feat(cawg_identity): Introduce IdentityAssertionSigner
(#827)
#1823
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Nightly branch | |
on: | |
workflow_dispatch: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- edited | |
push: | |
branches: | |
- main | |
schedule: | |
- cron: "0 5 * * *" # 0500 UTC every day | |
jobs: | |
# Create snapshot of latest main or release branch for nightly build | |
nightly-snapshot: | |
name: Update nightly branch | |
if: | | |
github.event_name != 'pull_request' || | |
github.event.pull_request.author_association == 'COLLABORATOR' || | |
github.event.pull_request.author_association == 'MEMBER' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.RELEASE_PLZ_TOKEN }} | |
- name: Choose base commit for nightly snapshot | |
id: choose-base | |
env: | |
GH_EVENT_NAME: ${{ github.event_name }} | |
run: | | |
echo "Event triggered by $GH_EVENT_NAME" | |
echo | |
echo "Listing branches on remote" | |
echo | |
git --no-pager branch --remote | sed 's|origin/||' | |
echo | |
git checkout -b nightly --track origin/nightly | |
OLD_BASE_COMMIT=$(git log nightly --skip=1 -n 1 --format=%H) | |
echo "Nightly commit ID is $OLD_BASE_COMMIT" | |
LATEST_RELEASE_PLZ=$(git --no-pager branch --format="%(refname:short)" --remote | | |
sed 's|origin/||' | | |
grep -E '^release-plz-20' | | |
sort -r | | |
head -n 1) | |
if [ -z "$LATEST_RELEASE_PLZ" ]; then | |
echo "No release-plz branch; using main" | |
if git show-ref --verify --quiet refs/heads/main; then | |
echo "Branch 'main' already exists locally" | |
git checkout main; | |
else | |
git checkout -b main --track origin/main; | |
fi | |
BASE_BRANCH=main; | |
else | |
echo "Found RP branch $LATEST_RELEASE_PLZ; comparing against main" | |
git checkout -b "$LATEST_RELEASE_PLZ" --track "origin/$LATEST_RELEASE_PLZ" | |
if git show-ref --verify --quiet refs/heads/main; then | |
echo "Branch 'main' already exists locally" | |
git checkout main; | |
else | |
git checkout -b main --track origin/main; | |
fi | |
export RP_TS=$(git log -1 --format=%cd --date=iso-strict $LATEST_RELEASE_PLZ) | |
export MAIN_TS=$(git log -1 --format=%cd --date=iso-strict main) | |
echo "Branch $LATEST_RELEASE_PLZ updated at $RP_TS" | |
echo "Branch main updated at $MAIN_TS" | |
if [[ "$RP_TS" > "$MAIN_TS" ]]; then | |
git checkout $LATEST_RELEASE_PLZ | |
BASE_BRANCH=$LATEST_RELEASE_PLZ; | |
else | |
git checkout main | |
BASE_BRANCH=main; | |
fi | |
fi | |
NEW_BASE_COMMIT=$(git log $BASE_BRANCH -n 1 --format=%H) | |
echo "Choosing base branch $BASE_BRANCH because it's newer" | |
echo "$BASE_BRANCH commit ID is $NEW_BASE_COMMIT" | |
if [[ "$OLD_BASE_COMMIT" == "$NEW_BASE_COMMIT" && "$GH_EVENT_NAME" == "pull_request" ]]; then | |
echo "Nightly already points to same base; leave unchanged"; | |
echo "base-commit=skip" >> "$GITHUB_OUTPUT" | |
exit 0 | |
elif [[ "$GH_EVENT_NAME" == "push" ]]; then | |
LATEST_TAG=$(git describe --tags --abbrev=0) | |
echo Looking for non-chore commits since last tag | |
echo | |
git --no-pager log --pretty=format:"%s" $LATEST_TAG..HEAD | grep -v "^chore" | |
if [ $? -eq 0 ]; then | |
echo | |
echo "Found non-chore commits; expecting release-plz to create a new release branch." | |
echo "base-commit=skip" >> "$GITHUB_OUTPUT" | |
exit 0 | |
else | |
echo "Push to main, but there are only chore commits since last tag." | |
echo "Not expecting a new release branch" | |
echo; | |
fi | |
fi | |
echo "Updating nightly base"; | |
echo "base-commit=$NEW_BASE_COMMIT" >> "$GITHUB_OUTPUT" | |
- name: Install Rust toolchain | |
if: ${{ steps.choose-base.outputs.base-commit != 'skip' }} | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
components: cargo | |
- name: Add -nightly+(date)-(commit ID) prefix to crate versions | |
id: set-nightly-version | |
if: ${{ steps.choose-base.outputs.base-commit != 'skip' }} | |
run: | | |
echo Force updating nightly branch to point to base branch | |
git branch -f nightly | |
export NIGHTLY_SUFFIX=$(echo -nightly+`date +%F`-`git rev-parse --short HEAD`) | |
echo Will add nightly suffix $NIGHTLY_SUFFIX | |
sed -i "s/^version = \"\\(.*\\)\"/version = \"\\1$NIGHTLY_SUFFIX\"/" sdk/Cargo.toml | |
sed -i "s/path = \"..\/sdk\", version = \"\\(.*\\)\"/path = \"..\/sdk\", version = \"\\1$NIGHTLY_SUFFIX\"/" cawg_identity/Cargo.toml | |
sed -i "s/path = \"..\/sdk\", version = \"\\(.*\\)\"/path = \"..\/sdk\", version = \"\\1$NIGHTLY_SUFFIX\"/" cli/Cargo.toml | |
cargo update -w | |
git add Cargo.lock | |
find . -name 'Cargo.toml' | xargs git add | |
echo | |
echo Proposed changes: | |
git status | |
git diff | |
- name: Commit Cargo.toml and Cargo.lock | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
id: commit | |
if: ${{ steps.choose-base.outputs.base-commit != 'skip' }} | |
with: | |
branch: nightly | |
push_options: '--force' | |
commit_message: Prepare nightly release | |
commit_user_name: Adobe CAI Team | |
commit_user_email: [email protected] | |
create_branch: true | |
# ---- TO DO: Figure out how to run this job but only when nightly-snapshot changes the branch. ---- | |
# publish-nightly-binaries: | |
# name: Publish c2patool nightly binaries | |
# runs-on: ${{ matrix.os }} | |
# needs: nightly-snapshot | |
# strategy: | |
# fail-fast: false | |
# matrix: | |
# os: [windows-latest, macos-latest, ubuntu-latest] | |
# include: | |
# - os: macos-latest | |
# artifact_name: c2patool_mac_universal.zip | |
# - os: ubuntu-latest | |
# artifact_name: c2patool_linux_intel.tar.gz | |
# - os: windows-latest | |
# artifact_name: c2patool_win_intel.zip | |
# steps: | |
# - name: Checkout repository | |
# uses: actions/checkout@v4 | |
# with: | |
# ref: nightly | |
# - name: Install Rust toolchain | |
# uses: dtolnay/rust-toolchain@stable | |
# - name: Cache Rust dependencies | |
# uses: Swatinem/rust-cache@v2 | |
# - name: Run cargo check | |
# run: cd cli && cargo check | |
# - name: Run cargo test --all | |
# run: cd cli && cargo test --all | |
# - name: Build nightly release artifacts | |
# run: cd cli && make release | |
# - name: Upload build as artifact | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# path: target/${{ matrix.artifact_name }} | |
# name: ${{ matrix.artifact_name }} | |
# retention-days: 15 | |
# if-no-files-found: error |