diff --git a/.github/workflows/evict_caches.yml b/.github/workflows/evict_caches.yaml similarity index 98% rename from .github/workflows/evict_caches.yml rename to .github/workflows/evict_caches.yaml index 855dc95..da4a93f 100644 --- a/.github/workflows/evict_caches.yml +++ b/.github/workflows/evict_caches.yaml @@ -89,7 +89,7 @@ jobs: echo Latest commit: $sha echo "Trigger workflow on cue-lang/libcue" - curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/libcue/actions/workflows/trybot.yml/dispatches -d "{\"ref\":\"$j\"}" + curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/libcue/actions/workflows/trybot.yaml/dispatches -d "{\"ref\":\"$j\"}" # Ensure that the trybot repo has the latest commit for # this branch. If the force-push results in a commit @@ -121,7 +121,7 @@ jobs: # We are up-to-date, i.e. the push did nothing, hence we need to trigger a workflow_dispatch # in the trybot repo. echo "Trigger workflow on cue-lang/libcue-trybot" - curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/libcue-trybot/actions/workflows/trybot.yml/dispatches -d "{\"ref\":\"$j\"}" + curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/libcue-trybot/actions/workflows/trybot.yaml/dispatches -d "{\"ref\":\"$j\"}" else echo "Force-push to cue-lang/libcue-trybot did work; nothing to do" fi diff --git a/.github/workflows/push_tip_to_trybot.yml b/.github/workflows/push_tip_to_trybot.yaml similarity index 100% rename from .github/workflows/push_tip_to_trybot.yml rename to .github/workflows/push_tip_to_trybot.yaml diff --git a/.github/workflows/trybot.yml b/.github/workflows/trybot.yaml similarity index 66% rename from .github/workflows/trybot.yml rename to .github/workflows/trybot.yaml index 0ed9d5c..3941c7b 100644 --- a/.github/workflows/trybot.yml +++ b/.github/workflows/trybot.yaml @@ -57,7 +57,13 @@ jobs: uses: actions/setup-go@v5 with: cache: false - go-version: 1.21.x + go-version: 1.23.x + - name: Set common go env vars + run: |- + go env -w GOTOOLCHAIN=local + + # Dump env for good measure + go env - id: go-mod-cache-dir name: Get go mod cache directory run: echo "dir=$(go env GOMODCACHE)" >> ${GITHUB_OUTPUT} @@ -72,8 +78,8 @@ jobs: path: |- ${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download ${{ steps.go-cache-dir.outputs.dir }} - key: ${{ runner.os }}-1.21.x-${{ github.run_id }} - restore-keys: ${{ runner.os }}-1.21.x + key: ${{ runner.os }}-1.23.x-${{ github.run_id }} + restore-keys: ${{ runner.os }}-1.23.x - if: |- ! (((github.ref == 'refs/heads/main') && (! (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test')) @@ -82,50 +88,14 @@ jobs: path: |- ${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download ${{ steps.go-cache-dir.outputs.dir }} - key: ${{ runner.os }}-1.21.x-${{ github.run_id }} - restore-keys: ${{ runner.os }}-1.21.x + key: ${{ runner.os }}-1.23.x-${{ github.run_id }} + restore-keys: ${{ runner.os }}-1.23.x - if: |- github.repository == 'cue-lang/libcue' && (((github.ref == 'refs/heads/main') && (! (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"')))) || github.ref == 'refs/heads/ci/test') run: go clean -testcache - name: Early git and code sanity checks - run: |- - # Ensure that commit messages have a blank second line. - # We know that a commit message must be longer than a single - # line because each commit must be signed-off. - if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then - echo "second line of commit message must be blank" - exit 1 - fi - - # All authors, including co-authors, must have a signed-off trailer by email. - # Note that trailers are in the form "Name ", so grab the email with sed. - # For now, we require the sorted lists of author and signer emails to match. - # Note that this also fails if a commit isn't signed-off at all. - # - # In Gerrit we already enable a form of this via https://gerrit-review.googlesource.com/Documentation/project-configuration.html#require-signed-off-by, - # but it does not support co-authors nor can it be used when testing GitHub PRs. - commit_authors="$( - { - git log -1 --pretty='%ae' - git log -1 --pretty='%(trailers:key=Co-authored-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - commit_signers="$( - { - git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - if [[ "${commit_authors}" != "${commit_signers}" ]]; then - echo "Error: commit author email addresses do not match signed-off-by trailers" - echo - echo "Authors:" - echo "${commit_authors}" - echo - echo "Signers:" - echo "${commit_signers}" - exit 1 - fi + run: go run cuelang.org/go/internal/ci/checks@v0.11.0-0.dev.0.20240903133435-46fb300df650 - name: Generate run: go generate ./... - name: Test diff --git a/.github/workflows/trybot_dispatch.yml b/.github/workflows/trybot_dispatch.yaml similarity index 100% rename from .github/workflows/trybot_dispatch.yml rename to .github/workflows/trybot_dispatch.yaml diff --git a/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue b/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue index bc2990c..f20b5e2 100644 --- a/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue +++ b/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue @@ -3,7 +3,8 @@ package json import "strings" #Workflow: { - @jsonschema(schema="http://json-schema.org/draft-07/schema") + @jsonschema(schema="http://json-schema.org/draft-07/schema#") + @jsonschema(id="https://json.schemastore.org/github-workflow.json") // The name of your workflow. GitHub displays the names of your // workflows on your repository's actions page. If you omit this @@ -17,31 +18,37 @@ import "strings" // files, tags, or branch changes. For a list of available // events, see // https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows. - on: #event | [...#event] & [_, ...] | { + on!: #event | [...#event] & [_, ...] | { // Runs your workflow anytime the branch_protection_rule event // occurs. More than one activity type triggers this event. - branch_protection_rule?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] + branch_protection_rule?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "edited" | "deleted"] | { + ... + }) | *["created", "edited", "deleted"] ... - } + }) // Runs your workflow anytime the check_run event occurs. More // than one activity type triggers this event. For information // about the REST API, see // https://developer.github.com/v3/checks/runs. - check_run?: #eventObject & { - types?: #types & [..."created" | "rerequested" | "completed" | "requested_action"] | *["created", "rerequested", "completed", "requested_action"] + check_run?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "rerequested" | "completed" | "requested_action"] | { + ... + }) | *["created", "rerequested", "completed", "requested_action"] ... - } + }) // Runs your workflow anytime the check_suite event occurs. More // than one activity type triggers this event. For information // about the REST API, see // https://developer.github.com/v3/checks/suites/. - check_suite?: #eventObject & { - types?: #types & [..."completed" | "requested" | "rerequested"] | *["completed", "requested", "rerequested"] + check_suite?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."completed" | "requested" | "rerequested"] | { + ... + }) | *["completed", "requested", "rerequested"] ... - } + }) // Runs your workflow anytime someone creates a branch or tag, // which triggers the create event. For information about the @@ -73,19 +80,23 @@ import "strings" // than one activity type triggers this event. For information // about the GraphQL API, see // https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions - discussion?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "category_changed" | "answered" | "unanswered"] | *["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] + discussion?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "category_changed" | "answered" | "unanswered"] | { + ... + }) | *["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] ... - } + }) // Runs your workflow anytime the discussion_comment event occurs. // More than one activity type triggers this event. For // information about the GraphQL API, see // https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions - discussion_comment?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] + discussion_comment?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "edited" | "deleted"] | { + ... + }) | *["created", "edited", "deleted"] ... - } + }) // Runs your workflow anytime when someone forks a repository, // which triggers the fork event. For information about the REST @@ -101,55 +112,56 @@ import "strings" // than one activity type triggers this event. For information // about the REST API, see // https://developer.github.com/v3/issues/comments/. - issue_comment?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] + issue_comment?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "edited" | "deleted"] | { + ... + }) | *["created", "edited", "deleted"] ... - } + }) // Runs your workflow anytime the issues event occurs. More than // one activity type triggers this event. For information about // the REST API, see https://developer.github.com/v3/issues. - issues?: #eventObject & { - types?: #types & [..."opened" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "closed" | "reopened" | "assigned" | "unassigned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "milestoned" | "demilestoned"] | *["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] + issues?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."opened" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "closed" | "reopened" | "assigned" | "unassigned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "milestoned" | "demilestoned"] | { + ... + }) | *["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] ... - } + }) // Runs your workflow anytime the label event occurs. More than // one activity type triggers this event. For information about // the REST API, see // https://developer.github.com/v3/issues/labels/. - label?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] - ... - } - - // Runs your workflow anytime the member event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see - // https://developer.github.com/v3/repos/collaborators/. - member?: #eventObject & { - types?: #types & [..."added" | "edited" | "deleted"] | *["added", "edited", "deleted"] + label?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "edited" | "deleted"] | { + ... + }) | *["created", "edited", "deleted"] ... - } + }) // Runs your workflow when a pull request is added to a merge // queue, which adds the pull request to a merge group. For // information about the merge queue, see // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue // . - merge_group?: #eventObject & { - types?: #types & [..."checks_requested"] | *["checks_requested"] + merge_group?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."checks_requested"] | { + ... + }) | *["checks_requested"] ... - } + }) // Runs your workflow anytime the milestone event occurs. More // than one activity type triggers this event. For information // about the REST API, see // https://developer.github.com/v3/issues/milestones/. - milestone?: #eventObject & { - types?: #types & [..."created" | "closed" | "opened" | "edited" | "deleted"] | *["created", "closed", "opened", "edited", "deleted"] + milestone?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "closed" | "opened" | "edited" | "deleted"] | { + ... + }) | *["created", "closed", "opened", "edited", "deleted"] ... - } + }) // Runs your workflow anytime someone pushes to a GitHub // Pages-enabled branch, which triggers the page_build event. For @@ -160,28 +172,34 @@ import "strings" // Runs your workflow anytime the project event occurs. More than // one activity type triggers this event. For information about // the REST API, see https://developer.github.com/v3/projects/. - project?: #eventObject & { - types?: #types & [..."created" | "updated" | "closed" | "reopened" | "edited" | "deleted"] | *["created", "updated", "closed", "reopened", "edited", "deleted"] + project?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "updated" | "closed" | "reopened" | "edited" | "deleted"] | { + ... + }) | *["created", "updated", "closed", "reopened", "edited", "deleted"] ... - } + }) // Runs your workflow anytime the project_card event occurs. More // than one activity type triggers this event. For information // about the REST API, see // https://developer.github.com/v3/projects/cards. - project_card?: #eventObject & { - types?: #types & [..."created" | "moved" | "converted" | "edited" | "deleted"] | *["created", "moved", "converted", "edited", "deleted"] + project_card?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "moved" | "converted" | "edited" | "deleted"] | { + ... + }) | *["created", "moved", "converted", "edited", "deleted"] ... - } + }) // Runs your workflow anytime the project_column event occurs. // More than one activity type triggers this event. For // information about the REST API, see // https://developer.github.com/v3/projects/columns. - project_column?: #eventObject & { - types?: #types & [..."created" | "updated" | "moved" | "deleted"] | *["created", "updated", "moved", "deleted"] + project_column?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "updated" | "moved" | "deleted"] | { + ... + }) | *["created", "updated", "moved", "deleted"] ... - } + }) // Runs your workflow anytime someone makes a private repository // public, which triggers the public event. For information about @@ -203,11 +221,13 @@ import "strings" // The permissions for the GITHUB_TOKEN in forked repositories is // read-only. For more information about the GITHUB_TOKEN, see // https://help.github.com/en/articles/virtual-environments-for-github-actions. - pull_request?: #ref & { - types?: #types & [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "converted_to_draft" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed" | "auto_merge_enabled" | "auto_merge_disabled"] | *["opened", "synchronize", "reopened"] + pull_request?: #ref & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "converted_to_draft" | "ready_for_review" | "locked" | "unlocked" | "milestoned" | "demilestoned" | "review_requested" | "review_request_removed" | "auto_merge_enabled" | "auto_merge_disabled"] | { + ... + }) | *["opened", "synchronize", "reopened"] {[=~"^(branche|tag|path)s(-ignore)?$" & !~"^(types)$"]: [...]} - } + }) // Runs your workflow anytime the pull_request_review event // occurs. More than one activity type triggers this event. For @@ -225,10 +245,12 @@ import "strings" // The permissions for the GITHUB_TOKEN in forked repositories is // read-only. For more information about the GITHUB_TOKEN, see // https://help.github.com/en/articles/virtual-environments-for-github-actions. - pull_request_review?: #eventObject & { - types?: #types & [..."submitted" | "edited" | "dismissed"] | *["submitted", "edited", "dismissed"] + pull_request_review?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."submitted" | "edited" | "dismissed"] | { + ... + }) | *["submitted", "edited", "dismissed"] ... - } + }) // Runs your workflow anytime a comment on a pull request's // unified diff is modified, which triggers the @@ -247,10 +269,12 @@ import "strings" // The permissions for the GITHUB_TOKEN in forked repositories is // read-only. For more information about the GITHUB_TOKEN, see // https://help.github.com/en/articles/virtual-environments-for-github-actions. - pull_request_review_comment?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] + pull_request_review_comment?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."created" | "edited" | "deleted"] | { + ... + }) | *["created", "edited", "deleted"] ... - } + }) // This event is similar to pull_request, except that it runs in // the context of the base repository of the pull request, rather @@ -260,11 +284,13 @@ import "strings" // the base repository are run. For example, this event allows // you to create workflows that label and comment on pull // requests, based on the contents of the event payload. - pull_request_target?: #ref & { - types?: #types & [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "converted_to_draft" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed" | "auto_merge_enabled" | "auto_merge_disabled"] | *["opened", "synchronize", "reopened"] + pull_request_target?: #ref & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "converted_to_draft" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed" | "auto_merge_enabled" | "auto_merge_disabled"] | { + ... + }) | *["opened", "synchronize", "reopened"] {[=~"^(branche|tag|path)s(-ignore)?$" & !~"^(types)$"]: _} - } + }) // Runs your workflow when someone pushes to a repository branch, // which triggers the push event. @@ -273,27 +299,31 @@ import "strings" // commit object. You can retrieve the full commit object using // the REST API. For more information, see // https://developer.github.com/v3/repos/commits/#get-a-single-commit. - push?: #ref & { + push?: #ref & (null | bool | number | string | [...] | { {[=~"^(branche|tag|path)s(-ignore)?$" & !~"^()$"]: [...string]} - } + }) // Runs your workflow anytime a package is published or updated. // For more information, see // https://help.github.com/en/github/managing-packages-with-github-packages. - registry_package?: #eventObject & { - types?: #types & [..."published" | "updated"] | *["published", "updated"] + registry_package?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."published" | "updated"] | { + ... + }) | *["published", "updated"] ... - } + }) // Runs your workflow anytime the release event occurs. More than // one activity type triggers this event. For information about // the REST API, see // https://developer.github.com/v3/repos/releases/ in the GitHub // Developer documentation. - release?: #eventObject & { - types?: #types & [..."published" | "unpublished" | "created" | "edited" | "deleted" | "prereleased" | "released"] | *["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] + release?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."published" | "unpublished" | "created" | "edited" | "deleted" | "prereleased" | "released"] | { + ... + }) | *["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] ... - } + }) // Runs your workflow anytime the status of a Git commit changes, // which triggers the status event. For information about the @@ -327,7 +357,7 @@ import "strings" // The value of this parameter is a string specifying the data // type of the input. This must be one of: boolean, number, or // string. - type: "boolean" | "number" | "string" + type!: "boolean" | "number" | "string" // The default value is used when an input parameter isn't // specified in a workflow file. @@ -344,7 +374,7 @@ import "strings" description?: string // A boolean specifying whether the secret must be supplied. - required: _ + required!: bool }} } ... @@ -363,7 +393,7 @@ import "strings" inputs?: { {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: { // A string description of the input parameter. - description: string + description!: string // A string shown to users using the deprecated input. deprecationMessage?: string @@ -378,7 +408,7 @@ import "strings" default?: _ // A string representing the type of the input. - type?: "string" | "choice" | "boolean" | "environment" + type?: "string" | "choice" | "boolean" | "number" | "environment" // The options of the dropdown list, if the type is a choice. options?: [...string] & [_, ...] @@ -393,13 +423,15 @@ import "strings" // pull_request workflow generates build artifacts, you can // create a new workflow that uses workflow_run to analyze the // results and add a comment to the original pull request. - workflow_run?: #eventObject & { - types?: #types & [..."requested" | "completed"] | *["requested", "completed"] + workflow_run?: #eventObject & (null | bool | number | string | [...] | { + types?: #types & (null | bool | number | string | [..."requested" | "completed" | "in_progress"] | { + ... + }) | *["requested", "completed"] workflows?: [...string] & [_, ...] {[=~"^branches(-ignore)?$" & !~"^(types|workflows)$"]: _} ... - } + }) // You can use the GitHub API to trigger a webhook event called // repository_dispatch when you want to trigger a workflow for @@ -426,7 +458,7 @@ import "strings" // To help you get started, there is also a list of crontab guru // examples (https://crontab.guru/examples.html). schedule?: [...null | bool | number | string | [...] | { - cron?: =~"^(((\\d+,)+\\d+|((\\d+|\\*)/\\d+|((JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(-(JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?))|(\\d+-\\d+)|\\d+|\\*|((MON|TUE|WED|THU|FRI|SAT|SUN)(-(MON|TUE|WED|THU|FRI|SAT|SUN))?)) ?){5}$" + cron?: string }] & [_, ...] } @@ -461,7 +493,7 @@ import "strings" // You can run an unlimited number of jobs as long as you are // within the workflow usage limits. For more information, see // https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits. - jobs: { + jobs!: { {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: #normalJob | #reusableWorkflowCallJob} } @@ -481,7 +513,7 @@ import "strings" // in progress, the queued job or workflow will be pending. Any // previously pending job or workflow in the concurrency group // will be canceled. - group: string + group!: string // To cancel any currently running job or workflow in the same // concurrency group, specify cancel-in-progress: true. @@ -495,7 +527,7 @@ import "strings" #container: { // The Docker image to use as the container to run the action. The // value can be the Docker Hub image name or a registry name. - image: string + image!: string // If the image's container registry requires authentication to // pull the image, you can use credentials to set a map of the @@ -539,6 +571,7 @@ import "strings" #: "permissions-event": { actions?: #["permissions-level"] + attestations?: #["permissions-level"] checks?: #["permissions-level"] contents?: #["permissions-level"] deployments?: #["permissions-level"] @@ -561,13 +594,13 @@ import "strings" #environment: { // The name of the environment configured in the repo. - name: string + name!: string // A deployment URL url?: string } - #event: "branch_protection_rule" | "check_run" | "check_suite" | "create" | "delete" | "deployment" | "deployment_status" | "discussion" | "discussion_comment" | "fork" | "gollum" | "issue_comment" | "issues" | "label" | "member" | "milestone" | "page_build" | "project" | "project_card" | "project_column" | "public" | "pull_request" | "pull_request_review" | "pull_request_review_comment" | "pull_request_target" | "push" | "registry_package" | "release" | "status" | "watch" | "workflow_call" | "workflow_dispatch" | "workflow_run" | "repository_dispatch" + #event: "branch_protection_rule" | "check_run" | "check_suite" | "create" | "delete" | "deployment" | "deployment_status" | "discussion" | "discussion_comment" | "fork" | "gollum" | "issue_comment" | "issues" | "label" | "merge_group" | "milestone" | "page_build" | "project" | "project_card" | "project_column" | "public" | "pull_request" | "pull_request_review" | "pull_request_review_comment" | "pull_request_target" | "push" | "registry_package" | "release" | "status" | "watch" | "workflow_call" | "workflow_dispatch" | "workflow_run" | "repository_dispatch" #eventObject: null | { ... @@ -601,7 +634,7 @@ import "strings" ... } - #shell: (string | ("bash" | "pwsh" | "python" | "sh" | "cmd" | "powershell")) & string + #shell: string | ("bash" | "pwsh" | "python" | "sh" | "cmd" | "powershell") #types: [_, ...] @@ -609,11 +642,18 @@ import "strings" #jobNeeds: [...#name] & [_, ...] | #name + #matrix: { + {[=~"^(in|ex)clude$" & !~"^()$"]: #expressionSyntax | [...{ + [string]: #configuration + }] & [_, ...]} + {[!~"^(in|ex)clude$" & !~"^()$"]: [...#configuration] & [_, ...] | #expressionSyntax} + } | #expressionSyntax + #reusableWorkflowCallJob: { // The name of the job displayed on GitHub. name?: string needs?: #jobNeeds - permissions?: #["permissions-event"] + permissions?: #permissions // You can use the if conditional to prevent a job from running // unless a condition is met. You can use any supported context @@ -628,7 +668,7 @@ import "strings" // '{owner}/{repo}/{path}/{filename}@{ref}'. {ref} can be a SHA, // a release tag, or a branch name. Using the commit SHA is the // safest for stability and security. - uses: =~"^(.+/)+(.+)\\.(ya?ml)(@.+)?$" + uses!: =~"^(.+/)+(.+)\\.(ya?ml)(@.+)?$" // A map of inputs that are passed to the called workflow. Any // inputs that you pass must match the input specifications @@ -648,40 +688,17 @@ import "strings" // A strategy creates a build matrix for your jobs. You can define // different variations of an environment to run each job in. strategy?: { - // A build matrix is a set of different configurations of the - // virtual environment. For example you might run a job against - // more than one supported version of a language, operating - // system, or tool. Each configuration is a copy of the job that - // runs and reports a status. - // You can specify a matrix by supplying an array for the - // configuration options. For example, if the GitHub virtual - // environment supports Node.js versions 6, 8, and 10 you could - // specify an array of those versions in the matrix. - // When you define a matrix of operating systems, you must set the - // required runs-on keyword to the operating system of the - // current job, rather than hard-coding the operating system - // name. To access the operating system name, you can use the - // matrix.os context parameter to set runs-on. For more - // information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - matrix: ({ - ... - } | #expressionSyntax) & { - {[=~"^(in|ex)clude$" & !~"^()$"]: [...{ - [string]: #configuration - }] & [_, ...]} - {[!~"^(in|ex)clude$" & !~"^()$"]: [...#configuration] & [_, ...] | #expressionSyntax} - } + matrix!: #matrix // When set to true, GitHub cancels all in-progress jobs if any // matrix job fails. Default: true - "fail-fast"?: bool | *true + "fail-fast"?: bool | string | *true // The maximum number of jobs that can run simultaneously when // using a matrix job strategy. By default, GitHub will maximize // the number of jobs run in parallel depending on the available // runners on GitHub-hosted virtual machines. - "max-parallel"?: number + "max-parallel"?: number | string } // Concurrency ensures that only a single job or workflow using @@ -707,7 +724,11 @@ import "strings" // The type of machine to run the job on. The machine can be // either a GitHub-hosted runner, or a self-hosted runner. - "runs-on": "macos-10.15" | "macos-11" | "macos-12" | "macos-latest" | "self-hosted" | "ubuntu-18.04" | "ubuntu-20.04" | "ubuntu-22.04" | "ubuntu-latest" | "windows-2019" | "windows-2022" | "windows-latest" | (["self-hosted", ...string] & [_, ...] | ["self-hosted", #machine, ...string] & [_, _, ...] | ["self-hosted", #architecture, ...string] & [_, _, ...] | ["self-hosted", #machine, #architecture, ...string] & [_, _, _, ...] | ["self-hosted", #architecture, #machine, ...string] & [_, _, _, ...]) & [...] | #stringContainingExpressionSyntax + "runs-on"!: string | [string] & [_, ...] | { + group?: string + labels?: string | [...string] + ... + } | #stringContainingExpressionSyntax | #expressionSyntax // The environment that the job references. environment?: string | #environment @@ -743,7 +764,14 @@ import "strings" // filesystem. Because steps run in their own process, changes to // environment variables are not preserved between steps. GitHub // provides built-in steps to set up and complete a job. - steps?: [...{ + // Must contain either `uses` or `run` + steps?: [...({ + uses!: string + ... + } | { + run!: string + ... + }) & { // A unique identifier for the step. You can use the id to // reference the step in contexts. For more information, see // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. @@ -806,11 +834,11 @@ import "strings" // parameter is a key/value pair. Input parameters are set as // environment variables. The variable is prefixed with INPUT_ // and converted to upper case. - with?: #env & { + with?: #env & (null | bool | number | string | [...] | { args?: string entrypoint?: string ... - } + }) // Sets environment variables for steps to use in the virtual // environment. You can also set environment variables for the @@ -823,50 +851,27 @@ import "strings" // The maximum number of minutes to run the step before killing // the process. - "timeout-minutes"?: number + "timeout-minutes"?: number | #expressionSyntax }] & [_, ...] // The maximum number of minutes to let a workflow run before // GitHub automatically cancels it. Default: 360 - "timeout-minutes"?: number | *360 + "timeout-minutes"?: number | #expressionSyntax | *360 // A strategy creates a build matrix for your jobs. You can define // different variations of an environment to run each job in. strategy?: { - // A build matrix is a set of different configurations of the - // virtual environment. For example you might run a job against - // more than one supported version of a language, operating - // system, or tool. Each configuration is a copy of the job that - // runs and reports a status. - // You can specify a matrix by supplying an array for the - // configuration options. For example, if the GitHub virtual - // environment supports Node.js versions 6, 8, and 10 you could - // specify an array of those versions in the matrix. - // When you define a matrix of operating systems, you must set the - // required runs-on keyword to the operating system of the - // current job, rather than hard-coding the operating system - // name. To access the operating system name, you can use the - // matrix.os context parameter to set runs-on. For more - // information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - matrix: ({ - ... - } | #expressionSyntax) & { - {[=~"^(in|ex)clude$" & !~"^()$"]: [...{ - [string]: #configuration - }] & [_, ...]} - {[!~"^(in|ex)clude$" & !~"^()$"]: [...#configuration] & [_, ...] | #expressionSyntax} - } + matrix!: #matrix // When set to true, GitHub cancels all in-progress jobs if any // matrix job fails. Default: true - "fail-fast"?: bool | *true + "fail-fast"?: bool | string | *true // The maximum number of jobs that can run simultaneously when // using a matrix job strategy. By default, GitHub will maximize // the number of jobs run in parallel depending on the available // runners on GitHub-hosted virtual machines. - "max-parallel"?: number + "max-parallel"?: number | string } // Prevents a workflow run from failing when a job fails. Set to diff --git a/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue b/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue index 34711ce..7b0e3c8 100644 --- a/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue +++ b/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue @@ -1,4 +1,15 @@ package json -#job: ((#Workflow & {}).jobs & {x: _}).x -#step: ((#job & {steps: _}).steps & [_])[0] +#job: ((#Workflow & {jobs: _}).jobs & {x: _}).x +#step: ((#job & {steps: _}).steps & [_])[0] + +// CUE does not properly encode a JSON Schema oneOf; see +// https://cuelang.org/issue/3165. For now, apply a temporary workaround which +// forces the other option to bottom. +#Workflow: jobs?: [string]: steps?: [...( + { + uses?: _|_ + } | { + run?: _|_ + }), +] diff --git a/internal/ci/base/base.cue b/internal/ci/base/base.cue index 39b9010..5304b85 100644 --- a/internal/ci/base/base.cue +++ b/internal/ci/base/base.cue @@ -35,7 +35,7 @@ import ( ) // Package parameters -githubRepositoryPath: *(URLPath & {#url: githubRepositoryURL, _}) | string +githubRepositoryPath: *(URLPath & {#url: githubRepositoryURL, _}) | string githubRepositoryURL: *("https://github.com/" + githubRepositoryPath) | string gerritHubHostname: "review.gerrithub.io" gerritHubRepositoryURL: *("https://\(gerritHubHostname)/a/" + githubRepositoryPath) | string @@ -55,7 +55,7 @@ botGerritHubUser: *botGitHubUser | string botGerritHubUserPasswordSecretsKey: *(strings.ToUpper(botGitHubUser) + "_GERRITHUB_PASSWORD") | string botGerritHubUserEmail: *botGitHubUserEmail | string -workflowFileExtension: ".yml" +workflowFileExtension: ".yaml" linuxMachine: string @@ -67,7 +67,7 @@ codeReview: #codeReview & { // Define some shared keys and human-readable names. // // trybot.key and unity.key are shared with -// github.com/cue-sh/tools/cmd/cueckoo. The keys are used across various CUE +// github.com/cue-lang/contrib-tools/cmd/cueckoo. The keys are used across various CUE // workflows and their consistency in those various locations is therefore // crucial. As such, we assert specific values for the keys here rather than // just deriving values from the human-readable names. diff --git a/internal/ci/base/codereview.cue b/internal/ci/base/codereview.cue index 113aab8..134c940 100644 --- a/internal/ci/base/codereview.cue +++ b/internal/ci/base/codereview.cue @@ -10,7 +10,7 @@ import ( // #codeReview defines the schema of a codereview.cfg file that // sits at the root of a repository. codereview.cfg is the configuration // file that drives golang.org/x/review/git-codereview. This config -// file is also used by github.com/cue-sh/tools/cmd/cueckoo. +// file is also used by github.com/cue-lang/contrib-tools/cmd/cueckoo. #codeReview: { gerrit?: string github?: string diff --git a/internal/ci/base/github.cue b/internal/ci/base/github.cue index 5e0eee1..6f49044 100644 --- a/internal/ci/base/github.cue +++ b/internal/ci/base/github.cue @@ -15,14 +15,51 @@ bashWorkflow: json.#Workflow & { jobs: [string]: defaults: run: shell: "bash" } -installGo: json.#step & { - name: "Install Go" - uses: "actions/setup-go@v5" - with: { - // We do our own caching in setupGoActionsCaches. - cache: false - "go-version": string +installGo: { + #setupGo: json.#step & { + name: "Install Go" + uses: "actions/setup-go@v5" + with: { + // We do our own caching in setupGoActionsCaches. + cache: false + "go-version": string + } } + + // Why set GOTOOLCHAIN here? As opposed to an environment variable + // elsewhere? No perfect answer to this question but here is the thinking: + // + // Setting the variable here localises it with the installation of Go. Doing + // it elsewhere creates distance between the two steps which are + // intrinsically related. And it's also hard to do: "when we use this step, + // also ensure that we establish an environment variable in the job for + // GOTOOLCHAIN". + // + // Environment variables can only be set at a workflow, job or step level. + // Given we currently use a matrix strategy which varies the Go version, + // that rules out using an environment variable based approach, because the + // Go version is only available at runtime via GitHub actions provided + // context. Whether we should instead be templating multiple workflows (i.e. + // exploding the matrix ourselves) is a different question, but one that + // has performance implications. + // + // So as clumsy as it is to use a step "template" that includes more than + // one step, it's the best option available to us for now. + [ + #setupGo, + + { + json.#step & { + name: "Set common go env vars" + run: """ + go env -w GOTOOLCHAIN=local + + # Dump env for good measure + go env + """ + } + }, + ] } checkoutCode: { @@ -100,44 +137,7 @@ checkoutCode: { earlyChecks: json.#step & { name: "Early git and code sanity checks" - run: #""" - # Ensure that commit messages have a blank second line. - # We know that a commit message must be longer than a single - # line because each commit must be signed-off. - if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then - echo "second line of commit message must be blank" - exit 1 - fi - - # All authors, including co-authors, must have a signed-off trailer by email. - # Note that trailers are in the form "Name ", so grab the email with sed. - # For now, we require the sorted lists of author and signer emails to match. - # Note that this also fails if a commit isn't signed-off at all. - # - # In Gerrit we already enable a form of this via https://gerrit-review.googlesource.com/Documentation/project-configuration.html#require-signed-off-by, - # but it does not support co-authors nor can it be used when testing GitHub PRs. - commit_authors="$( - { - git log -1 --pretty='%ae' - git log -1 --pretty='%(trailers:key=Co-authored-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - commit_signers="$( - { - git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - if [[ "${commit_authors}" != "${commit_signers}" ]]; then - echo "Error: commit author email addresses do not match signed-off-by trailers" - echo - echo "Authors:" - echo "${commit_authors}" - echo - echo "Signers:" - echo "${commit_signers}" - exit 1 - fi - """# + run: *"go run cuelang.org/go/internal/ci/checks@v0.11.0-0.dev.0.20240903133435-46fb300df650" | string } curlGitHubAPI: { diff --git a/internal/ci/gen.go b/internal/ci/gen.go index 4a6b3ba..d3077a2 100644 --- a/internal/ci/gen.go +++ b/internal/ci/gen.go @@ -14,5 +14,5 @@ package ci -//go:generate go run cuelang.org/go/cmd/cue@v0.8.0 cmd importjsonschema ./vendor -//go:generate go run cuelang.org/go/cmd/cue@v0.8.0 cmd gen +//go:generate go run cuelang.org/go/cmd/cue@v0.10.0 cmd importjsonschema ./vendor +//go:generate go run cuelang.org/go/cmd/cue@v0.10.0 cmd gen diff --git a/internal/ci/github/trybot.cue b/internal/ci/github/trybot.cue index e2a0590..2f6f4b3 100644 --- a/internal/ci/github/trybot.cue +++ b/internal/ci/github/trybot.cue @@ -37,6 +37,10 @@ workflows: trybot: _repo.bashWorkflow & { let runnerOSExpr = "runner.os" let runnerOSVal = "${{ \(runnerOSExpr) }}" + let installGo = _repo.installGo & { + #setupGo: with: "go-version": _repo.latestGo + _ + } let _setupGoActionsCaches = _repo.setupGoActionsCaches & { #goVersion: _repo.latestGo #os: runnerOSVal @@ -50,11 +54,7 @@ workflows: trybot: _repo.bashWorkflow & { steps: [ for v in _repo.checkoutCode {v}, - - _repo.installGo & { - with: "go-version": _repo.latestGo - }, - + for v in installGo {v}, for v in _setupGoActionsCaches {v}, _repo.earlyChecks, diff --git a/internal/ci/repo/repo.cue b/internal/ci/repo/repo.cue index d9030ff..f94175e 100644 --- a/internal/ci/repo/repo.cue +++ b/internal/ci/repo/repo.cue @@ -18,4 +18,4 @@ defaultBranch: "main" linuxMachine: "ubuntu-22.04" -latestGo: "1.21.x" +latestGo: "1.23.x" diff --git a/internal/ci/vendor/vendor_tool.cue b/internal/ci/vendor/vendor_tool.cue index f609aca..74ff3c3 100644 --- a/internal/ci/vendor/vendor_tool.cue +++ b/internal/ci/vendor/vendor_tool.cue @@ -1,4 +1,4 @@ -// Copyright 2024 The CUE Authors +// Copyright 2021 The CUE Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ import ( // project which "vendors" the various workflow-related // packages can specify "cue" as the value so that unity // tests can specify the cmd/cue binary to use. -_cueCmd: string | *"go run cuelang.org/go/cmd/cue@v0.8.0" @tag(cue_cmd) +_cueCmd: string | *"go run cuelang.org/go/cmd/cue@v0.10.0" @tag(cue_cmd) // For the commands below, note we use simple yet hacky path resolution, rather // than anything that might derive the module root using go list or similar, in @@ -40,7 +40,7 @@ command: importjsonschema: { // Tip link for humans: // https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/github-workflow.json - url: "https://raw.githubusercontent.com/SchemaStore/schemastore/5ffe36662a8fcab3c32e8fbca39c5253809e6913/src/schemas/json/github-workflow.json" + url: "https://raw.githubusercontent.com/SchemaStore/schemastore/88d26ad0d451cbd5ebc70218062850aa905bdf18/src/schemas/json/github-workflow.json" } import: exec.Run & { _outpath: path.FromSlash("../../cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue", "unix")