* Fix CI: Dry-run `cargo-publish` on crate to be published
If there's no crate to publish, do not dry-run `cargo-publish`.
Only dry-run `cargo-publish` on crate to be published to avoid
`cargo-publish` error on `cargo-binstall` when one of its direct
dependencies is bumped.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix passing of crate to `release-cli.yml`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix passing of `needs.pr-info.outpus.crate`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `release-dry-run`: Only run if is release or is not PR event
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix passing of crate
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Rm `just-setup` from `release-cli.yml` since it cannot be cached
release is trigged by the closing of PR, so the cache is saved under the
branch `release/*` which cannot be reused.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix dry-run publish
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `release-cli.yml`: Do not dry run `cargo-publish`
If dependencies of `carog-binstall` is bumped, then `cargo-publish` dry
run will fail since the dependency has not published yet
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Speedup step publish in `release-cli.yml`
Use `just-setup` to cache rust/zig compilation, also
disable all features to reduce dependencies pulled in.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* `release-cli.yml`: Restore rust cache before ephermal-crate.sh is run
which writes the key to `Cargo.toml` and invalidates the cache.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Cache zig global_cache to speedup build
This can be helpful in two situations:
- If `cc` is bumped to a new release, then all the `*-sys` crates will
be rebuilt even if their source doesn't change.
Caching zig global_cache would avoid expensive rebuilds.
- For target `x86_64h-apple-darwin`, it uses build-std which means the
rust cache is quite ineffective (only build-dependencies are cached),
so we would also need zig global_cache to avoid rebuilding c
dependencies in CI.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix missing `shell: bash`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix CI: Create symlink to `zig`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Fix getting output from prev step in just-setup
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Include job_id `github.job` in zig cache key
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix ci: Install deps before caching and include `JUST*` env values in caching key
To make sure caching is done properly and does not accidentally include
(old) pre-built binaries that we don't want.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix missing `shell`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix justfile target `check`: Call `cargo hack check` directly
without using the `CARGO=cargo-zigbuild` env since `leon` does not use
external C/C++ compiler anyway.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Dowgrade cargo-hack to 0.6.10
This is the last version working
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
For PRs opened by contributors who are not part of the cargo-bins team and for
PRs opened by dependabot, they cannot access the secrets, thus signing will
always fail.
Skipping release-dry-run on pull_request would fix that for them, while
retaining the signing stage on merge_queue and on main to ensure that the
release workflow is working.
It will also speedup CI for PR.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix build again
* Recommend (r)age over minisign password
* Dry-run the entire release process
* Reorg a bit so dry-run works
* Fix secret name
* Add check on age key
* Pass secrets down
* Use a cross-platform "date"
* Delete signing key artifact to be extra safe
* Last little bits
* Revert "release: cargo-binstall v1.4.0 (#1397)"
This reverts commit 99e8256018.
* --allow-dirty on publish
* Remove private key file after generation
* Write public key file to bin crate and to package
* Upload public key file to release
* Sign our releases
* Use secrets instead of artifacts
* And the universal
* Apparently we can’t use secrets like that?
* Minor fixes to doc
* Private key requires untrusted comment
* Dogfood one deeper
* Fix `detect-targets` on ubuntu 20.04, glibc 2.31
Fixed#1375 and fixed#1378
glibc 2.31 does not support `--version`, so we need to detect and
fallback to passing an executable linked with that glibc to check if it
is indeed glibc.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix compilation faillure on ubuntu-20.04
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Fixed#1353
Merge all dependabot configuration for cargo into one, with directory
setting to `/` so that it will check for dep updates for entire
workspace while also updating lockfile in PR.
To prevent it from opening too many PRs, it's configured to run on
every Saturday, after `upgrade-transitive-deps.yml` is run.
It will also group all dependencies into one PR to prevent opening too
many PRs.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Since the merge_queue requires every PR to be tested, there is no need
to run the test again in `release.yml`.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Add a unique value to `concurrency.group` in `ci.yml` to prevent it from
being cancelled when releasing crates.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
`binstalk-downloader` contains stuff about http(s) before the
git code is moved into it and now it becomes http and git.
While git indeed uses http stuff, which is why I decided to put
it into binstalk-downloader, it is more than just downloading
since it is stateful (can be cached locally and updated)
where as http is stateless.
Also `binstalk-downloader`'s codegen time now increases
dramatically and it also creates extra dependencies for
binstalk-fetchers, delaying its execution.
The git code also don't use anything from `binstalk-downloader`
at all, it makes sense to be an independent crate.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Set `CARGO_PROFILE_RELEASE_CODEGEN_UNITS` to 4
since 1024 units are too many and our CI only have 2-3 cores.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Which guarantees:
- faster linking on all targets when `cargo-zigbuild` is not used
- allow cross-lang-lto to be enabled
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
instead of `x86_64-apple-darwin` for better optimization since any
machine that support universal support x86_64h.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Run `cargo-publish` without `--no-verify` to verify the publish is valid
and does not depend on unpublished crates in job tag of workflow
`release.yml`, which could be caused by incorrect merge order.
Also enabled `check-semver` to `cargo-bins/release-pr@v2` and install
`cargo-semver-checks` using `taiki-e/install-action@v2` in
job make-release-pr of workflow `release-pr.yml`, since
`release-pr` would try to use `cargo-binstall` for installing
`cargo-semver-checks` used in `check-semver`, but we did not explicitly
require `taiki-e/install-actions@v2` to install `cargo-binstall`, so
`release-pr` could fallback to `cargo-install` which is just too slow.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
- ci: Check feat powerset of leon & binstalk-downloader in `ci.yml`
- fix leon feature `cli`: Enable dep `miette` in feature `cli`
- fix binstalk-downloader when default feature is disabled and no other
tls related feature is enabled (breaking change due to replace of
`tls::Version` with newtype `TLSVersion`).
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
- Remove trigger on "auto merge" enablement, which is just annoying now with the merge queue and was only ever an additional workaround for the release PRs.
- Always run the PR CIs, don't ignore markdown files. That made it impossible to merge PRs that only touched those files (without bypassing requirements).
for upgrading transitive dependencies.
While dependabot is great, it opens one PR for each of these transitive
dependencies, which makes merging harder:
- have to approve every PR
- have to click merge when ci is done
it also creates merge queue runs and commits to main, thus creates a lot
of unused caches and unnecessary CI runs.
This PR creates `upgrade-transitive-deps.yml` that creates one PR for
all transitive change per-day.
It also configures dependabot to only `increase-if-necessary`, same as
library crates.
Since we have several library crates in our workspace, this would mean
that we would have less unnecessary deps bump on these library crates.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
