-contrib/.github/.github/workflows/bazel.yaml@29e53247c6366e30acbedfc767f58f79fc05836c - with: - folders: | - [ - "." - ] - exclude_windows: true - exclude: | - [ - {"bazelversion": "5.4.0", "bzlmodEnabled": true}, - {"bazelversion": "5.4.0", "bzlmodEnabled": false}, - {"bazelversion": "5.4.0", "os": "macos-latest"}, - ] diff --git a/.github/workflows/check.buildifier.yml b/.github/workflows/buildifier.yaml similarity index 95% rename from .github/workflows/check.buildifier.yml rename to .github/workflows/buildifier.yaml index 0a2acb37..da91c271 100644 --- a/.github/workflows/check.buildifier.yml +++ b/.github/workflows/buildifier.yaml @@ -1,8 +1,7 @@ ---- name: Buildifier # Controls when the action will run. -"on": +on: # Triggers the workflow on push or pull request events but only for the main branch push: branches: [main] @@ -24,10 +23,6 @@ name: Buildifier # Allows you to run this workflow manually from the Actions tab workflow_dispatch: - -permissions: - contents: read - jobs: check: runs-on: ubuntu-latest diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..1f99b916 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,33 @@ +name: CI + +# Controls when the action will run. +on: + # Triggers the workflow on push or pull request events but only for the main branch + push: + branches: [main] + pull_request: + branches: [main] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +concurrency: + # Cancel previous actions from the same PR or branch except 'main' branch. + # See https://docs.github.com/en/actions/using-jobs/using-concurrency and https://docs.github.com/en/actions/learn-github-actions/contexts for more info. + group: concurrency-group::${{ github.workflow }}::${{ github.event.pull_request.number > 0 && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}${{ github.ref_name == 'main' && format('::{0}', github.run_id) || ''}} + cancel-in-progress: ${{ github.ref_name != 'main' }} + +jobs: + test: + uses: bazel-contrib/.github/.github/workflows/bazel.yaml@29e53247c6366e30acbedfc767f58f79fc05836c + with: + folders: | + [ + ".", + ] + exclude_windows: true + exclude: | + [ + {"bazelversion": "5.4.0", "bzlmodEnabled": true}, + {"bazelversion": "5.4.0", "bzlmodEnabled": false}, + {"bazelversion": "5.4.0", "os": "macos-latest"}, + ] diff --git a/.github/workflows/on.release.yml b/.github/workflows/on.release.yml deleted file mode 100644 index af4e481e..00000000 --- a/.github/workflows/on.release.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: Release - -"on": - push: - tags: - - "v*.*.*" - - workflow_dispatch: - inputs: - prerelease: - description: Pre-release - type: boolean - default: false - artifact: - description: Artifact - type: string - default: "rules_graalvm" - dry: - description: Dry-run - type: boolean - default: false - -permissions: - contents: read - -jobs: - release: - name: "Release: BCR" - uses: bazel-contrib/.github/.github/workflows/release_ruleset.yaml@v2 - with: - release_files: rules_graalvm-*.* diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 00000000..37d52526 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,35 @@ +# Publish new releases to Bazel Central Registry. +name: Publish to BCR +on: + # Run the publish workflow after a successful release + # Will be triggered from the release.yaml workflow + workflow_call: + inputs: + tag_name: + required: true + type: string + secrets: + publish_token: + required: true + # In case of problems, let release engineers retry by manually dispatching + # the workflow from the GitHub UI + workflow_dispatch: + inputs: + tag_name: + description: git tag being released + required: true + type: string +jobs: + publish: + uses: bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml@v0.1.0 + with: + tag_name: ${{ inputs.tag_name }} + # GitHub repository which is a fork of the upstream where the Pull Request will be opened. + registry_fork: sgammon/bazel-central-registry + permissions: + attestations: write + contents: write + id-token: write + secrets: + # Necessary to push to the BCR fork, and to open a pull request against a registry + publish_token: ${{ secrets.publish_token || secrets.BCR_PUBLISH_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..d5a29d28 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,34 @@ +# Cut a release whenever a new tag is pushed to the repo. +name: Release +on: + # Can be triggered from the tag.yaml workflow + workflow_call: + inputs: + tag_name: + required: true + type: string + secrets: + publish_token: + required: true + # Or, developers can manually push a tag from their clone + push: + tags: + - "v*.*.*" +permissions: + id-token: write + attestations: write + contents: write +jobs: + release: + uses: bazel-contrib/.github/.github/workflows/release_ruleset.yaml@v7.2.2 + with: + release_files: rules_graalvm-*.tar.gz + prerelease: false + tag_name: ${{ github.ref_name }} + publish: + needs: release + uses: ./.github/workflows/publish.yaml + with: + tag_name: ${{ github.ref_name }} + secrets: + publish_token: ${{ secrets.publish_token || secrets.BCR_PUBLISH_TOKEN }} diff --git a/.github/workflows/release_prep.sh b/.github/workflows/release_prep.sh old mode 100755 new mode 100644 index ff837609..83fe3db2 --- a/.github/workflows/release_prep.sh +++ b/.github/workflows/release_prep.sh @@ -2,12 +2,16 @@ set -o errexit -o nounset -o pipefail -# Set by GH actions, see -# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables -TAG=${GITHUB_REF_NAME} +# Argument provided by reusable workflow caller, see +# https://github.com/bazel-contrib/.github/blob/d197a6427c5435ac22e56e33340dff912bc9334e/.github/workflows/release_ruleset.yaml#L72 +TAG=$1 # The prefix is chosen to match what GitHub generates for source archives +# This guarantees that users can easily switch from a released artifact to a source archive +# with minimal differences in their code (e.g. strip_prefix remains the same) PREFIX="rules_graalvm-${TAG:1}" -ARCHIVE="rules_graalvm-$TAG.tgz" +ARCHIVE="rules_graalvm-$TAG.tar.gz" + +# NB: configuration for 'git archive' is in /.gitattributes git archive --format=tar --prefix=${PREFIX}/ ${TAG} | gzip > $ARCHIVE SHA=$(shasum -a 256 $ARCHIVE | awk '{print $1}') @@ -16,9 +20,9 @@ cat << EOF See the project repository for documentation. -## Using Bzlmod with Bazel 6+ +## Using Bzlmod with Bazel 6 or greater -1. Enable with \`common --enable_bzlmod\` in \`.bazelrc\`. +1. (Bazel 6 only) Enable with \`common --enable_bzlmod\` in \`.bazelrc\`. 2. Add to your \`MODULE.bazel\` file: \`\`\`starlark @@ -40,4 +44,4 @@ http_archive( EOF awk 'f;/--SNIP--/{f=1}' example/integration_tests/bzlmod/WORKSPACE.bazel -echo "\`\`\`" +echo "\`\`\`" diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml new file mode 100644 index 00000000..85fe2ef5 --- /dev/null +++ b/.github/workflows/tag.yaml @@ -0,0 +1,44 @@ +# Tag a new release using https://github.com/marketplace/actions/conventional-commits-versioner-action +# +# This is easier than having to run manual `git` operations on a local clone. +# It also runs on a schedule so we don't leave commits unreleased indefinitely +# (avoiding users having to ping "hey could someone cut a release"). + +name: Tag a Release +on: + # Allow devs to tag manually through the GitHub UI. + # For example after landing a fix that customers are waiting for. + workflow_dispatch: + # Run twice a month, on the 1rst and 15th at 3PM UTC (8AM PST) + # This is a trade-off between making too many releases, + # which overwhelms BCR maintainers and over-notifies users, + # and releasing too infrequently which delays delivery of bugfixes and features. + schedule: + - cron: "0 15 1,15 * *" +jobs: + tag: + permissions: + contents: write # allow create tag + runs-on: ubuntu-latest + outputs: + new-tag: ${{ steps.ccv.outputs.new-tag }} + new-tag-version: ${{steps.ccv.outputs.new-tag-version}} + new-tag-version-type: ${{steps.ccv.outputs.new-tag-version-type}} + steps: + - uses: actions/checkout@v4 + with: + # Need enough history to find the prior release tag + fetch-depth: 0 + - name: Bump tag if necessary + id: ccv + uses: smlx/ccv@7318e2f25a52dcd550e75384b84983973251a1f8 # v0.10.0 + release: + needs: tag + uses: ./.github/workflows/release.yml + with: + tag_name: ${{ needs.tag.outputs.new-tag-version }} + secrets: + publish_token: ${{ secrets.BCR_PUBLISH_TOKEN }} + if: needs.tag.outputs.new-tag == 'true' && needs.tag.outputs.new-tag-version-type != 'major' + permissions: + contents: write # allow create release