From fd77373ec98274483acbc1f53349880cc7e7d8c7 Mon Sep 17 00:00:00 2001 From: Paul Jolly Date: Fri, 29 Nov 2024 14:35:26 +0000 Subject: [PATCH] internal/ci: re-baseline base from cue-lang/cue@c360ba88 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Noticed in passing as a result of a now defunct CL 1200735, that this CL will supersede. Includes improvements based on CI setup in cue-lang/vscode-cue, where the presence of cue in PATH is assumed. The setup-cue action is used with a "latest" version. This change moves this repo to be based on the CUE Central Registry for the curated GitHub actions schema. Signed-off-by: Paul Jolly Change-Id: I10447b2d13dfdbd1fe067a5462fe59e15b1fae8b Reviewed-on: https://review.gerrithub.io/c/cue-lang/proposal/+/1204957 TryBot-Result: CUEcueckoo Reviewed-by: Daniel Martí --- .../{evict_caches.yml => evict_caches.yaml} | 4 +- ..._to_trybot.yml => push_tip_to_trybot.yaml} | 8 +- .github/workflows/{trybot.yml => trybot.yaml} | 69 +- ...ybot_dispatch.yml => trybot_dispatch.yaml} | 2 +- codereview.cfg | 2 +- cue.mod/module.cue | 5 + .../src/schemas/json/github-workflow.cue | 918 ------------------ .../schemastore/src/schemas/json/workflow.cue | 4 - internal/ci/base/base.cue | 6 +- internal/ci/base/codereview.cue | 2 +- internal/ci/base/gerrithub.cue | 22 +- internal/ci/base/github.cue | 140 +-- internal/ci/base/helpers.cue | 4 +- internal/ci/gen.go | 3 +- internal/ci/github/trybot.cue | 101 +- internal/ci/github/workflows.cue | 6 +- internal/ci/repo/repo.cue | 2 +- internal/ci/vendor/vendor_tool.cue | 50 - 18 files changed, 203 insertions(+), 1145 deletions(-) rename .github/workflows/{evict_caches.yml => evict_caches.yaml} (98%) rename .github/workflows/{push_tip_to_trybot.yml => push_tip_to_trybot.yaml} (100%) rename .github/workflows/{trybot.yml => trybot.yaml} (66%) rename .github/workflows/{trybot_dispatch.yml => trybot_dispatch.yaml} (100%) delete mode 100644 cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue delete mode 100644 cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue delete mode 100644 internal/ci/vendor/vendor_tool.cue diff --git a/.github/workflows/evict_caches.yml b/.github/workflows/evict_caches.yaml similarity index 98% rename from .github/workflows/evict_caches.yml rename to .github/workflows/evict_caches.yaml index 38a8c43..a6082f6 100644 --- a/.github/workflows/evict_caches.yml +++ b/.github/workflows/evict_caches.yaml @@ -89,7 +89,7 @@ jobs: echo Latest commit: $sha echo "Trigger workflow on cue-lang/proposal" - curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/proposal/actions/workflows/trybot.yml/dispatches -d "{\"ref\":\"$j\"}" + curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/proposal/actions/workflows/trybot.yaml/dispatches -d "{\"ref\":\"$j\"}" # Ensure that the trybot repo has the latest commit for # this branch. If the force-push results in a commit @@ -121,7 +121,7 @@ jobs: # We are up-to-date, i.e. the push did nothing, hence we need to trigger a workflow_dispatch # in the trybot repo. echo "Trigger workflow on cue-lang/proposal-trybot" - curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/proposal-trybot/actions/workflows/trybot.yml/dispatches -d "{\"ref\":\"$j\"}" + curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/proposal-trybot/actions/workflows/trybot.yaml/dispatches -d "{\"ref\":\"$j\"}" else echo "Force-push to cue-lang/proposal-trybot did work; nothing to do" fi diff --git a/.github/workflows/push_tip_to_trybot.yml b/.github/workflows/push_tip_to_trybot.yaml similarity index 100% rename from .github/workflows/push_tip_to_trybot.yml rename to .github/workflows/push_tip_to_trybot.yaml index 4c8bed0..b605a1d 100644 --- a/.github/workflows/push_tip_to_trybot.yml +++ b/.github/workflows/push_tip_to_trybot.yaml @@ -9,10 +9,6 @@ concurrency: push_tip_to_trybot jobs: push: runs-on: ubuntu-22.04 - defaults: - run: - shell: bash - if: ${{github.repository == 'cue-lang/proposal'}} steps: - name: Write netrc file for cueckoo Gerrithub run: |- @@ -48,3 +44,7 @@ jobs: echo "Giving up" exit 1 fi + defaults: + run: + shell: bash + if: ${{github.repository == 'cue-lang/proposal'}} diff --git a/.github/workflows/trybot.yml b/.github/workflows/trybot.yaml similarity index 66% rename from .github/workflows/trybot.yml rename to .github/workflows/trybot.yaml index aa26a54..a6e8b87 100644 --- a/.github/workflows/trybot.yml +++ b/.github/workflows/trybot.yaml @@ -6,18 +6,18 @@ name: TryBot branches: - ci/test - main - pull_request: {} workflow_dispatch: {} + pull_request: {} jobs: test: runs-on: ubuntu-22.04 - defaults: - run: - shell: bash if: |- (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"trybot"')) || ! (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"')) + defaults: + run: + shell: bash steps: - name: Checkout code uses: actions/checkout@v4 @@ -57,7 +57,13 @@ jobs: uses: actions/setup-go@v5 with: cache: false - go-version: 1.20.x + go-version: 1.23.x + - name: Set common go env vars + run: |- + go env -w GOTOOLCHAIN=local + + # Dump env for good measure + go env - id: go-mod-cache-dir name: Get go mod cache directory run: echo "dir=$(go env GOMODCACHE)" >> ${GITHUB_OUTPUT} @@ -72,8 +78,8 @@ jobs: path: |- ${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download ${{ steps.go-cache-dir.outputs.dir }} - key: ${{ runner.os }}-1.20.x-${{ github.run_id }} - restore-keys: ${{ runner.os }}-1.20.x + key: ${{ runner.os }}-1.23.x-${{ github.run_id }} + restore-keys: ${{ runner.os }}-1.23.x - if: |- ! (((github.ref == 'refs/heads/main') && (! (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test')) @@ -82,50 +88,21 @@ jobs: path: |- ${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download ${{ steps.go-cache-dir.outputs.dir }} - key: ${{ runner.os }}-1.20.x-${{ github.run_id }} - restore-keys: ${{ runner.os }}-1.20.x + key: ${{ runner.os }}-1.23.x-${{ github.run_id }} + restore-keys: ${{ runner.os }}-1.23.x - if: |- github.repository == 'cue-lang/proposal' && (((github.ref == 'refs/heads/main') && (! (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"')))) || github.ref == 'refs/heads/ci/test') run: go clean -testcache + - name: Install CUE + uses: cue-lang/setup-cue@v1.0.1 + with: + version: latest - name: Early git and code sanity checks - run: |- - # Ensure that commit messages have a blank second line. - # We know that a commit message must be longer than a single - # line because each commit must be signed-off. - if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then - echo "second line of commit message must be blank" - exit 1 - fi - - # All authors, including co-authors, must have a signed-off trailer by email. - # Note that trailers are in the form "Name ", so grab the email with sed. - # For now, we require the sorted lists of author and signer emails to match. - # Note that this also fails if a commit isn't signed-off at all. - # - # In Gerrit we already enable a form of this via https://gerrit-review.googlesource.com/Documentation/project-configuration.html#require-signed-off-by, - # but it does not support co-authors nor can it be used when testing GitHub PRs. - commit_authors="$( - { - git log -1 --pretty='%ae' - git log -1 --pretty='%(trailers:key=Co-authored-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - commit_signers="$( - { - git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - if [[ "${commit_authors}" != "${commit_signers}" ]]; then - echo "Error: commit author email addresses do not match signed-off-by trailers" - echo - echo "Authors:" - echo "${commit_authors}" - echo - echo "Signers:" - echo "${commit_signers}" - exit 1 - fi + run: go run cuelang.org/go/internal/ci/checks@v0.11.0-0.dev.0.20240903133435-46fb300df650 + - run: cue login --token=${CUE_TOKEN} + env: + CUE_TOKEN: ${{ secrets.NOTCUECKOO_CUE_TOKEN }} - name: Generate run: go generate ./... - name: Test diff --git a/.github/workflows/trybot_dispatch.yml b/.github/workflows/trybot_dispatch.yaml similarity index 100% rename from .github/workflows/trybot_dispatch.yml rename to .github/workflows/trybot_dispatch.yaml index 98cdff8..9a143d7 100644 --- a/.github/workflows/trybot_dispatch.yml +++ b/.github/workflows/trybot_dispatch.yaml @@ -9,10 +9,10 @@ name: Dispatch trybot jobs: trybot: runs-on: ubuntu-22.04 + if: ${{ ((github.ref == 'refs/heads/ci/test') && false) || github.event.client_payload.type == 'trybot' }} defaults: run: shell: bash - if: ${{ ((github.ref == 'refs/heads/ci/test') && false) || github.event.client_payload.type == 'trybot' }} steps: - name: Write netrc file for cueckoo Gerrithub run: |- diff --git a/codereview.cfg b/codereview.cfg index 2100b8d..79593c7 100644 --- a/codereview.cfg +++ b/codereview.cfg @@ -1,4 +1,4 @@ # Code generated internal/ci/ci_tool.cue; DO NOT EDIT. -github: https://github.com/cue-lang/proposal gerrit: https://review.gerrithub.io/a/cue-lang/proposal +github: https://github.com/cue-lang/proposal diff --git a/cue.mod/module.cue b/cue.mod/module.cue index f22c6b6..7d540bc 100644 --- a/cue.mod/module.cue +++ b/cue.mod/module.cue @@ -1 +1,6 @@ module: "github.com/cue-lang/proposal" +language: version: "v0.8.0" +deps: "github.com/cue-tmp/jsonschema-pub/exp1/githubactions@v0": { + v: "v0.4.0" + default: true +} diff --git a/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue b/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue deleted file mode 100644 index 495ef80..0000000 --- a/cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue +++ /dev/null @@ -1,918 +0,0 @@ -package json - -import "strings" - -#Workflow: { - @jsonschema(schema="http://json-schema.org/draft-07/schema") - - // The name of your workflow. GitHub displays the names of your - // workflows on your repository's actions page. If you omit this - // field, GitHub sets the name to the workflow's filename. - name?: string - - // The name of the GitHub event that triggers the workflow. You - // can provide a single event string, array of events, array of - // event types, or an event configuration map that schedules a - // workflow or restricts the execution of a workflow to specific - // files, tags, or branch changes. For a list of available - // events, see - // https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows. - on: #event | [...#event] & [_, ...] | { - // Runs your workflow anytime the branch_protection_rule event - // occurs. More than one activity type triggers this event. - branch_protection_rule?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] - ... - } - - // Runs your workflow anytime the check_run event occurs. More - // than one activity type triggers this event. For information - // about the REST API, see - // https://developer.github.com/v3/checks/runs. - check_run?: #eventObject & { - types?: #types & [..."created" | "rerequested" | "completed" | "requested_action"] | *["created", "rerequested", "completed", "requested_action"] - ... - } - - // Runs your workflow anytime the check_suite event occurs. More - // than one activity type triggers this event. For information - // about the REST API, see - // https://developer.github.com/v3/checks/suites/. - check_suite?: #eventObject & { - types?: #types & [..."completed" | "requested" | "rerequested"] | *["completed", "requested", "rerequested"] - ... - } - - // Runs your workflow anytime someone creates a branch or tag, - // which triggers the create event. For information about the - // REST API, see - // https://developer.github.com/v3/git/refs/#create-a-reference. - create?: #eventObject - - // Runs your workflow anytime someone deletes a branch or tag, - // which triggers the delete event. For information about the - // REST API, see - // https://developer.github.com/v3/git/refs/#delete-a-reference. - delete?: #eventObject - - // Runs your workflow anytime someone creates a deployment, which - // triggers the deployment event. Deployments created with a - // commit SHA may not have a Git ref. For information about the - // REST API, see - // https://developer.github.com/v3/repos/deployments/. - deployment?: #eventObject - - // Runs your workflow anytime a third party provides a deployment - // status, which triggers the deployment_status event. - // Deployments created with a commit SHA may not have a Git ref. - // For information about the REST API, see - // https://developer.github.com/v3/repos/deployments/#create-a-deployment-status. - deployment_status?: #eventObject - - // Runs your workflow anytime the discussion event occurs. More - // than one activity type triggers this event. For information - // about the GraphQL API, see - // https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions - discussion?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "category_changed" | "answered" | "unanswered"] | *["created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"] - ... - } - - // Runs your workflow anytime the discussion_comment event occurs. - // More than one activity type triggers this event. For - // information about the GraphQL API, see - // https://docs.github.com/en/graphql/guides/using-the-graphql-api-for-discussions - discussion_comment?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] - ... - } - - // Runs your workflow anytime when someone forks a repository, - // which triggers the fork event. For information about the REST - // API, see - // https://developer.github.com/v3/repos/forks/#create-a-fork. - fork?: #eventObject - - // Runs your workflow when someone creates or updates a Wiki page, - // which triggers the gollum event. - gollum?: #eventObject - - // Runs your workflow anytime the issue_comment event occurs. More - // than one activity type triggers this event. For information - // about the REST API, see - // https://developer.github.com/v3/issues/comments/. - issue_comment?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] - ... - } - - // Runs your workflow anytime the issues event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see https://developer.github.com/v3/issues. - issues?: #eventObject & { - types?: #types & [..."opened" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "closed" | "reopened" | "assigned" | "unassigned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "milestoned" | "demilestoned"] | *["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"] - ... - } - - // Runs your workflow anytime the label event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see - // https://developer.github.com/v3/issues/labels/. - label?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] - ... - } - - // Runs your workflow anytime the member event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see - // https://developer.github.com/v3/repos/collaborators/. - member?: #eventObject & { - types?: #types & [..."added" | "edited" | "deleted"] | *["added", "edited", "deleted"] - ... - } - - // Runs your workflow when a pull request is added to a merge - // queue, which adds the pull request to a merge group. For - // information about the merge queue, see - // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request-with-a-merge-queue - // . - merge_group?: #eventObject & { - types?: #types & [..."checks_requested"] | *["checks_requested"] - ... - } - - // Runs your workflow anytime the milestone event occurs. More - // than one activity type triggers this event. For information - // about the REST API, see - // https://developer.github.com/v3/issues/milestones/. - milestone?: #eventObject & { - types?: #types & [..."created" | "closed" | "opened" | "edited" | "deleted"] | *["created", "closed", "opened", "edited", "deleted"] - ... - } - - // Runs your workflow anytime someone pushes to a GitHub - // Pages-enabled branch, which triggers the page_build event. For - // information about the REST API, see - // https://developer.github.com/v3/repos/pages/. - page_build?: #eventObject - - // Runs your workflow anytime the project event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see https://developer.github.com/v3/projects/. - project?: #eventObject & { - types?: #types & [..."created" | "updated" | "closed" | "reopened" | "edited" | "deleted"] | *["created", "updated", "closed", "reopened", "edited", "deleted"] - ... - } - - // Runs your workflow anytime the project_card event occurs. More - // than one activity type triggers this event. For information - // about the REST API, see - // https://developer.github.com/v3/projects/cards. - project_card?: #eventObject & { - types?: #types & [..."created" | "moved" | "converted" | "edited" | "deleted"] | *["created", "moved", "converted", "edited", "deleted"] - ... - } - - // Runs your workflow anytime the project_column event occurs. - // More than one activity type triggers this event. For - // information about the REST API, see - // https://developer.github.com/v3/projects/columns. - project_column?: #eventObject & { - types?: #types & [..."created" | "updated" | "moved" | "deleted"] | *["created", "updated", "moved", "deleted"] - ... - } - - // Runs your workflow anytime someone makes a private repository - // public, which triggers the public event. For information about - // the REST API, see https://developer.github.com/v3/repos/#edit. - public?: #eventObject - - // Runs your workflow anytime the pull_request event occurs. More - // than one activity type triggers this event. For information - // about the REST API, see https://developer.github.com/v3/pulls. - // Note: Workflows do not run on private base repositories when - // you open a pull request from a forked repository. - // When you create a pull request from a forked repository to the - // base repository, GitHub sends the pull_request event to the - // base repository and no pull request events occur on the forked - // repository. - // Workflows don't run on forked repositories by default. You must - // enable GitHub Actions in the Actions tab of the forked - // repository. - // The permissions for the GITHUB_TOKEN in forked repositories is - // read-only. For more information about the GITHUB_TOKEN, see - // https://help.github.com/en/articles/virtual-environments-for-github-actions. - pull_request?: #ref & { - types?: #types & [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "converted_to_draft" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed" | "auto_merge_enabled" | "auto_merge_disabled"] | *["opened", "synchronize", "reopened"] - - {[=~"^(branche|tag|path)s(-ignore)?$" & !~"^(types)$"]: [...]} - } - - // Runs your workflow anytime the pull_request_review event - // occurs. More than one activity type triggers this event. For - // information about the REST API, see - // https://developer.github.com/v3/pulls/reviews. - // Note: Workflows do not run on private base repositories when - // you open a pull request from a forked repository. - // When you create a pull request from a forked repository to the - // base repository, GitHub sends the pull_request event to the - // base repository and no pull request events occur on the forked - // repository. - // Workflows don't run on forked repositories by default. You must - // enable GitHub Actions in the Actions tab of the forked - // repository. - // The permissions for the GITHUB_TOKEN in forked repositories is - // read-only. For more information about the GITHUB_TOKEN, see - // https://help.github.com/en/articles/virtual-environments-for-github-actions. - pull_request_review?: #eventObject & { - types?: #types & [..."submitted" | "edited" | "dismissed"] | *["submitted", "edited", "dismissed"] - ... - } - - // Runs your workflow anytime a comment on a pull request's - // unified diff is modified, which triggers the - // pull_request_review_comment event. More than one activity type - // triggers this event. For information about the REST API, see - // https://developer.github.com/v3/pulls/comments. - // Note: Workflows do not run on private base repositories when - // you open a pull request from a forked repository. - // When you create a pull request from a forked repository to the - // base repository, GitHub sends the pull_request event to the - // base repository and no pull request events occur on the forked - // repository. - // Workflows don't run on forked repositories by default. You must - // enable GitHub Actions in the Actions tab of the forked - // repository. - // The permissions for the GITHUB_TOKEN in forked repositories is - // read-only. For more information about the GITHUB_TOKEN, see - // https://help.github.com/en/articles/virtual-environments-for-github-actions. - pull_request_review_comment?: #eventObject & { - types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"] - ... - } - - // This event is similar to pull_request, except that it runs in - // the context of the base repository of the pull request, rather - // than in the merge commit. This means that you can more safely - // make your secrets available to the workflows triggered by the - // pull request, because only workflows defined in the commit on - // the base repository are run. For example, this event allows - // you to create workflows that label and comment on pull - // requests, based on the contents of the event payload. - pull_request_target?: #ref & { - types?: #types & [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "converted_to_draft" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed" | "auto_merge_enabled" | "auto_merge_disabled"] | *["opened", "synchronize", "reopened"] - - {[=~"^(branche|tag|path)s(-ignore)?$" & !~"^(types)$"]: _} - } - - // Runs your workflow when someone pushes to a repository branch, - // which triggers the push event. - // Note: The webhook payload available to GitHub Actions does not - // include the added, removed, and modified attributes in the - // commit object. You can retrieve the full commit object using - // the REST API. For more information, see - // https://developer.github.com/v3/repos/commits/#get-a-single-commit. - push?: #ref & { - {[=~"^(branche|tag|path)s(-ignore)?$" & !~"^()$"]: [...string]} - } - - // Runs your workflow anytime a package is published or updated. - // For more information, see - // https://help.github.com/en/github/managing-packages-with-github-packages. - registry_package?: #eventObject & { - types?: #types & [..."published" | "updated"] | *["published", "updated"] - ... - } - - // Runs your workflow anytime the release event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see - // https://developer.github.com/v3/repos/releases/ in the GitHub - // Developer documentation. - release?: #eventObject & { - types?: #types & [..."published" | "unpublished" | "created" | "edited" | "deleted" | "prereleased" | "released"] | *["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"] - ... - } - - // Runs your workflow anytime the status of a Git commit changes, - // which triggers the status event. For information about the - // REST API, see https://developer.github.com/v3/repos/statuses/. - status?: #eventObject - - // Runs your workflow anytime the watch event occurs. More than - // one activity type triggers this event. For information about - // the REST API, see - // https://developer.github.com/v3/activity/starring/. - watch?: #eventObject - - // Allows workflows to be reused by other workflows. - workflow_call?: null | bool | number | string | [...] | { - // When using the workflow_call keyword, you can optionally - // specify inputs that are passed to the called workflow from the - // caller workflow. - inputs?: { - {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: { - // A string description of the input parameter. - description?: string - - // A string shown to users using the deprecated input. - deprecationMessage?: string - - // A boolean to indicate whether the action requires the input - // parameter. Set to true when the parameter is required. - required?: bool - - // Required if input is defined for the on.workflow_call keyword. - // The value of this parameter is a string specifying the data - // type of the input. This must be one of: boolean, number, or - // string. - type: "boolean" | "number" | "string" - - // The default value is used when an input parameter isn't - // specified in a workflow file. - default?: bool | number | string - }} - } - - // A map of the secrets that can be used in the called workflow. - // Within the called workflow, you can use the secrets context to - // refer to a secret. - secrets?: null | bool | number | string | [...] | { - {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: null | bool | number | string | [...] | { - // A string description of the secret parameter. - description?: string - - // A boolean specifying whether the secret must be supplied. - required: _ - }} - } - ... - } - - // You can now create workflows that are manually triggered with - // the new workflow_dispatch event. You will then see a 'Run - // workflow' button on the Actions tab, enabling you to easily - // trigger a run. - workflow_dispatch?: null | bool | number | string | [...] | { - // Input parameters allow you to specify data that the action - // expects to use during runtime. GitHub stores input parameters - // as environment variables. Input ids with uppercase letters are - // converted to lowercase during runtime. We recommended using - // lowercase input ids. - inputs?: { - {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: { - // A string description of the input parameter. - description: string - - // A string shown to users using the deprecated input. - deprecationMessage?: string - - // A boolean to indicate whether the action requires the input - // parameter. Set to true when the parameter is required. - required?: bool - - // A string representing the default value. The default value is - // used when an input parameter isn't specified in a workflow - // file. - default?: _ - - // A string representing the type of the input. - type?: "string" | "choice" | "boolean" | "environment" - - // The options of the dropdown list, if the type is a choice. - options?: [...string] & [_, ...] - }} - } - ... - } - - // This event occurs when a workflow run is requested or - // completed, and allows you to execute a workflow based on the - // finished result of another workflow. For example, if your - // pull_request workflow generates build artifacts, you can - // create a new workflow that uses workflow_run to analyze the - // results and add a comment to the original pull request. - workflow_run?: #eventObject & { - types?: #types & [..."requested" | "completed"] | *["requested", "completed"] - workflows?: [...string] & [_, ...] - - {[=~"^branches(-ignore)?$" & !~"^(types|workflows)$"]: _} - ... - } - - // You can use the GitHub API to trigger a webhook event called - // repository_dispatch when you want to trigger a workflow for - // activity that happens outside of GitHub. For more information, - // see - // https://developer.github.com/v3/repos/#create-a-repository-dispatch-event. - // To trigger the custom repository_dispatch webhook event, you - // must send a POST request to a GitHub API endpoint and provide - // an event_type name to describe the activity type. To trigger a - // workflow run, you must also configure your workflow to use the - // repository_dispatch event. - repository_dispatch?: #eventObject - - // You can schedule a workflow to run at specific UTC times using - // POSIX cron syntax - // (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07). - // Scheduled workflows run on the latest commit on the default or - // base branch. The shortest interval you can run scheduled - // workflows is once every 5 minutes. - // Note: GitHub Actions does not support the non-standard syntax - // @yearly, @monthly, @weekly, @daily, @hourly, and @reboot. - // You can use crontab guru (https://crontab.guru/). to help - // generate your cron syntax and confirm what time it will run. - // To help you get started, there is also a list of crontab guru - // examples (https://crontab.guru/examples.html). - schedule?: [...null | bool | number | string | [...] | { - cron?: =~"^(((\\d+,)+\\d+|((\\d+|\\*)/\\d+|((JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(-(JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?))|(\\d+-\\d+)|\\d+|\\*|((MON|TUE|WED|THU|FRI|SAT|SUN)(-(MON|TUE|WED|THU|FRI|SAT|SUN))?)) ?){5}$" - }] & [_, ...] - } - - // A map of environment variables that are available to all jobs - // and steps in the workflow. - env?: #env - - // A map of default settings that will apply to all jobs in the - // workflow. - defaults?: #defaults - - // Concurrency ensures that only a single job or workflow using - // the same concurrency group will run at a time. A concurrency - // group can be any string or expression. The expression can use - // any context except for the secrets context. - // You can also specify concurrency at the workflow level. - // When a concurrent job or workflow is queued, if another job or - // workflow using the same concurrency group in the repository is - // in progress, the queued job or workflow will be pending. Any - // previously pending job or workflow in the concurrency group - // will be canceled. To also cancel any currently running job or - // workflow in the same concurrency group, specify - // cancel-in-progress: true. - concurrency?: string | #concurrency - - // A workflow run is made up of one or more jobs. Jobs run in - // parallel by default. To run jobs sequentially, you can define - // dependencies on other jobs using the jobs..needs - // keyword. - // Each job runs in a fresh instance of the virtual environment - // specified by runs-on. - // You can run an unlimited number of jobs as long as you are - // within the workflow usage limits. For more information, see - // https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits. - jobs: { - {[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: #normalJob | #reusableWorkflowCallJob} - } - - // The name for workflow runs generated from the workflow. GitHub - // displays the workflow run name in the list of workflow runs on - // your repository's 'Actions' tab. - "run-name"?: string - permissions?: #permissions - - #architecture: "ARM32" | "x64" | "x86" - - #branch: #globs - - #concurrency: { - // When a concurrent job or workflow is queued, if another job or - // workflow using the same concurrency group in the repository is - // in progress, the queued job or workflow will be pending. Any - // previously pending job or workflow in the concurrency group - // will be canceled. - group: string - - // To cancel any currently running job or workflow in the same - // concurrency group, specify cancel-in-progress: true. - "cancel-in-progress"?: bool | #expressionSyntax - } - - #configuration: string | number | bool | { - [string]: #configuration - } | [...#configuration] - - #container: { - // The Docker image to use as the container to run the action. The - // value can be the Docker Hub image name or a registry name. - image: string - - // If the image's container registry requires authentication to - // pull the image, you can use credentials to set a map of the - // username and password. The credentials are the same values - // that you would provide to the `docker login` command. - credentials?: { - username?: string - password?: string - ... - } - - // Sets an array of environment variables in the container. - env?: #env - - // Sets an array of ports to expose on the container. - ports?: [...number | string] & [_, ...] - - // Sets an array of volumes for the container to use. You can use - // volumes to share data between services or other steps in a - // job. You can specify named Docker volumes, anonymous Docker - // volumes, or bind mounts on the host. - // To specify a volume, you specify the source and destination - // path: : - // The is a volume name or an absolute path on the host - // machine, and is an absolute path in the - // container. - volumes?: [...=~"^[^:]+:[^:]+$"] & [_, ...] - - // Additional Docker container resource options. For a list of - // options, see - // https://docs.docker.com/engine/reference/commandline/create/#options. - options?: string - } - - #defaults: run?: { - shell?: #shell - "working-directory"?: #["working-directory"] - } - - #permissions: "read-all" | "write-all" | #["permissions-event"] - - #: "permissions-event": { - actions?: #["permissions-level"] - checks?: #["permissions-level"] - contents?: #["permissions-level"] - deployments?: #["permissions-level"] - discussions?: #["permissions-level"] - "id-token"?: #["permissions-level"] - issues?: #["permissions-level"] - packages?: #["permissions-level"] - pages?: #["permissions-level"] - "pull-requests"?: #["permissions-level"] - "repository-projects"?: #["permissions-level"] - "security-events"?: #["permissions-level"] - statuses?: #["permissions-level"] - } - - #: "permissions-level": "read" | "write" | "none" - - #env: { - [string]: bool | number | string - } | #stringContainingExpressionSyntax - - #environment: { - // The name of the environment configured in the repo. - name: string - - // A deployment URL - url?: string - } - - #event: "branch_protection_rule" | "check_run" | "check_suite" | "create" | "delete" | "deployment" | "deployment_status" | "discussion" | "discussion_comment" | "fork" | "gollum" | "issue_comment" | "issues" | "label" | "member" | "milestone" | "page_build" | "project" | "project_card" | "project_column" | "public" | "pull_request" | "pull_request_review" | "pull_request_review_comment" | "pull_request_target" | "push" | "registry_package" | "release" | "status" | "watch" | "workflow_call" | "workflow_dispatch" | "workflow_run" | "repository_dispatch" - - #eventObject: null | { - ... - } - - #expressionSyntax: =~""" - ^\\$\\{\\{(.|[\r - ])*\\}\\}$ - """ - - #stringContainingExpressionSyntax: =~""" - ^.*\\$\\{\\{(.|[\r - ])*\\}\\}.*$ - """ - - #globs: [...strings.MinRunes(1)] & [_, ...] - - #machine: "linux" | "macos" | "windows" - - #name: =~"^[_a-zA-Z][a-zA-Z0-9_-]*$" - - #path: #globs - - #ref: null | { - branches?: #branch - "branches-ignore"?: #branch - tags?: #branch - "tags-ignore"?: #branch - paths?: #path - "paths-ignore"?: #path - ... - } - - #shell: (string | ("bash" | "pwsh" | "python" | "sh" | "cmd" | "powershell")) & string - - #types: [_, ...] - - #: "working-directory": string - - #jobNeeds: [...#name] & [_, ...] | #name - - #reusableWorkflowCallJob: { - // The name of the job displayed on GitHub. - name?: string - needs?: #jobNeeds - permissions?: #["permissions-event"] - - // You can use the if conditional to prevent a job from running - // unless a condition is met. You can use any supported context - // and expression to create a conditional. - // Expressions in an if conditional do not require the ${{ }} - // syntax. For more information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - if?: bool | number | string - - // The location and version of a reusable workflow file to run as - // a job, of the form './{path/to}/{localfile}.yml' or - // '{owner}/{repo}/{path}/{filename}@{ref}'. {ref} can be a SHA, - // a release tag, or a branch name. Using the commit SHA is the - // safest for stability and security. - uses: =~"^(.+/)+(.+)\\.(ya?ml)(@.+)?$" - - // A map of inputs that are passed to the called workflow. Any - // inputs that you pass must match the input specifications - // defined in the called workflow. Unlike - // 'jobs..steps[*].with', the inputs you pass with - // 'jobs..with' are not be available as environment - // variables in the called workflow. Instead, you can reference - // the inputs by using the inputs context. - with?: #env - - // When a job is used to call a reusable workflow, you can use - // 'secrets' to provide a map of secrets that are passed to the - // called workflow. Any secrets that you pass must match the - // names defined in the called workflow. - secrets?: #env | "inherit" - - // A strategy creates a build matrix for your jobs. You can define - // different variations of an environment to run each job in. - strategy?: { - // A build matrix is a set of different configurations of the - // virtual environment. For example you might run a job against - // more than one supported version of a language, operating - // system, or tool. Each configuration is a copy of the job that - // runs and reports a status. - // You can specify a matrix by supplying an array for the - // configuration options. For example, if the GitHub virtual - // environment supports Node.js versions 6, 8, and 10 you could - // specify an array of those versions in the matrix. - // When you define a matrix of operating systems, you must set the - // required runs-on keyword to the operating system of the - // current job, rather than hard-coding the operating system - // name. To access the operating system name, you can use the - // matrix.os context parameter to set runs-on. For more - // information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - matrix: ({ - ... - } | #expressionSyntax) & { - {[=~"^(in|ex)clude$" & !~"^()$"]: [...{ - [string]: #configuration - }] & [_, ...]} - {[!~"^(in|ex)clude$" & !~"^()$"]: [...#configuration] & [_, ...] | #expressionSyntax} - } - - // When set to true, GitHub cancels all in-progress jobs if any - // matrix job fails. Default: true - "fail-fast"?: bool | *true - - // The maximum number of jobs that can run simultaneously when - // using a matrix job strategy. By default, GitHub will maximize - // the number of jobs run in parallel depending on the available - // runners on GitHub-hosted virtual machines. - "max-parallel"?: number - } - - // Concurrency ensures that only a single job or workflow using - // the same concurrency group will run at a time. A concurrency - // group can be any string or expression. The expression can use - // any context except for the secrets context. - // You can also specify concurrency at the workflow level. - // When a concurrent job or workflow is queued, if another job or - // workflow using the same concurrency group in the repository is - // in progress, the queued job or workflow will be pending. Any - // previously pending job or workflow in the concurrency group - // will be canceled. To also cancel any currently running job or - // workflow in the same concurrency group, specify - // cancel-in-progress: true. - concurrency?: string | #concurrency - } - - #normalJob: { - // The name of the job displayed on GitHub. - name?: string - needs?: #jobNeeds - permissions?: #permissions - - // The type of machine to run the job on. The machine can be - // either a GitHub-hosted runner, or a self-hosted runner. - "runs-on": "macos-10.15" | "macos-11" | "macos-12" | "macos-latest" | "self-hosted" | "ubuntu-18.04" | "ubuntu-20.04" | "ubuntu-22.04" | "ubuntu-latest" | "windows-2019" | "windows-2022" | "windows-latest" | (["self-hosted", ...string] & [_, ...] | ["self-hosted", #machine, ...string] & [_, _, ...] | ["self-hosted", #architecture, ...string] & [_, _, ...] | ["self-hosted", #machine, #architecture, ...string] & [_, _, _, ...] | ["self-hosted", #architecture, #machine, ...string] & [_, _, _, ...]) & [...] | #stringContainingExpressionSyntax - - // The environment that the job references. - environment?: string | #environment - - // A map of outputs for a job. Job outputs are available to all - // downstream jobs that depend on this job. - outputs?: { - [string]: string - } - - // A map of environment variables that are available to all steps - // in the job. - env?: #env - - // A map of default settings that will apply to all steps in the - // job. - defaults?: #defaults - - // You can use the if conditional to prevent a job from running - // unless a condition is met. You can use any supported context - // and expression to create a conditional. - // Expressions in an if conditional do not require the ${{ }} - // syntax. For more information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - if?: bool | number | string - - // A job contains a sequence of tasks called steps. Steps can run - // commands, run setup tasks, or run an action in your - // repository, a public repository, or an action published in a - // Docker registry. Not all steps run actions, but all actions - // run as a step. Each step runs in its own process in the - // virtual environment and has access to the workspace and - // filesystem. Because steps run in their own process, changes to - // environment variables are not preserved between steps. GitHub - // provides built-in steps to set up and complete a job. - steps?: [...{ - // A unique identifier for the step. You can use the id to - // reference the step in contexts. For more information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - id?: string - - // You can use the if conditional to prevent a step from running - // unless a condition is met. You can use any supported context - // and expression to create a conditional. - // Expressions in an if conditional do not require the ${{ }} - // syntax. For more information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - if?: bool | number | string - - // A name for your step to display on GitHub. - name?: string - - // Selects an action to run as part of a step in your job. An - // action is a reusable unit of code. You can use an action - // defined in the same repository as the workflow, a public - // repository, or in a published Docker container image - // (https://hub.docker.com/). - // We strongly recommend that you include the version of the - // action you are using by specifying a Git ref, SHA, or Docker - // tag number. If you don't specify a version, it could break - // your workflows or cause unexpected behavior when the action - // owner publishes an update. - // - Using the commit SHA of a released action version is the - // safest for stability and security. - // - Using the specific major action version allows you to receive - // critical fixes and security patches while still maintaining - // compatibility. It also assures that your workflow should still - // work. - // - Using the master branch of an action may be convenient, but - // if someone releases a new major version with a breaking - // change, your workflow could break. - // Some actions require inputs that you must set using the with - // keyword. Review the action's README file to determine the - // inputs required. - // Actions are either JavaScript files or Docker containers. If - // the action you're using is a Docker container you must run the - // job in a Linux virtual environment. For more details, see - // https://help.github.com/en/articles/virtual-environments-for-github-actions. - uses?: string - - // Runs command-line programs using the operating system's shell. - // If you do not provide a name, the step name will default to - // the text specified in the run command. - // Commands run using non-login shells by default. You can choose - // a different shell and customize the shell used to run - // commands. For more information, see - // https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#using-a-specific-shell. - // Each run keyword represents a new process and shell in the - // virtual environment. When you provide multi-line commands, - // each line runs in the same shell. - run?: string - "working-directory"?: #["working-directory"] - shell?: #shell - - // A map of the input parameters defined by the action. Each input - // parameter is a key/value pair. Input parameters are set as - // environment variables. The variable is prefixed with INPUT_ - // and converted to upper case. - with?: #env & { - args?: string - entrypoint?: string - ... - } - - // Sets environment variables for steps to use in the virtual - // environment. You can also set environment variables for the - // entire workflow or a job. - env?: #env - - // Prevents a job from failing when a step fails. Set to true to - // allow a job to pass when this step fails. - "continue-on-error"?: bool | #expressionSyntax | *false - - // The maximum number of minutes to run the step before killing - // the process. - "timeout-minutes"?: number - }] & [_, ...] - - // The maximum number of minutes to let a workflow run before - // GitHub automatically cancels it. Default: 360 - "timeout-minutes"?: number | *360 - - // A strategy creates a build matrix for your jobs. You can define - // different variations of an environment to run each job in. - strategy?: { - // A build matrix is a set of different configurations of the - // virtual environment. For example you might run a job against - // more than one supported version of a language, operating - // system, or tool. Each configuration is a copy of the job that - // runs and reports a status. - // You can specify a matrix by supplying an array for the - // configuration options. For example, if the GitHub virtual - // environment supports Node.js versions 6, 8, and 10 you could - // specify an array of those versions in the matrix. - // When you define a matrix of operating systems, you must set the - // required runs-on keyword to the operating system of the - // current job, rather than hard-coding the operating system - // name. To access the operating system name, you can use the - // matrix.os context parameter to set runs-on. For more - // information, see - // https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions. - matrix: ({ - ... - } | #expressionSyntax) & { - {[=~"^(in|ex)clude$" & !~"^()$"]: [...{ - [string]: #configuration - }] & [_, ...]} - {[!~"^(in|ex)clude$" & !~"^()$"]: [...#configuration] & [_, ...] | #expressionSyntax} - } - - // When set to true, GitHub cancels all in-progress jobs if any - // matrix job fails. Default: true - "fail-fast"?: bool | *true - - // The maximum number of jobs that can run simultaneously when - // using a matrix job strategy. By default, GitHub will maximize - // the number of jobs run in parallel depending on the available - // runners on GitHub-hosted virtual machines. - "max-parallel"?: number - } - - // Prevents a workflow run from failing when a job fails. Set to - // true to allow a workflow run to pass when this job fails. - "continue-on-error"?: bool | #expressionSyntax - - // A container to run any steps in a job that don't already - // specify a container. If you have steps that use both script - // and container actions, the container actions will run as - // sibling containers on the same network with the same volume - // mounts. - // If you do not set a container, all steps will run directly on - // the host specified by runs-on unless a step refers to an - // action configured to run in a container. - container?: string | #container - - // Additional containers to host services for a job in a workflow. - // These are useful for creating databases or cache services like - // redis. The runner on the virtual machine will automatically - // create a network and manage the life cycle of the service - // containers. - // When you use a service container for a job or your step uses - // container actions, you don't need to set port information to - // access the service. Docker automatically exposes all ports - // between containers on the same network. - // When both the job and the action run in a container, you can - // directly reference the container by its hostname. The hostname - // is automatically mapped to the service name. - // When a step does not use a container action, you must access - // the service using localhost and bind the ports. - services?: { - [string]: #container - } - - // Concurrency ensures that only a single job or workflow using - // the same concurrency group will run at a time. A concurrency - // group can be any string or expression. The expression can use - // any context except for the secrets context. - // You can also specify concurrency at the workflow level. - // When a concurrent job or workflow is queued, if another job or - // workflow using the same concurrency group in the repository is - // in progress, the queued job or workflow will be pending. Any - // previously pending job or workflow in the concurrency group - // will be canceled. To also cancel any currently running job or - // workflow in the same concurrency group, specify - // cancel-in-progress: true. - concurrency?: string | #concurrency - } -} diff --git a/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue b/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue deleted file mode 100644 index 34711ce..0000000 --- a/cue.mod/usr/github.com/SchemaStore/schemastore/src/schemas/json/workflow.cue +++ /dev/null @@ -1,4 +0,0 @@ -package json - -#job: ((#Workflow & {}).jobs & {x: _}).x -#step: ((#job & {steps: _}).steps & [_])[0] diff --git a/internal/ci/base/base.cue b/internal/ci/base/base.cue index 39b9010..5304b85 100644 --- a/internal/ci/base/base.cue +++ b/internal/ci/base/base.cue @@ -35,7 +35,7 @@ import ( ) // Package parameters -githubRepositoryPath: *(URLPath & {#url: githubRepositoryURL, _}) | string +githubRepositoryPath: *(URLPath & {#url: githubRepositoryURL, _}) | string githubRepositoryURL: *("https://github.com/" + githubRepositoryPath) | string gerritHubHostname: "review.gerrithub.io" gerritHubRepositoryURL: *("https://\(gerritHubHostname)/a/" + githubRepositoryPath) | string @@ -55,7 +55,7 @@ botGerritHubUser: *botGitHubUser | string botGerritHubUserPasswordSecretsKey: *(strings.ToUpper(botGitHubUser) + "_GERRITHUB_PASSWORD") | string botGerritHubUserEmail: *botGitHubUserEmail | string -workflowFileExtension: ".yml" +workflowFileExtension: ".yaml" linuxMachine: string @@ -67,7 +67,7 @@ codeReview: #codeReview & { // Define some shared keys and human-readable names. // // trybot.key and unity.key are shared with -// github.com/cue-sh/tools/cmd/cueckoo. The keys are used across various CUE +// github.com/cue-lang/contrib-tools/cmd/cueckoo. The keys are used across various CUE // workflows and their consistency in those various locations is therefore // crucial. As such, we assert specific values for the keys here rather than // just deriving values from the human-readable names. diff --git a/internal/ci/base/codereview.cue b/internal/ci/base/codereview.cue index 113aab8..134c940 100644 --- a/internal/ci/base/codereview.cue +++ b/internal/ci/base/codereview.cue @@ -10,7 +10,7 @@ import ( // #codeReview defines the schema of a codereview.cfg file that // sits at the root of a repository. codereview.cfg is the configuration // file that drives golang.org/x/review/git-codereview. This config -// file is also used by github.com/cue-sh/tools/cmd/cueckoo. +// file is also used by github.com/cue-lang/contrib-tools/cmd/cueckoo. #codeReview: { gerrit?: string github?: string diff --git a/internal/ci/base/gerrithub.cue b/internal/ci/base/gerrithub.cue index 0105ee0..5c2b551 100644 --- a/internal/ci/base/gerrithub.cue +++ b/internal/ci/base/gerrithub.cue @@ -3,15 +3,15 @@ package base // This file contains gerrithub related definitions etc import ( - encjson "encoding/json" + "encoding/json" "strings" - "github.com/SchemaStore/schemastore/src/schemas/json" + "github.com/cue-tmp/jsonschema-pub/exp1/githubactions" ) // trybotWorkflows is a template for trybot-based repos trybotWorkflows: { - (trybot.key): json.#Workflow & { + (trybot.key): githubactions.#Workflow & { on: workflow_dispatch: {} } "\(trybot.key)_dispatch": trybotDispatchWorkflow @@ -45,7 +45,7 @@ trybotDispatchWorkflow: bashWorkflow & { (trybot.key): { "runs-on": linuxMachine - let goodDummyData = [if encjson.Marshal(#dummyDispatch) != _|_ {true}, false][0] + let goodDummyData = [if json.Marshal(#dummyDispatch) != _|_ {true}, false][0] // We set the "on" conditions above, but this would otherwise mean we // run for all dispatch events. @@ -68,7 +68,7 @@ trybotDispatchWorkflow: bashWorkflow & { steps: [ writeNetrcFile, - json.#step & { + githubactions.#Step & { name: "Write fake payload" id: "payload" if: "github.repository == '\(githubRepositoryPath)' && \(isTestDefaultBranch)" @@ -80,7 +80,7 @@ trybotDispatchWorkflow: bashWorkflow & { run: #""" cat <> $GITHUB_OUTPUT value< ~/.netrc diff --git a/internal/ci/base/github.cue b/internal/ci/base/github.cue index 5e0eee1..e13296b 100644 --- a/internal/ci/base/github.cue +++ b/internal/ci/base/github.cue @@ -3,30 +3,67 @@ package base // This file contains aspects principally related to GitHub workflows import ( - encjson "encoding/json" + "encoding/json" "list" "strings" "strconv" - "github.com/SchemaStore/schemastore/src/schemas/json" + "github.com/cue-tmp/jsonschema-pub/exp1/githubactions" ) -bashWorkflow: json.#Workflow & { +bashWorkflow: githubactions.#Workflow & { jobs: [string]: defaults: run: shell: "bash" } -installGo: json.#step & { - name: "Install Go" - uses: "actions/setup-go@v5" - with: { - // We do our own caching in setupGoActionsCaches. - cache: false - "go-version": string +installGo: { + #setupGo: githubactions.#Step & { + name: "Install Go" + uses: "actions/setup-go@v5" + with: { + // We do our own caching in setupGoActionsCaches. + cache: false + "go-version": string + } } + + // Why set GOTOOLCHAIN here? As opposed to an environment variable + // elsewhere? No perfect answer to this question but here is the thinking: + // + // Setting the variable here localises it with the installation of Go. Doing + // it elsewhere creates distance between the two steps which are + // intrinsically related. And it's also hard to do: "when we use this step, + // also ensure that we establish an environment variable in the job for + // GOTOOLCHAIN". + // + // Environment variables can only be set at a workflow, job or step level. + // Given we currently use a matrix strategy which varies the Go version, + // that rules out using an environment variable based approach, because the + // Go version is only available at runtime via GitHub actions provided + // context. Whether we should instead be templating multiple workflows (i.e. + // exploding the matrix ourselves) is a different question, but one that + // has performance implications. + // + // So as clumsy as it is to use a step "template" that includes more than + // one step, it's the best option available to us for now. + [ + #setupGo, + + { + githubactions.#Step & { + name: "Set common go env vars" + run: """ + go env -w GOTOOLCHAIN=local + + # Dump env for good measure + go env + """ + } + }, + ] } checkoutCode: { - #actionsCheckout: json.#step & { + #actionsCheckout: githubactions.#Step & { name: "Checkout code" uses: "actions/checkout@v4" @@ -53,17 +90,17 @@ checkoutCode: { // per the bug report at https://github.com/MestreLion/git-tools/issues/47, // so we first reset all directory timestamps to a static time as a fallback. // TODO(mvdan): May be unnecessary once the Go bug above is fixed. - json.#step & { + githubactions.#Step & { name: "Reset git directory modification times" run: "touch -t 202211302355 $(find * -type d)" }, - json.#step & { + githubactions.#Step & { name: "Restore git file modification times" uses: "chetan/git-restore-mtime-action@075f9bc9d159805603419d50f794bd9f33252ebe" }, { - json.#step & { + githubactions.#Step & { name: "Try to extract \(dispatchTrailer)" id: dispatchTrailerStepID run: """ @@ -87,7 +124,7 @@ checkoutCode: { // Safety nets to flag if we ever have a Dispatch-Trailer slip through the // net and make it to master - json.#step & { + githubactions.#Step & { name: "Check we don't have \(dispatchTrailer) on a protected branch" if: "\(isProtectedBranch) && \(containsDispatchTrailer)" run: """ @@ -98,46 +135,9 @@ checkoutCode: { ] } -earlyChecks: json.#step & { +earlyChecks: githubactions.#Step & { name: "Early git and code sanity checks" - run: #""" - # Ensure that commit messages have a blank second line. - # We know that a commit message must be longer than a single - # line because each commit must be signed-off. - if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then - echo "second line of commit message must be blank" - exit 1 - fi - - # All authors, including co-authors, must have a signed-off trailer by email. - # Note that trailers are in the form "Name ", so grab the email with sed. - # For now, we require the sorted lists of author and signer emails to match. - # Note that this also fails if a commit isn't signed-off at all. - # - # In Gerrit we already enable a form of this via https://gerrit-review.googlesource.com/Documentation/project-configuration.html#require-signed-off-by, - # but it does not support co-authors nor can it be used when testing GitHub PRs. - commit_authors="$( - { - git log -1 --pretty='%ae' - git log -1 --pretty='%(trailers:key=Co-authored-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - commit_signers="$( - { - git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' - } | sort -u - )" - if [[ "${commit_authors}" != "${commit_signers}" ]]; then - echo "Error: commit author email addresses do not match signed-off-by trailers" - echo - echo "Authors:" - echo "${commit_authors}" - echo - echo "Signers:" - echo "${commit_signers}" - exit 1 - fi - """# + run: *"go run cuelang.org/go/internal/ci/checks@v0.11.0-0.dev.0.20240903133435-46fb300df650" | string } curlGitHubAPI: { @@ -177,7 +177,7 @@ setupGoActionsCaches: { let cacheRestoreKeys = "\(#os)-\(#goVersion)" - let cacheStep = json.#step & { + let cacheStep = githubactions.#Step & { with: { path: strings.Join(cacheDirs, "\n") @@ -197,12 +197,12 @@ setupGoActionsCaches: { [ // TODO: once https://github.com/actions/setup-go/issues/54 is fixed, // we could use `go env` outputs from the setup-go step. - json.#step & { + githubactions.#Step & { name: "Get go mod cache directory" id: goModCacheDirID run: #"echo "dir=$(go env GOMODCACHE)" >> ${GITHUB_OUTPUT}"# }, - json.#step & { + githubactions.#Step & { name: "Get go build/test cache directory" id: goCacheDirID run: #"echo "dir=$(go env GOCACHE)" >> ${GITHUB_OUTPUT}"# @@ -240,7 +240,7 @@ setupGoActionsCaches: { // // Critically we only want to do this in the main repo, not the trybot // repo. - json.#step & { + githubactions.#Step & { if: "github.repository == '\(githubRepositoryPath)' && (\(isProtectedBranch) || github.ref == 'refs/heads/\(testDefaultBranch)')" run: "go clean -testcache" } @@ -270,13 +270,13 @@ isReleaseTag: { (_matchPattern & {variable: "github.ref", pattern: "refs/tags/\(releaseTagPattern)"}).expr } -checkGitClean: json.#step & { +checkGitClean: githubactions.#Step & { name: "Check that git is clean at the end of the job" if: "always()" run: "test -z \"$(git status --porcelain)\" || (git status; git diff; false)" } -repositoryDispatch: json.#step & { +repositoryDispatch: githubactions.#Step & { #githubRepositoryPath: *githubRepositoryPath | string #botGitHubUserTokenSecretsKey: *botGitHubUserTokenSecretsKey | string #arg: _ @@ -285,7 +285,25 @@ repositoryDispatch: json.#step & { name: string run: #""" - \#(_curlGitHubAPI) --fail --request POST --data-binary \#(strconv.Quote(encjson.Marshal(#arg))) https://api.github.com/repos/\#(#githubRepositoryPath)/dispatches + \#(_curlGitHubAPI) --fail --request POST --data-binary \#(strconv.Quote(json.Marshal(#arg))) https://api.github.com/repos/\#(#githubRepositoryPath)/dispatches + """# +} + +workflowDispatch: githubactions.#Step & { + #githubRepositoryPath: *githubRepositoryPath | string + #botGitHubUserTokenSecretsKey: *botGitHubUserTokenSecretsKey | string + #workflowID: string + + // params are defined per https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event + #params: *{ + ref: defaultBranch + } | _ + + _curlGitHubAPI: curlGitHubAPI & {#tokenSecretsKey: #botGitHubUserTokenSecretsKey, _} + + name: string + run: #""" + \#(_curlGitHubAPI) --fail --request POST --data-binary \#(strconv.Quote(json.Marshal(#params))) https://api.github.com/repos/\#(#githubRepositoryPath)/actions/workflows/\#(#workflowID)/dispatches """# } diff --git a/internal/ci/base/helpers.cue b/internal/ci/base/helpers.cue index 31321a7..027b461 100644 --- a/internal/ci/base/helpers.cue +++ b/internal/ci/base/helpers.cue @@ -14,8 +14,8 @@ import ( _matchPattern: { variable: string pattern: string - expr: [ - if strings.HasSuffix(pattern, "*") { + expr: [ + if strings.HasSuffix(pattern, "*") { let prefix = strings.TrimSuffix(pattern, "*") "startsWith(\(variable), '\(prefix)')" }, diff --git a/internal/ci/gen.go b/internal/ci/gen.go index bb95747..a4baee6 100644 --- a/internal/ci/gen.go +++ b/internal/ci/gen.go @@ -14,5 +14,4 @@ package ci -//go:generate go run cuelang.org/go/cmd/cue@v0.5.0-beta.5 cmd importjsonschema ./vendor -//go:generate go run cuelang.org/go/cmd/cue@v0.5.0-beta.5 cmd gen +//go:generate cue cmd gen diff --git a/internal/ci/github/trybot.cue b/internal/ci/github/trybot.cue index d02c58e..ca214db 100644 --- a/internal/ci/github/trybot.cue +++ b/internal/ci/github/trybot.cue @@ -16,8 +16,9 @@ package github import ( "list" + "strings" - "github.com/SchemaStore/schemastore/src/schemas/json" + "github.com/cue-tmp/jsonschema-pub/exp1/githubactions" ) // The trybot workflow. @@ -31,52 +32,61 @@ workflows: trybot: _repo.bashWorkflow & { pull_request: {} } - jobs: { - test: { - "runs-on": _repo.linuxMachine - - let runnerOSExpr = "runner.os" - let runnerOSVal = "${{ \(runnerOSExpr) }}" - let _setupGoActionsCaches = _repo.setupGoActionsCaches & { - #goVersion: _repo.latestGo - #os: runnerOSVal - _ - } - - // Only run the trybot workflow if we have the trybot trailer, or - // if we have no special trailers. Note this condition applies - // after and in addition to the "on" condition above. - if: "\(_repo.containsTrybotTrailer) || ! \(_repo.containsDispatchTrailer)" - - steps: [ - for v in _repo.checkoutCode {v}, - - _repo.installGo & { - with: "go-version": _repo.latestGo - }, - - for v in _setupGoActionsCaches {v}, - - _repo.earlyChecks, - _#goGenerate, - _#goTest, - _#goCheck, - _repo.checkGitClean, - ] + jobs: test: { + "runs-on": _repo.linuxMachine + + let runnerOSExpr = "runner.os" + let runnerOSVal = "${{ \(runnerOSExpr) }}" + + // The repo config holds the standard string representation of a Go + // version. setup-go, rather unhelpfully, strips the "go" prefix. + let goVersion = strings.TrimPrefix(_repo.latestGo, "go") + + let _setupGoActionsCaches = _repo.setupGoActionsCaches & { + #goVersion: goVersion + #os: runnerOSVal + _ + } + let installGo = _repo.installGo & { + #setupGo: with: "go-version": goVersion + _ } + + // Only run the trybot workflow if we have the trybot trailer, or + // if we have no special trailers. Note this condition applies + // after and in addition to the "on" condition above. + if: "\(_repo.containsTrybotTrailer) || ! \(_repo.containsDispatchTrailer)" + + steps: [ + for v in _repo.checkoutCode {v}, + + // Install and setup Go + for v in installGo {v}, + for v in _setupGoActionsCaches {v}, + + // CUE setup + _installCUE, + + _repo.earlyChecks, + _centralRegistryLogin, + _#goGenerate, + _#goTest, + _#goCheck, + _repo.checkGitClean, + ] } - _#goGenerate: json.#step & { + _#goGenerate: githubactions.#Step & { name: "Generate" run: "go generate ./..." } - _#goTest: json.#step & { + _#goTest: githubactions.#Step & { name: "Test" run: "go test ./..." } - _#goCheck: json.#step & { + _#goCheck: githubactions.#Step & { // These checks can vary between platforms, as different code can be built // based on GOOS and GOARCH build tags. // However, CUE does not have any such build tags yet, and we don't use @@ -87,3 +97,22 @@ workflows: trybot: _repo.bashWorkflow & { run: "go vet ./..." } } + +_installCUE: githubactions.#Step & { + name: "Install CUE" + uses: "cue-lang/setup-cue@v1.0.1" + with: version: "latest" +} + +_centralRegistryLogin: githubactions.#Step & { + env: { + // Note: this token has read-only access to the registry + // and is used only because we need some credentials + // to pull dependencies from the Central Registry. + // The token is owned by notcueckoo and described as "ci readonly". + CUE_TOKEN: "${{ secrets.NOTCUECKOO_CUE_TOKEN }}" + } + run: """ + cue login --token=${CUE_TOKEN} + """ +} diff --git a/internal/ci/github/workflows.cue b/internal/ci/github/workflows.cue index a61cd7d..eb831f3 100644 --- a/internal/ci/github/workflows.cue +++ b/internal/ci/github/workflows.cue @@ -40,9 +40,11 @@ workflows: close({ // [string]: json.#Workflow _repo.trybotWorkflows - trybot_dispatch: #dummyDispatch: dummyDispatch + + trybot: _ + trybot_dispatch: #dummyDispatch: _dummyDispatch }) -dummyDispatch: _repo.#dispatch & { +_dummyDispatch: _repo.#dispatch & { type: _repo.trybot.key } diff --git a/internal/ci/repo/repo.cue b/internal/ci/repo/repo.cue index ec31025..4519d2d 100644 --- a/internal/ci/repo/repo.cue +++ b/internal/ci/repo/repo.cue @@ -18,4 +18,4 @@ defaultBranch: "main" linuxMachine: "ubuntu-22.04" -latestGo: "1.20.x" +latestGo: "go1.23.x" diff --git a/internal/ci/vendor/vendor_tool.cue b/internal/ci/vendor/vendor_tool.cue deleted file mode 100644 index 8ed02a7..0000000 --- a/internal/ci/vendor/vendor_tool.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2021 The CUE Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package vendor - -import ( - "path" - - "tool/exec" - "tool/http" -) - -// _cueCmd defines the command that is run to run cmd/cue. -// This is factored out in order that the cue-github-actions -// project which "vendors" the various workflow-related -// packages can specify "cue" as the value so that unity -// tests can specify the cmd/cue binary to use. -_cueCmd: string | *"go run cuelang.org/go/cmd/cue@v0.5.0-beta.5" @tag(cue_cmd) - -// For the commands below, note we use simple yet hacky path resolution, rather -// than anything that might derive the module root using go list or similar, in -// order that we have zero dependencies. - -// importjsonschema vendors a CUE-imported version of the JSONSchema that -// defines GitHub workflows into the main module's cue.mod/pkg. -command: importjsonschema: { - getJSONSchema: http.Get & { - request: body: "" - - // Tip link for humans: - // https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/github-workflow.json - url: "https://raw.githubusercontent.com/SchemaStore/schemastore/5ffe36662a8fcab3c32e8fbca39c5253809e6913/src/schemas/json/github-workflow.json" - } - import: exec.Run & { - _outpath: path.FromSlash("../../cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue", "unix") - stdin: getJSONSchema.response.body - cmd: "\(_cueCmd) import -f -p json -l #Workflow: -o \(_outpath) jsonschema: -" - } -}