diff --git a/.github/workflows/gitspiegel-trigger.yml b/.github/workflows/gitspiegel-trigger.yml deleted file mode 100644 index dce3aaf..0000000 --- a/.github/workflows/gitspiegel-trigger.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: gitspiegel sync - -# This workflow doesn't do anything, it's only use is to trigger "workflow_run" -# webhook, that'll be consumed by gitspiegel -# This way, gitspiegel won't do mirroring, unless this workflow runs, -# and running the workflow is protected by GitHub - -on: - pull_request: - types: - - opened - - synchronize - - unlocked - - ready_for_review - - reopened - -jobs: - sync: - runs-on: ubuntu-latest - steps: - - name: Do nothing - run: echo "let's go" diff --git a/.github/workflows/tag-publish.yml b/.github/workflows/tag-publish.yml new file mode 100644 index 0000000..58b8a3b --- /dev/null +++ b/.github/workflows/tag-publish.yml @@ -0,0 +1,231 @@ +name: CI +run-name: CI for ${{ github.ref_name }} +on: + push: + branches: + - 'main' + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + +env: + CARGO_INCREMENTAL: 0 + RUST_TOOLCHAIN: "1.70.0" + RUST_TOOLCHAIN_NIGHTLY: "nightly-2023-05-23" + + +jobs: + + # + # + # + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: "${{ env.RUST_TOOLCHAIN_NIGHTLY }}, ${{ env.RUST_TOOLCHAIN }}" + components: "rustfmt, clippy" + + - name: fmt + run: cargo +${{ env.RUST_TOOLCHAIN_NIGHTLY }} fmt --all -- --check + - name: clippy + run: cargo clippy --all --verbose + + # + # + # + deny: + runs-on: ubuntu-latest + needs: [lint] + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: "${{ env.RUST_TOOLCHAIN }}, ${{ env.RUST_TOOLCHAIN_NIGHTLY }}" + components: "rustfmt, clippy" + + - name: Deny + run: | + cargo install cargo-deny@0.13.9 --locked + cargo deny check --hide-inclusion-graph -c scripts/ci/deny.toml + mkdir -p ./artifacts + echo "___Complete logs can be found in the artifacts___" + cargo deny check --hide-inclusion-graph -c scripts/ci/deny.toml 2> artifacts/cargo_deny.log + + - name: upload artifacts + uses: actions/upload-artifact@v4 + with: + name: ${{ github.job }}-${{ github.sha }} + path: artifacts + retention-days: 7 + + # + # + # + test: + runs-on: ubuntu-latest + needs: [lint] + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: "${{ env.RUST_TOOLCHAIN }}, ${{ env.RUST_TOOLCHAIN_NIGHTLY }}" + components: "rustfmt, clippy" + + - name: Test + run: cargo test --all --verbose + + # + # + # + tag: + runs-on: ubuntu-latest + permissions: + contents: write + needs: [deny, test] + if: ${{ github.event_name != 'pull_request' }} + outputs: + TAG: ${{ steps.versions.outputs.TAG }} + PKG_VER: ${{ steps.versions.outputs.PKG_VER }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-tags: 'true' + fetch-depth: 0 + + - name: Versions + id: versions + run: | + export CURRENT_TAG=$(git describe --tags --abbrev=0) + export PKG_VER=v$(cat Cargo.toml | grep -A 5 package] | grep version | cut -d '=' -f 2 | tr -d '"' | tr -d " ") + echo "Current tag $CURRENT_TAG" + echo "Package version $PKG_VER" + # + echo "PKG_VER=$PKG_VER" >> $GITHUB_OUTPUT + if [ $CURRENT_TAG == $PKG_VER ]; + then + echo "Tag is up to date. Nothing to do."; + export TAG=old; + else + echo "Tag was updated."; + export TAG=new; + fi + echo "TAG=$TAG" >> $GITHUB_OUTPUT + + - name: Create/update tag + id: tag + if: ${{ steps.versions.outputs.TAG == 'new' }} + uses: actions/github-script@v7 + with: + result-encoding: string + script: | + try { + await github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'refs/tags/${{ steps.versions.outputs.PKG_VER }}', + sha: context.sha + }) + } catch (err) { + if (err.status !== 422) throw err; + console.log("Tag already exists, updating") + await github.rest.git.updateRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: 'tags/${{ steps.versions.outputs.PKG_VER }}', + sha: context.sha + }); + } + + # + # Dry run + # + + cargo-publish-dry-run: + runs-on: ubuntu-latest + needs: [deny, test] + if: ${{ github.event_name == 'pull_request' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: "${{ env.RUST_TOOLCHAIN }}, ${{ env.RUST_TOOLCHAIN_NIGHTLY }}" + components: "rustfmt, clippy" + + - name: cargo publish + run: cargo publish --dry-run + + npm-publish-dry-run: + runs-on: ubuntu-latest + needs: [deny, test] + if: ${{ github.event_name == 'pull_request' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: actions/setup-node@v4 + with: + node-version: '16' + + - name: npm publish + run: | + ls -al + npm install + npm run build + cd npm_dist/ + ls -al + npm publish --dry-run + + # + # Publish + # + + cargo-publish: + runs-on: ubuntu-latest + environment: Main + needs: [tag] + if: ${{ needs.tag.outputs.TAG == 'new' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: "${{ env.RUST_TOOLCHAIN }}, ${{ env.RUST_TOOLCHAIN_NIGHTLY }}" + components: "rustfmt, clippy" + + - name: Publish + run: | + echo "tag result: ${{ needs.tag.outputs.TAG }}" + echo "pkg version: ${{ needs.tag.outputs.PKG_VER }}" + echo "Publishing to crates.io"; + cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}; + + npm-publish: + runs-on: ubuntu-latest + environment: Main + needs: [tag] + if: ${{ needs.tag.outputs.TAG == 'new' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '16' + + - name: Publish + run: | + echo "tag result: ${{ needs.tag.outputs.TAG }}" + echo "pkg version: ${{ needs.tag.outputs.PKG_VER }}" + npm install; + npm run build; + cd npm_dist/; + ls -al + echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc; + npm publish --access public; \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 88bac63..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,197 +0,0 @@ -default: - interruptible: true - retry: - max: 2 - when: - - runner_system_failure - - unknown_failure - - api_failure - -stages: - - lint - - test - - build - - tag - - publish - -variables: - GIT_STRATEGY: fetch - GIT_DEPTH: 100 - CARGO_INCREMENTAL: 0 - CI_IMAGE: "paritytech/ci-linux:production" - CARGO_UNLEASH_INSTALL_PARAMS: "--version 1.0.0-alpha.13" - CARGO_UNLEASH_PKG_DEF: "" - -.publish-refs: &publish-refs - rules: - - if: $CI_PIPELINE_SOURCE == "web" - - if: $CI_PIPELINE_SOURCE == "schedule" - - if: $CI_COMMIT_REF_NAME == "master" - - if: $CI_COMMIT_REF_NAME == "main" - - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 - -.rust-info-script: &rust-info-script - - rustup show - - cargo --version - - rustup +nightly show - - cargo +nightly --version - - bash --version - -.docker-env: &docker-env - image: "${CI_IMAGE}" - before_script: - - *rust-info-script - tags: - - linux-docker-vm-c2 - -.kubernetes-env: &kubernetes-env - image: "${CI_IMAGE}" - tags: - - kubernetes-parity-build - -.collect-artifacts: &collect-artifacts - artifacts: - name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}" - when: on_success - expire_in: 7 days - paths: - - ./artifacts/ - -#### stage: lint - -fmt: - stage: lint - <<: *docker-env - script: - - cargo +nightly fmt --all -- --check - -clippy: - stage: lint - <<: *docker-env - script: - - cargo clippy --all --verbose - -#### stage: test - -deny: - stage: test - <<: *docker-env - <<: *collect-artifacts - script: - - cargo deny check --hide-inclusion-graph -c scripts/ci/deny.toml - after_script: - - mkdir -p ./artifacts - - echo "___Complete logs can be found in the artifacts___" - - cargo deny check --hide-inclusion-graph 2> cargo_deny.log - -test: - stage: test - <<: *docker-env - script: - - cargo test --all --verbose - -#### stage: build - -build: - stage: build - <<: *docker-env - script: - - cargo build --no-default-features --target wasm32-unknown-unknown --verbose - - -#### stage: tag -# this stage will only create a tag in the repo, not release - -tag-job: - stage: tag - <<: *kubernetes-env - <<: *publish-refs - script: - #FIXME: remove after ssh added to base image - - apt-get update && apt-get install -y ssh - - eval $(ssh-agent) - - ssh-add - <<< ${GITHUB_SSH_PRIV_KEY} - - mkdir ~/.ssh && touch ~/.ssh/known_hosts - - ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts - - export CURRENT_TAG=$(git describe --tags --abbrev=0) - - export PKG_VER=v$(cat Cargo.toml | grep -A 5 package] | grep version | cut -d '=' -f 2 | tr -d '"' | tr -d " ") - - echo "Current tag $CURRENT_TAG" - - echo "Package version $PKG_VER" - - git config user.name "${GITHUB_USER}" - - git config user.email "devops-team@parity.io" - - git config remote.origin.url "git@github.com:/paritytech/${CI_PROJECT_NAME}.git" - - git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*" - - if [ $CURRENT_TAG == $PKG_VER ]; - then - echo "Tag is up to date. Nothing to do."; - export TAG=old; - else - echo "Tag was updated."; - git tag -a $PKG_VER -m "new tag"; - git log --tags --simplify-by-decoration --pretty="format:%ci %d"; - git push origin --tags; - export TAG=new; - fi - - echo "TAG=$TAG" > tag.env; - artifacts: - reports: - dotenv: tag.env - -#### stage: publish - -publish-crates-dry: - stage: publish - <<: *docker-env - script: - - cargo publish --dry-run - -publish-crates: - stage: publish - <<: *docker-env - <<: *publish-refs - script: - - echo $TAG - - if [ $TAG == "new" ]; - then - echo "Publishing to crates.io"; - cargo publish; - else - echo "Tag was not updated. Not releasing."; - fi - -publish-npmjs: - stage: publish - <<: *kubernetes-env - <<: *publish-refs - variables: - CI_IMAGE: "node:16" - script: - - echo $TAG - - if [ $TAG == "new" ]; - then - echo "------------Publishing to npmjs------------"; - npm install; - npm run build; - cd npm_dist/; - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc; - npm publish --access public; - cd ..; - echo "------------Configuring git------------"; - eval $(ssh-agent); - ssh-add - <<< ${GITHUB_SSH_PRIV_KEY}; - mkdir ~/.ssh && touch ~/.ssh/known_hosts; - ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts; - git config user.name "${GITHUB_USER}"; - git config user.email "devops-team@parity.io"; - git config remote.origin.url "git@github.com:/paritytech/${CI_PROJECT_NAME}.git"; - git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*"; - echo "------------Pushing package.json and package-lock.json to github------------"; - git branch tmp; - git checkout main || git checkout master; - git add package.json; - git add package-lock.json; - git commit -m "[skip ci] Update package.json and package-lock.json"; - git push; - else - echo "Tag was not updated. Not publishing."; - fi diff --git a/scripts/ci/deny.toml b/scripts/ci/deny.toml index 8cc7635..e66ff68 100644 --- a/scripts/ci/deny.toml +++ b/scripts/ci/deny.toml @@ -58,7 +58,7 @@ ignore = [ # * Medium - CVSS Score 4.0 - 6.9 # * High - CVSS Score 7.0 - 8.9 # * Critical - CVSS Score 9.0 - 10.0 -#severity-threshold = +#severity-threshold = # This section is considered when running `cargo deny check licenses` # More documentation for the licenses section can be found here: @@ -168,8 +168,8 @@ deny = [ skip = [ #{ name = "ansi_term", version = "=0.11.0" }, ] -# Similarly to `skip` allows you to skip certain crates during duplicate -# detection. Unlike skip, it also includes the entire tree of transitive +# Similarly to `skip` allows you to skip certain crates during duplicate +# detection. Unlike skip, it also includes the entire tree of transitive # dependencies starting at the specified crate, up to a certain depth, which is # by default infinite skip-tree = [ @@ -190,4 +190,4 @@ unknown-git = "warn" # if not specified. If it is specified but empty, no registries are allowed. allow-registry = ["https://github.com/rust-lang/crates.io-index"] # List of URLs for allowed Git repositories -allow-git = [] +allow-git = [] \ No newline at end of file