diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 0000000..be1bfdc --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,3 @@ +self-hosted-runner: + labels: + - builder diff --git a/.github/release-please/config.json b/.github/release-please/config.json new file mode 100644 index 0000000..27b4963 --- /dev/null +++ b/.github/release-please/config.json @@ -0,0 +1,36 @@ +{ + "boostrap-sha": "015422efcce41530a6cd84a25091598bc459d2e6", + "release-type": "rust", + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "plugins": [ + { + "type": "cargo-workspace", + "merge": false + }, + { + "type": "linked-versions", + "groupName": "trust-graph, wasm and api", + "components": [ + "trust-graph", + "trust-graph-api", + "trust-graph-wasm" + ] + } + ], + "packages": { + ".": { + "component": "trust-graph" + }, + "aqua": { + "release-type": "node", + "component": "trust-graph-api" + }, + "service": { + "component": "trust-graph-wasm" + }, + "keypair": { + "component": "keypair" + } + } +} diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json new file mode 100644 index 0000000..89a20ba --- /dev/null +++ b/.github/release-please/manifest.json @@ -0,0 +1,6 @@ +{ + ".": "0.3.2", + "aqua": "0.3.2", + "service": "0.3.2", + "keypair": "0.9.0" +} diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..b2910b2 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,38 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + ":semanticCommitTypeAll(chore)" + ], + "enabledManagers": ["cargo", "npm", "github-actions", "pip_requirements"], + "rangeStrategy": "pin", + "schedule": "every weekend", + "packageRules": [ + { + "matchManagers": ["cargo", "npm"], + "matchPackagePatterns": [ + "@fluencelabs/.*", + "fluence-.*", + "marine-.*" + ], + "semanticCommitType": "fix", + "semanticCommitScope": "deps", + "schedule": "at any time" + }, + { + "matchDepTypes": ["devDependencies"], + "prPriority": -1, + "semanticCommitType": "chore", + "semanticCommitScope": "deps" + }, + { + "matchUpdateTypes": ["major"], + "prConcurrentLimit": 1 + }, + { + "matchManagers": ["github-actions"], + "groupName": "all github-actions", + "prPriority": -1 + } + ] +} diff --git a/.github/workflows/changelog_config.json b/.github/workflows/changelog_config.json deleted file mode 100644 index a6cefa7..0000000 --- a/.github/workflows/changelog_config.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "template": "## Changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}\n\n${{UNCATEGORIZED}}", - "pr_template": "- #${{NUMBER}} ${{TITLE}}", - "empty_template": "## No changes since ${{FROM_TAG}}", - "sort": "DESC" -} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..b3374a5 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,35 @@ +name: lint + +on: + pull_request: + types: + - opened + - edited + - synchronize + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + pr: + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + reviewdog: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Lint actions + uses: reviewdog/action-actionlint@v1 + env: + SHELLCHECK_OPTS: "-e SC2086 -e SC2207 -e SC2128" + with: + reporter: github-pr-check + fail_on_error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1381903..82ad6bc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,29 +1,66 @@ -name: "publish-release" +name: "release" on: push: - tags: - - "v*" + branches: + - "master" + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" jobs: - release: - name: "Publish" - runs-on: builder + release-please: + runs-on: ubuntu-latest + + outputs: + releases-created: ${{ steps.release.outputs['releases_created'] }} + trust-graph-api-release-created: ${{ steps.release.outputs['aqua--release-created'] }} + trust-graph-release-created: ${{ steps.release.outputs['release-created'] }} + trust-graph-tag-name: ${{ steps.release.outputs['tag_name'] }} steps: -### Setup - - name: Checkout repository + - name: Run release-please + id: release + uses: google-github-actions/release-please-action@v3 + with: + token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} + command: manifest + config-file: .github/release-please/config.json + manifest-file: .github/release-please/manifest.json + + - name: Show output from release-please + if: steps.release.outputs.releases_created + env: + RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }} + run: echo "${RELEASE_PLEASE_OUTPUT}" | jq + + publish: + runs-on: builder + + needs: release-please + if: needs.release-please.outputs.releases-created + + permissions: + contents: write + id-token: write + + steps: + - name: Checkout uses: actions/checkout@v3 - - name: Set env - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - - uses: actions/setup-node@v3 + - name: Import secrets + uses: hashicorp/vault-action@v2.4.3 with: - node-version: "15" - registry-url: "https://registry.npmjs.org" - cache: npm - cache-dependency-path: "aqua/package-lock.json" + url: https://vault.fluence.dev + path: jwt/github + role: ci + method: jwt + jwtGithubAudience: "https://github.com/fluencelabs" + jwtTtl: 300 + exportToken: false + secrets: | + kv/npmjs/fluencebot token | NODE_AUTH_TOKEN ; + kv/crates.io/fluencebot token | CARGO_REGISTRY_TOKEN - name: Setup Rust toolchain uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -33,101 +70,122 @@ jobs: with: crate: marine - - name: Build trust-graph - working-directory: ./service + - name: Build run: ./build.sh + working-directory: service - - name: Check Aqua compiles - working-directory: ./aqua - run: | - npm i - npm run build - - - name: Create distribution package - run: | - ./builtin-package/package.sh - - - name: Build Changelog - id: changelog - uses: mikepenz/release-changelog-builder-action@v1 + - name: Install cargo-workspaces + uses: baptiste0928/cargo-install@v1.3.0 with: - configuration: ".github/workflows/changelog_config.json" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + crate: cargo-workspaces -### Publish - - name: Release to GitHub - id: release + - name: Publish to crates.io + run: | + cargo ws publish \ + --no-git-commit \ + --allow-dirty \ + --from-git \ + --skip-published \ + --yes + + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: "16" + registry-url: "https://registry.npmjs.org" + cache-dependency-path: "aqua/package-lock.json" + cache: "npm" + + - run: npm i + working-directory: aqua + + - run: npm run build + working-directory: aqua + + - name: Publish to NPM registry + if: needs.release-please.outputs.trust-graph-api-release-created + run: npm publish --access public + working-directory: aqua + + - name: Create builtin distribution package + if: needs.release-please.outputs.trust-graph-release-created + run: ./builtin-package/package.sh + + - name: Calculate SHA256 + if: needs.release-please.outputs.trust-graph-release-created + id: sha + run: | + # Calculate sha256 + du -hs trust-graph.tar.gz + sha256sum trust-graph.tar.gz + sha=($(sha256sum trust-graph.tar.gz)) + echo "sha256=${sha}" >> $GITHUB_OUTPUT + + - name: Upload trust-graph package + if: needs.release-please.outputs.trust-graph-release-created uses: softprops/action-gh-release@v1 with: - name: trust-graph ${{ env.RELEASE_VERSION }} - tag_name: ${{ env.RELEASE_VERSION }} - files: | - ./trust-graph.tar.gz - body: ${{steps.changelog.outputs.changelog}} - draft: false - prerelease: false - fail_on_unmatched_files: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - ### Publish Aqua API - - name: Publish Aqua API to NPM - run: | - npm version ${{ env.RELEASE_VERSION }} - npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - working-directory: ./aqua - -## Update node-distro repo - - name: Calculate SHA256 - run: | - du -hs trust-graph.tar.gz - echo $(sha256sum trust-graph.tar.gz) - echo "SHA256=$(sha256sum trust-graph.tar.gz | awk '{ print $1 }')" >> $GITHUB_ENV - - - name: Get tar.gz URL - id: package-url - uses: actions/github-script@v4 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - result-encoding: string - script: | - try { - let assets = await github.repos.listReleaseAssets({ - owner: context.repo.owner, - repo: context.repo.repo, - release_id: "${{ steps.release.outputs.id }}", - }); - console.dir(assets); - let package = assets.data.find((a) => a.name === 'trust-graph.tar.gz'); - let url = package.browser_download_url; - console.log("URL: " + url); - return url; - } catch (e) { - console.log("Err: " + e); - throw e; - } + files: trust-graph.tar.gz + tag_name: ${{ needs.release-please.outputs.trust-graph-tag-name }} - name: Update version in node-distro repo + if: needs.release-please.outputs.trust-graph-release-created uses: benc-uk/workflow-dispatch@v1 with: workflow: update_service repo: fluencelabs/node-distro - ref: 'main' + ref: "main" token: ${{ secrets.PERSONAL_TOKEN }} inputs: '{ "name": "trust-graph", - "version": "${{ env.RELEASE_VERSION }}", - "url": "${{ steps.package-url.outputs.result }}", - "sha256": "${{ env.SHA256 }}" + "version": "${{ needs.release-please.outputs.version }}", + "url": "https://github.com/fluencelabs/trust-graph/releases/download/${{ needs.release-please.outputs.trust-graph-tag-name }}/trust-graph.tar.gz", + "sha256": "${{ steps.sha.outputs.sha256 }}" }' - - name: Log notice - uses: actions/github-script@v4 + slack: + if: always() + name: "Notify" + runs-on: ubuntu-latest + + needs: + - release-please + - publish + + permissions: + contents: read + id-token: write + + steps: + - uses: lwhiteley/dependent-jobs-result-check@v1 + id: status with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - console.dir(core); - core.info("trust-graph was updated to ${{ env.RELEASE_VERSION }} in node-distro repo"); + statuses: failure + dependencies: ${{ toJSON(needs) }} + + - name: Log output + run: | + echo "statuses:" "${{ steps.status.outputs.statuses }}" + echo "jobs:" "${{ steps.status.outputs.jobs }}" + echo "found any?:" "${{ steps.status.outputs.found }}" + + - name: Import secrets + uses: hashicorp/vault-action@v2.4.3 + with: + url: https://vault.fluence.dev + path: jwt/github + role: ci + method: jwt + jwtGithubAudience: "https://github.com/fluencelabs" + jwtTtl: 300 + exportToken: false + secrets: | + kv/slack/release-please webhook | SLACK_WEBHOOK_URL + + - uses: ravsamhq/notify-slack-action@v2 + if: steps.status.outputs.found == 'true' + with: + status: "failure" + notification_title: "*{workflow}* has {status_message}" + message_format: "${{ steps.status.outputs.jobs }} {status_message} in <{repo_url}|{repo}>" + footer: "<{run_url}>" diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml deleted file mode 100644 index 4f26d22..0000000 --- a/.github/workflows/tag.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: "tag" - -on: - workflow_dispatch: - -jobs: - tag: - name: "Tag" - runs-on: "ubuntu-latest" - - steps: - - uses: actions/checkout@v2 - - - name: Get branch - run: | - BRANCH=${GITHUB_REF#refs/*/} - SANITIZED=$(echo "$BRANCH" | sed -e 's/[^a-zA-Z0-9-]/-/g') - echo "BRANCH=$SANITIZED" >> $GITHUB_ENV - - - name: Bump version and push tag - id: tag_version - uses: mathieudutour/github-tag-action@v5.5 - with: - append_to_pre_release_tag: ${{ env.BRANCH }} - github_token: ${{ secrets.PERSONAL_TOKEN }}