* Fix build again
* Recommend (r)age over minisign password
* Dry-run the entire release process
* Reorg a bit so dry-run works
* Fix secret name
* Add check on age key
* Pass secrets down
* Use a cross-platform "date"
* Delete signing key artifact to be extra safe
* Last little bits
* Revert "release: cargo-binstall v1.4.0 (#1397)"
This reverts commit 99e8256018.
* --allow-dirty on publish
* Remove private key file after generation
* Write public key file to bin crate and to package
* Upload public key file to release
* Sign our releases
* Use secrets instead of artifacts
* And the universal
* Apparently we can’t use secrets like that?
* Minor fixes to doc
* Private key requires untrusted comment
* Dogfood one deeper
* Fix `detect-targets` on ubuntu 20.04, glibc 2.31
Fixed#1375 and fixed#1378
glibc 2.31 does not support `--version`, so we need to detect and
fallback to passing an executable linked with that glibc to check if it
is indeed glibc.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix compilation faillure on ubuntu-20.04
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Since the merge_queue requires every PR to be tested, there is no need
to run the test again in `release.yml`.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Add a unique value to `concurrency.group` in `ci.yml` to prevent it from
being cancelled when releasing crates.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
`binstalk-downloader` contains stuff about http(s) before the
git code is moved into it and now it becomes http and git.
While git indeed uses http stuff, which is why I decided to put
it into binstalk-downloader, it is more than just downloading
since it is stateful (can be cached locally and updated)
where as http is stateless.
Also `binstalk-downloader`'s codegen time now increases
dramatically and it also creates extra dependencies for
binstalk-fetchers, delaying its execution.
The git code also don't use anything from `binstalk-downloader`
at all, it makes sense to be an independent crate.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Set `CARGO_PROFILE_RELEASE_CODEGEN_UNITS` to 4
since 1024 units are too many and our CI only have 2-3 cores.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Which guarantees:
- faster linking on all targets when `cargo-zigbuild` is not used
- allow cross-lang-lto to be enabled
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
instead of `x86_64-apple-darwin` for better optimization since any
machine that support universal support x86_64h.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Run `cargo-publish` without `--no-verify` to verify the publish is valid
and does not depend on unpublished crates in job tag of workflow
`release.yml`, which could be caused by incorrect merge order.
Also enabled `check-semver` to `cargo-bins/release-pr@v2` and install
`cargo-semver-checks` using `taiki-e/install-action@v2` in
job make-release-pr of workflow `release-pr.yml`, since
`release-pr` would try to use `cargo-binstall` for installing
`cargo-semver-checks` used in `check-semver`, but we did not explicitly
require `taiki-e/install-actions@v2` to install `cargo-binstall`, so
`release-pr` could fallback to `cargo-install` which is just too slow.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
- ci: Check feat powerset of leon & binstalk-downloader in `ci.yml`
- fix leon feature `cli`: Enable dep `miette` in feature `cli`
- fix binstalk-downloader when default feature is disabled and no other
tls related feature is enabled (breaking change due to replace of
`tls::Version` with newtype `TLSVersion`).
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
- Remove trigger on "auto merge" enablement, which is just annoying now with the merge queue and was only ever an additional workaround for the release PRs.
- Always run the PR CIs, don't ignore markdown files. That made it impossible to merge PRs that only touched those files (without bypassing requirements).
for upgrading transitive dependencies.
While dependabot is great, it opens one PR for each of these transitive
dependencies, which makes merging harder:
- have to approve every PR
- have to click merge when ci is done
it also creates merge queue runs and commits to main, thus creates a lot
of unused caches and unnecessary CI runs.
This PR creates `upgrade-transitive-deps.yml` that creates one PR for
all transitive change per-day.
It also configures dependabot to only `increase-if-necessary`, same as
library crates.
Since we have several library crates in our workspace, this would mean
that we would have less unnecessary deps bump on these library crates.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Fixed#1038
sccache is not very effective at caching dependencies, the external
C/C++ is recompiled in every ci and it takes a lot of time.
Compilation of other Rust dependencies also takes quite some time and
sccache is not helping at all, so I decided to switch to
`Swatinem/rust-cache@v2`.
The downside of the new caching method is that a new cache conntaining
part of the `.cargo/` and `target/` will be created whenver
`Cargo.lock`/`Cargo.toml` changes, but it can still reuse the old cache
to create new caching.
This is acceptable given that `sccache` often fails to reuse
cache due to rate limiting from GHA, since it is not designed for use
like a s3 object pool, and `sccache` will create a lot of new cache
artifacts for a given branch that cannot be reused in main and would
have to cleanup via a cronjob.
Edit:
rust 1.70 uses llvm 16.0, however ubuntu-latest still uses llvm 15.0
As such, during release-build, cross-lang-lto failed due to llvm is too
old.
Temporarily disable linker-plugin-lto to fix this.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
`cargo-test` cannot share its artifacts with `cargo-build` and vice
versa, plus running `e2e-tests` in release build is enough to find out
potential miscompilation.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
`leon_macros::template!` can parse template at compile-time.
It accepts a utf-8 string literal and uses `leon` internally to parse it, then generate code that evaluates to `Template<'static>`.
- Exclude fuzz from crate leon when publishing
- Impl fn-like proc-macro `leon_macros::template!`
- Add dep `leon-macros` to binstalk
- Use `leon_macros::template!` in `binstalk::fetchers::gh_crate_meta::hosting`
- Add doc for `leon-macros` in `leon`
- Improve `std::fmt::Display` impl for `leon::ParseError`
- Fixed broken infra link in leon
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Since it is run on PR anyway, we should also run it on main just in case
it fails, i.e. merging of PRs without rebasing against main to test out
latest changes.
It will now also be run on draft PR so that they can test out the
changes and find out bugs before making it ready to review.
This change will also increase cache hits on PR, thus speeding up the CI.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Avoid checking dev-deps for jobs `*-check` and lint in workflow `ci.yml`
We just want to make sure cargo-binstall can compile for the target, we
don't want to pull in the extra dependencies.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Speedup ci.yml: Do not run tests on x86_64-unknown-linux-musl
Since we already run test on x86_64-unknown-linux-musl in
release-build.yml and x86_64-unknown-linux-musl is almost identical to
x86_64-unknown-linux-gnu except for the libc, there's no need to run the
tests in ci.yml
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Since release build enables a lot of optimization, disable debug assert
and possibly change the code to be run, it's better to run the tests
again.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Remove `mozilla-actions/sccache-action@v0.0.2` and instead use `taiki-ie/install-action` to install `sccache`, since we already use `taiki-e/install-action` for installing crates.
This PR also refactor just-setup.yml and use pass `GITHUB_TOKEN` to `taiki-e/install-action` which uses `cargo-binstall` for installing `cargo-auditable` and `sccache`.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
since cache-cleanup will issue a lot of gh api requests, running the
workflow right after the PRs would cause the GH API to rate limit all
workflows (including our CI for testing and release) that they can no
longer upload artifacts and `cargo-binstall` would have to fallback to
sending GET requests instead of using GH API, which makes it a lot
slower and more likely to fail.
This PR changes it to be run at 3am and 4:30am AEST which nobody would submit
any PR at that time and then remove all caches of the top 20 closed prs.
The workflow can also now be triggered manually.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Previously it only removes 30 caches for the PR because gh actions-cache list defaults to only listing 30 cache entries.
In this PR, I changed the limit to the maximum allowed 100 cache entries and I also added a loop to keep getting the next 100 cache entries until there is none.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
