* Use secrets,CI_TEST_GITHUB_TOKEN for testing in ci.yml
* Run e2e-test in release-packages.yml using secrets.CI_TEST_GITHUB_TOKEN
* Use CI_RELEASE_TEST_GITHUB_TOKEN in e2e-test in release-packages.yml
* Refactor: Mv leon and leon-macros into another repo
It's moved to https://github.com/cargo-bins/leon
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix CI: Rm `cargo-hack` check for `leon`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Use runner `macos-14` which uses M1 machine
`macos-14` provides 3-core M1, 7G mem and 14G stroage, while `macos-latest`
(`macos-13` as of writing) provides 4-core intel, 14G mem and 14G
storage.
While the memory is cut by half and core count reduce by 1, I believe
that it would still speedup the CI since M1 is much more powerful than
previous Intel CPU used in `macos-13`.
It would also allow us to run tests on aarch64-apple-darwin and on
universal-apple-darwin, if necessary.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Fix `e2e-test-subcrate`: Bump `cargo-audit` ver to v0.18.3
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix detect-targets on android targets
By enabling linux fallback on Android.
Also add CI regression test for aarch64-linux-android target.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix CI: Add job `detect-targets-android-check` as required for merging
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix CI: Dry-run `cargo-publish` on crate to be published
If there's no crate to publish, do not dry-run `cargo-publish`.
Only dry-run `cargo-publish` on crate to be published to avoid
`cargo-publish` error on `cargo-binstall` when one of its direct
dependencies is bumped.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix passing of crate to `release-cli.yml`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix passing of `needs.pr-info.outpus.crate`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `release-dry-run`: Only run if is release or is not PR event
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix passing of crate
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Rm `just-setup` from `release-cli.yml` since it cannot be cached
release is trigged by the closing of PR, so the cache is saved under the
branch `release/*` which cannot be reused.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix dry-run publish
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `release-cli.yml`: Do not dry run `cargo-publish`
If dependencies of `carog-binstall` is bumped, then `cargo-publish` dry
run will fail since the dependency has not published yet
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Speedup step publish in `release-cli.yml`
Use `just-setup` to cache rust/zig compilation, also
disable all features to reduce dependencies pulled in.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* `release-cli.yml`: Restore rust cache before ephermal-crate.sh is run
which writes the key to `Cargo.toml` and invalidates the cache.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix ci: Install deps before caching and include `JUST*` env values in caching key
To make sure caching is done properly and does not accidentally include
(old) pre-built binaries that we don't want.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix missing `shell`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix justfile target `check`: Call `cargo hack check` directly
without using the `CARGO=cargo-zigbuild` env since `leon` does not use
external C/C++ compiler anyway.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* CI: Dowgrade cargo-hack to 0.6.10
This is the last version working
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
For PRs opened by contributors who are not part of the cargo-bins team and for
PRs opened by dependabot, they cannot access the secrets, thus signing will
always fail.
Skipping release-dry-run on pull_request would fix that for them, while
retaining the signing stage on merge_queue and on main to ensure that the
release workflow is working.
It will also speedup CI for PR.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix build again
* Recommend (r)age over minisign password
* Dry-run the entire release process
* Reorg a bit so dry-run works
* Fix secret name
* Add check on age key
* Pass secrets down
* Use a cross-platform "date"
* Delete signing key artifact to be extra safe
* Last little bits
* Revert "release: cargo-binstall v1.4.0 (#1397)"
This reverts commit 99e8256018.
* --allow-dirty on publish
* Remove private key file after generation
* Write public key file to bin crate and to package
* Upload public key file to release
* Sign our releases
* Use secrets instead of artifacts
* And the universal
* Apparently we can’t use secrets like that?
* Minor fixes to doc
* Private key requires untrusted comment
* Dogfood one deeper
* Fix `detect-targets` on ubuntu 20.04, glibc 2.31
Fixed#1375 and fixed#1378
glibc 2.31 does not support `--version`, so we need to detect and
fallback to passing an executable linked with that glibc to check if it
is indeed glibc.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix compilation faillure on ubuntu-20.04
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Since the merge_queue requires every PR to be tested, there is no need
to run the test again in `release.yml`.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Add a unique value to `concurrency.group` in `ci.yml` to prevent it from
being cancelled when releasing crates.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
`binstalk-downloader` contains stuff about http(s) before the
git code is moved into it and now it becomes http and git.
While git indeed uses http stuff, which is why I decided to put
it into binstalk-downloader, it is more than just downloading
since it is stateful (can be cached locally and updated)
where as http is stateless.
Also `binstalk-downloader`'s codegen time now increases
dramatically and it also creates extra dependencies for
binstalk-fetchers, delaying its execution.
The git code also don't use anything from `binstalk-downloader`
at all, it makes sense to be an independent crate.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Set `CARGO_PROFILE_RELEASE_CODEGEN_UNITS` to 4
since 1024 units are too many and our CI only have 2-3 cores.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Which guarantees:
- faster linking on all targets when `cargo-zigbuild` is not used
- allow cross-lang-lto to be enabled
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
instead of `x86_64-apple-darwin` for better optimization since any
machine that support universal support x86_64h.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Run `cargo-publish` without `--no-verify` to verify the publish is valid
and does not depend on unpublished crates in job tag of workflow
`release.yml`, which could be caused by incorrect merge order.
Also enabled `check-semver` to `cargo-bins/release-pr@v2` and install
`cargo-semver-checks` using `taiki-e/install-action@v2` in
job make-release-pr of workflow `release-pr.yml`, since
`release-pr` would try to use `cargo-binstall` for installing
`cargo-semver-checks` used in `check-semver`, but we did not explicitly
require `taiki-e/install-actions@v2` to install `cargo-binstall`, so
`release-pr` could fallback to `cargo-install` which is just too slow.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
