Refactor GitHub workflows for consistency and readability (#112)

Author: tamaro-skaljic

.github/workflows/codeql.yml

@@ -2,11 +2,15 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "main", "develop" ]
+    branches: ["main", "develop"]
   pull_request:
-    branches: [ "main", "develop" ]
+    branches: ["main", "develop"]
   schedule:
-    - cron: '21 17 * * 0'  # Weekly on Sundays at 17:21 UTC
+    - cron: "21 17 * * 0" # Weekly on Sundays at 17:21 UTC
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   analyze:
@@ -26,55 +30,55 @@ jobs:
       fail-fast: false
       matrix:
         include:
-        - language: rust
-          build-mode: none
+          - language: rust
+            build-mode: none
         # Add other languages if your repository contains them
         # - language: javascript-typescript
         #   build-mode: none
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    # Cache Rust dependencies to speed up builds
-    - name: Cache Rust dependencies
-      if: matrix.language == 'rust'
-      uses: actions/cache@v4
-      with:
-        path: |
-          ~/.cargo/bin/
-          ~/.cargo/registry/index/
-          ~/.cargo/registry/cache/
-          ~/.cargo/git/db/
-          target/
-        key: ${{ runner.os }}-cargo-codeql-${{ hashFiles('**/Cargo.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-cargo-codeql-
-          ${{ runner.os }}-cargo-
+      # Cache Rust dependencies to speed up builds
+      - name: Cache Rust dependencies
+        if: matrix.language == 'rust'
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-codeql-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-codeql-
+            ${{ runner.os }}-cargo-
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # For more details on CodeQL's query suites, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # For more details on CodeQL's query suites, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
 
-    # For Rust with build-mode: none, CodeQL handles the build automatically
-    - name: Install Rust toolchain
-      if: matrix.language == 'rust'
-      uses: actions-rust-lang/setup-rust-toolchain@v1
-      with:
-        toolchain: stable
-        target: wasm32-unknown-unknown
-        # Enable caching in the Rust toolchain setup
-        cache: true
+      # For Rust with build-mode: none, CodeQL handles the build automatically
+      - name: Install Rust toolchain
+        if: matrix.language == 'rust'
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+          target: wasm32-unknown-unknown
+          # Enable caching in the Rust toolchain setup
+          cache: true
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/release.yml

@@ -2,48 +2,63 @@ name: Release SpacetimeDSL
 
 on:
   push:
-    tags: [ 'v*' ]  # Trigger release only on version tags
+    tags: ["v*"] # Trigger release only on version tags
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   # Verify tests passed before release
   verify-tests:
-    name: Verify tests passed  
+    name: Verify tests passed
     runs-on: ubuntu-latest
     steps:
-    - name: Check latest workflow run
-      uses: actions/github-script@v7
-      with:
-        script: |
-          // Get the commit SHA for the tag
-          const tagRef = context.ref;
-          const tagSha = context.sha;
-          
-          console.log(`Checking tests for tag ${tagRef} (${tagSha})`);
-          
-          // Get recent workflow runs for the test workflow
-          const { data: workflows } = await github.rest.actions.listWorkflowRuns({
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            workflow_id: 'test.yml',
-            head_sha: tagSha,
-            per_page: 1
-          });
-          
-          if (workflows.total_count === 0) {
-            console.log('⚠️ No test workflow found for this commit');
-            console.log('This might be expected if this is the first run after adding the tag trigger');
-            return;
-          }
-          
-          const latestRun = workflows.workflow_runs[0];
-          console.log(`Latest test run: ${latestRun.status} (${latestRun.conclusion})`);
-          
-          if (latestRun.conclusion !== 'success') {
-            console.log('❌ Tests did not pass - release cannot proceed');
+      - name: Wait for test workflow to complete
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const tagRef = context.ref;
+            const tagSha = context.sha;
+            const pollIntervalMs = 30_000; // 30 seconds
+            const timeoutMs = 30 * 60_000; // 30 minutes
+
+            console.log(`Waiting for test workflow to pass for tag ${tagRef} (${tagSha})`);
+
+            const startTime = Date.now();
+
+            while (Date.now() - startTime < timeoutMs) {
+              const { data: workflows } = await github.rest.actions.listWorkflowRuns({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                workflow_id: 'test.yml',
+                head_sha: tagSha,
+                per_page: 1
+              });
+
+              if (workflows.total_count === 0) {
+                console.log('⏳ No test workflow run found yet, waiting...');
+              } else {
+                const run = workflows.workflow_runs[0];
+                console.log(`Test run status: ${run.status}, conclusion: ${run.conclusion}`);
+
+                if (run.status === 'completed') {
+                  if (run.conclusion === 'success') {
+                    console.log('✅ Tests passed - release can proceed');
+                    return;
+                  }
+                  console.log('❌ Tests did not pass - release cannot proceed');
+                  process.exit(1);
+                }
+
+                console.log('⏳ Test workflow still running, waiting...');
+              }
+
+              await new Promise(r => setTimeout(r, pollIntervalMs));
+            }
+
+            console.log('❌ Timed out waiting for test workflow to complete');
             process.exit(1);
-          }
-          
-          console.log('✅ Tests passed - release can proceed');
 
   # Release job - publishes to crates.io when version tags are pushed
   release:
@@ -53,85 +68,85 @@ jobs:
     # Use GitHub environment for enhanced security and manual approval if desired
     environment: release
     permissions:
-      id-token: write  # Required for OIDC token exchange with crates.io
-      contents: read   # Required to read repository contents
+      id-token: write # Required for OIDC token exchange with crates.io
+      contents: read # Required to read repository contents
 
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Extract version from tag
-      id: version
-      run: |
-        # Extract version from tag (e.g., refs/tags/v0.10.0 -> 0.10.0)
-        VERSION=${GITHUB_REF#refs/tags/v}
-        echo "version=$VERSION" >> $GITHUB_OUTPUT
-        echo "Extracted version: $VERSION"
-        echo "🏷️ Release triggered by tag: ${{ github.ref }}"
-
-    - name: Install Rust toolchain
-      uses: actions-rust-lang/setup-rust-toolchain@v1
-      with:
-        toolchain: stable
-
-    # Authenticate with crates.io using OIDC/Trusted Publishing
-    - name: Authenticate with crates.io
-      id: auth
-      uses: rust-lang/crates-io-auth-action@v1
-
-    - name: Validate crate publishing readiness
-      run: |
-        cargo check
-        cargo build
-
-    # Publish derive-input crate first (no dependencies)
-    - name: Publish spacetimedsl_derive-input to crates.io
-      run: |
-        echo "Publishing spacetimedsl_derive-input..."
-        cd derive-input
-        cargo publish
-        echo "✅ spacetimedsl_derive-input published successfully"
-        cd ..
-      env:
-        CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
-
-    # Verify derive-input crate is available before proceeding
-    - name: Verify spacetimedsl_derive-input availability
-      uses: ./.github/actions/verify-crate-availability
-      with:
-        crate-name: spacetimedsl_derive-input
-        version: ${{ steps.version.outputs.version }}
-
-    # Publish derive crate second (depends on derive-input)
-    - name: Publish spacetimedsl_derive to crates.io
-      run: |
-        echo "Publishing spacetimedsl_derive..."
-        cd derive
-        cargo publish
-        echo "✅ spacetimedsl_derive published successfully"
-        cd ..
-      env:
-        CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
-
-    # Verify derive crate is available before proceeding
-    - name: Verify spacetimedsl_derive availability
-      uses: ./.github/actions/verify-crate-availability
-      with:
-        crate-name: spacetimedsl_derive
-        version: ${{ steps.version.outputs.version }}
-
-    # Publish main crate last (depends on derive)
-    - name: Publish spacetimedsl to crates.io
-      run: |
-        echo "Publishing spacetimedsl (main crate)..."
-        cargo publish
-        echo "✅ All crates published successfully! 🎉"
-      env:
-        CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
-
-    # Final verification that main crate is available
-    - name: Verify spacetimedsl availability
-      uses: ./.github/actions/verify-crate-availability
-      with:
-        crate-name: spacetimedsl
-        version: ${{ steps.version.outputs.version }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Extract version from tag
+        id: version
+        run: |
+          # Extract version from tag (e.g., refs/tags/v0.10.0 -> 0.10.0)
+          VERSION=${GITHUB_REF#refs/tags/v}
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Extracted version: $VERSION"
+          echo "🏷️ Release triggered by tag: ${{ github.ref }}"
+
+      - name: Install Rust toolchain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+
+      # Authenticate with crates.io using OIDC/Trusted Publishing
+      - name: Authenticate with crates.io
+        id: auth
+        uses: rust-lang/crates-io-auth-action@v1
+
+      - name: Validate crate publishing readiness
+        run: |
+          cargo check
+          cargo build
+
+      # Publish derive-input crate first (no dependencies)
+      - name: Publish spacetimedsl_derive-input to crates.io
+        run: |
+          echo "Publishing spacetimedsl_derive-input..."
+          cd derive-input
+          cargo publish
+          echo "✅ spacetimedsl_derive-input published successfully"
+          cd ..
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+
+      # Verify derive-input crate is available before proceeding
+      - name: Verify spacetimedsl_derive-input availability
+        uses: ./.github/actions/verify-crate-availability
+        with:
+          crate-name: spacetimedsl_derive-input
+          version: ${{ steps.version.outputs.version }}
+
+      # Publish derive crate second (depends on derive-input)
+      - name: Publish spacetimedsl_derive to crates.io
+        run: |
+          echo "Publishing spacetimedsl_derive..."
+          cd derive
+          cargo publish
+          echo "✅ spacetimedsl_derive published successfully"
+          cd ..
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+
+      # Verify derive crate is available before proceeding
+      - name: Verify spacetimedsl_derive availability
+        uses: ./.github/actions/verify-crate-availability
+        with:
+          crate-name: spacetimedsl_derive
+          version: ${{ steps.version.outputs.version }}
+
+      # Publish main crate last (depends on derive)
+      - name: Publish spacetimedsl to crates.io
+        run: |
+          echo "Publishing spacetimedsl (main crate)..."
+          cargo publish
+          echo "✅ All crates published successfully! 🎉"
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+
+      # Final verification that main crate is available
+      - name: Verify spacetimedsl availability
+        uses: ./.github/actions/verify-crate-availability
+        with:
+          crate-name: spacetimedsl
+          version: ${{ steps.version.outputs.version }}