SpacetimeDSL/.github/workflows/release.yml at main · tamaro-skaljic/SpacetimeDSL · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Release SpacetimeDSL

on:
  push:
    tags: ["v*"] # Trigger release only on version tags

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  # Verify tests passed before release
  verify-tests:
    name: Verify tests passed
    runs-on: ubuntu-latest
    steps:
      - name: Wait for test workflow to complete
        uses: actions/github-script@v7
        with:
          script: |
            const tagRef = context.ref;
            const tagSha = context.sha;
            const pollIntervalMs = 5_000; // 5 seconds
            const timeoutMs = 10 * 60_000; // 10 minutes

            console.log(`Waiting for test workflow to pass for tag ${tagRef} (${tagSha})`);

            const startTime = Date.now();

            while (Date.now() - startTime < timeoutMs) {
              const { data: workflows } = await github.rest.actions.listWorkflowRuns({
                owner: context.repo.owner,
                repo: context.repo.repo,
                workflow_id: 'test.yml',
                head_sha: tagSha,
                per_page: 1
              });

              if (workflows.total_count === 0) {
                console.log('⏳ No test workflow run found yet, waiting...');
              } else {
                const run = workflows.workflow_runs[0];
                console.log(`Test run status: ${run.status}, conclusion: ${run.conclusion}`);

                if (run.status === 'completed') {
                  if (run.conclusion === 'success') {
                    console.log('✅ Tests passed - release can proceed');
                    return;
                  }
                  console.log('❌ Tests did not pass - release cannot proceed');
                  process.exit(1);
                }

                console.log('⏳ Test workflow still running, waiting...');
              }

              await new Promise(r => setTimeout(r, pollIntervalMs));
            }

            console.log('❌ Timed out waiting for test workflow to complete');
            process.exit(1);

  # Release job - publishes to crates.io when version tags are pushed
  release:
    name: Release to crates.io
    runs-on: ubuntu-latest
    needs: verify-tests
    # Use GitHub environment for enhanced security and manual approval if desired
    environment: release
    permissions:
      id-token: write # Required for OIDC token exchange with crates.io
      contents: read # Required to read repository contents

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Extract version from tag
        id: version
        run: |
          # Extract version from tag (e.g., refs/tags/v0.10.0 -> 0.10.0)
          VERSION=${GITHUB_REF#refs/tags/v}
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "Extracted version: $VERSION"
          echo "🏷️ Release triggered by tag: ${{ github.ref }}"

      - name: Install Rust toolchain
        uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          toolchain: stable

      # Authenticate with crates.io using OIDC/Trusted Publishing
      - name: Authenticate with crates.io
        id: auth
        uses: rust-lang/crates-io-auth-action@v1

      - name: Validate crate publishing readiness
        run: |
          cargo check
          cargo build

      # Publish derive-input crate first (no dependencies)
      - name: Publish spacetimedsl_derive-input to crates.io
        run: |
          echo "Publishing spacetimedsl_derive-input..."
          cd derive-input
          cargo publish
          echo "✅ spacetimedsl_derive-input published successfully"
          cd ..
        env:
          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}

      # Verify derive-input crate is available before proceeding
      - name: Verify spacetimedsl_derive-input availability
        uses: ./.github/actions/verify-crate-availability
        with:
          crate-name: spacetimedsl_derive-input
          version: ${{ steps.version.outputs.version }}

      # Publish derive crate second (depends on derive-input)
      - name: Publish spacetimedsl_derive to crates.io
        run: |
          echo "Publishing spacetimedsl_derive..."
          cd derive
          cargo publish
          echo "✅ spacetimedsl_derive published successfully"
          cd ..
        env:
          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}

      # Verify derive crate is available before proceeding
      - name: Verify spacetimedsl_derive availability
        uses: ./.github/actions/verify-crate-availability
        with:
          crate-name: spacetimedsl_derive
          version: ${{ steps.version.outputs.version }}

      # Publish main crate last (depends on derive)
      - name: Publish spacetimedsl to crates.io
        run: |
          echo "Publishing spacetimedsl (main crate)..."
          cargo publish
          echo "✅ All crates published successfully! 🎉"
        env:
          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}

      # Final verification that main crate is available
      - name: Verify spacetimedsl availability
        uses: ./.github/actions/verify-crate-availability
        with:
          crate-name: spacetimedsl
          version: ${{ steps.version.outputs.version }}