Skip to content

feat(cawg_identity): Introduce IdentityAssertionSigner (#827) #1823

feat(cawg_identity): Introduce IdentityAssertionSigner (#827)

feat(cawg_identity): Introduce IdentityAssertionSigner (#827) #1823

Workflow file for this run

name: Nightly branch
on:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
- reopened
- edited
push:
branches:
- main
schedule:
- cron: "0 5 * * *" # 0500 UTC every day
jobs:
# Create snapshot of latest main or release branch for nightly build
nightly-snapshot:
name: Update nightly branch
if: |
github.event_name != 'pull_request' ||
github.event.pull_request.author_association == 'COLLABORATOR' ||
github.event.pull_request.author_association == 'MEMBER'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.RELEASE_PLZ_TOKEN }}
- name: Choose base commit for nightly snapshot
id: choose-base
env:
GH_EVENT_NAME: ${{ github.event_name }}
run: |
echo "Event triggered by $GH_EVENT_NAME"
echo
echo "Listing branches on remote"
echo
git --no-pager branch --remote | sed 's|origin/||'
echo
git checkout -b nightly --track origin/nightly
OLD_BASE_COMMIT=$(git log nightly --skip=1 -n 1 --format=%H)
echo "Nightly commit ID is $OLD_BASE_COMMIT"
LATEST_RELEASE_PLZ=$(git --no-pager branch --format="%(refname:short)" --remote |
sed 's|origin/||' |
grep -E '^release-plz-20' |
sort -r |
head -n 1)
if [ -z "$LATEST_RELEASE_PLZ" ]; then
echo "No release-plz branch; using main"
if git show-ref --verify --quiet refs/heads/main; then
echo "Branch 'main' already exists locally"
git checkout main;
else
git checkout -b main --track origin/main;
fi
BASE_BRANCH=main;
else
echo "Found RP branch $LATEST_RELEASE_PLZ; comparing against main"
git checkout -b "$LATEST_RELEASE_PLZ" --track "origin/$LATEST_RELEASE_PLZ"
if git show-ref --verify --quiet refs/heads/main; then
echo "Branch 'main' already exists locally"
git checkout main;
else
git checkout -b main --track origin/main;
fi
export RP_TS=$(git log -1 --format=%cd --date=iso-strict $LATEST_RELEASE_PLZ)
export MAIN_TS=$(git log -1 --format=%cd --date=iso-strict main)
echo "Branch $LATEST_RELEASE_PLZ updated at $RP_TS"
echo "Branch main updated at $MAIN_TS"
if [[ "$RP_TS" > "$MAIN_TS" ]]; then
git checkout $LATEST_RELEASE_PLZ
BASE_BRANCH=$LATEST_RELEASE_PLZ;
else
git checkout main
BASE_BRANCH=main;
fi
fi
NEW_BASE_COMMIT=$(git log $BASE_BRANCH -n 1 --format=%H)
echo "Choosing base branch $BASE_BRANCH because it's newer"
echo "$BASE_BRANCH commit ID is $NEW_BASE_COMMIT"
if [[ "$OLD_BASE_COMMIT" == "$NEW_BASE_COMMIT" && "$GH_EVENT_NAME" == "pull_request" ]]; then
echo "Nightly already points to same base; leave unchanged";
echo "base-commit=skip" >> "$GITHUB_OUTPUT"
exit 0
elif [[ "$GH_EVENT_NAME" == "push" ]]; then
LATEST_TAG=$(git describe --tags --abbrev=0)
echo Looking for non-chore commits since last tag
echo
git --no-pager log --pretty=format:"%s" $LATEST_TAG..HEAD | grep -v "^chore"
if [ $? -eq 0 ]; then
echo
echo "Found non-chore commits; expecting release-plz to create a new release branch."
echo "base-commit=skip" >> "$GITHUB_OUTPUT"
exit 0
else
echo "Push to main, but there are only chore commits since last tag."
echo "Not expecting a new release branch"
echo;
fi
fi
echo "Updating nightly base";
echo "base-commit=$NEW_BASE_COMMIT" >> "$GITHUB_OUTPUT"
- name: Install Rust toolchain
if: ${{ steps.choose-base.outputs.base-commit != 'skip' }}
uses: dtolnay/rust-toolchain@stable
with:
components: cargo
- name: Add -nightly+(date)-(commit ID) prefix to crate versions
id: set-nightly-version
if: ${{ steps.choose-base.outputs.base-commit != 'skip' }}
run: |
echo Force updating nightly branch to point to base branch
git branch -f nightly
export NIGHTLY_SUFFIX=$(echo -nightly+`date +%F`-`git rev-parse --short HEAD`)
echo Will add nightly suffix $NIGHTLY_SUFFIX
sed -i "s/^version = \"\\(.*\\)\"/version = \"\\1$NIGHTLY_SUFFIX\"/" sdk/Cargo.toml
sed -i "s/path = \"..\/sdk\", version = \"\\(.*\\)\"/path = \"..\/sdk\", version = \"\\1$NIGHTLY_SUFFIX\"/" cawg_identity/Cargo.toml
sed -i "s/path = \"..\/sdk\", version = \"\\(.*\\)\"/path = \"..\/sdk\", version = \"\\1$NIGHTLY_SUFFIX\"/" cli/Cargo.toml
cargo update -w
git add Cargo.lock
find . -name 'Cargo.toml' | xargs git add
echo
echo Proposed changes:
git status
git diff
- name: Commit Cargo.toml and Cargo.lock
uses: stefanzweifel/git-auto-commit-action@v5
id: commit
if: ${{ steps.choose-base.outputs.base-commit != 'skip' }}
with:
branch: nightly
push_options: '--force'
commit_message: Prepare nightly release
commit_user_name: Adobe CAI Team
commit_user_email: [email protected]
create_branch: true
# ---- TO DO: Figure out how to run this job but only when nightly-snapshot changes the branch. ----
# publish-nightly-binaries:
# name: Publish c2patool nightly binaries
# runs-on: ${{ matrix.os }}
# needs: nightly-snapshot
# strategy:
# fail-fast: false
# matrix:
# os: [windows-latest, macos-latest, ubuntu-latest]
# include:
# - os: macos-latest
# artifact_name: c2patool_mac_universal.zip
# - os: ubuntu-latest
# artifact_name: c2patool_linux_intel.tar.gz
# - os: windows-latest
# artifact_name: c2patool_win_intel.zip
# steps:
# - name: Checkout repository
# uses: actions/checkout@v4
# with:
# ref: nightly
# - name: Install Rust toolchain
# uses: dtolnay/rust-toolchain@stable
# - name: Cache Rust dependencies
# uses: Swatinem/rust-cache@v2
# - name: Run cargo check
# run: cd cli && cargo check
# - name: Run cargo test --all
# run: cd cli && cargo test --all
# - name: Build nightly release artifacts
# run: cd cli && make release
# - name: Upload build as artifact
# uses: actions/upload-artifact@v3
# with:
# path: target/${{ matrix.artifact_name }}
# name: ${{ matrix.artifact_name }}
# retention-days: 15
# if-no-files-found: error