diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b906e4545c2b..7132970c36a57 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,9 +12,8 @@ # title/body based on your changelogs. name: Release - permissions: - contents: write + "contents": "write" # This task will run whenever you workflow_dispatch with a tag that looks like a version # like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc. @@ -49,7 +48,7 @@ on: jobs: # Run 'cargo dist plan' (or host) to determine what tasks we need to do plan: - runs-on: ubuntu-latest + runs-on: "ubuntu-20.04" outputs: val: ${{ steps.plan.outputs.manifest }} tag: ${{ (inputs.tag != 'dry-run' && inputs.tag) || '' }} @@ -65,7 +64,12 @@ jobs: # we specify bash to get pipefail; it guards against the `curl` command # failing. otherwise `sh` won't catch that `curl` returned non-0 shell: bash - run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.14.0/cargo-dist-installer.sh | sh" + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.18.0/cargo-dist-installer.sh | sh" + - name: Cache cargo-dist + uses: actions/upload-artifact@v4 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/cargo-dist # sure would be cool if github gave us proper conditionals... # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible # functionality based on whether this is a pull_request, and whether it's from a fork. @@ -101,8 +105,8 @@ jobs: plan: ${{ needs.plan.outputs.val }} secrets: inherit permissions: - packages: write - contents: read + "contents": "read" + "packages": "write" # Build and package all the platform-agnostic(ish) things build-global-artifacts: @@ -118,9 +122,12 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install cargo-dist - shell: bash - run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.14.0/cargo-dist-installer.sh | sh" + - name: Install cached cargo-dist + uses: actions/download-artifact@v4 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/ + - run: chmod +x ~/.cargo/bin/cargo-dist # Get all the local artifacts for the global tasks to use (for e.g. checksums) - name: Fetch local artifacts uses: actions/download-artifact@v4 @@ -165,8 +172,12 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install cargo-dist - run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.14.0/cargo-dist-installer.sh | sh" + - name: Install cached cargo-dist + uses: actions/download-artifact@v4 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/ + - run: chmod +x ~/.cargo/bin/cargo-dist # Fetch artifacts from scratch-storage - name: Fetch artifacts uses: actions/download-artifact@v4 @@ -200,8 +211,8 @@ jobs: secrets: inherit # publish jobs get escalated permissions permissions: - id-token: write - packages: write + "id-token": "write" + "packages": "write" # Create a GitHub Release while uploading all files to it announce: @@ -220,6 +231,7 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive + # Create a GitHub Release while uploading all files to it - name: "Download GitHub Artifacts" uses: actions/download-artifact@v4 with: @@ -231,13 +243,16 @@ jobs: # Remove the granular manifests rm -f artifacts/*-dist-manifest.json - name: Create GitHub Release - uses: ncipollo/release-action@v1 - with: - tag: ${{ needs.plan.outputs.tag }} - name: ${{ fromJson(needs.host.outputs.val).announcement_title }} - body: ${{ fromJson(needs.host.outputs.val).announcement_github_body }} - prerelease: ${{ fromJson(needs.host.outputs.val).announcement_is_prerelease }} - artifacts: "artifacts/*" + env: + PRERELEASE_FLAG: "${{ fromJson(needs.host.outputs.val).announcement_is_prerelease && '--prerelease' || '' }}" + ANNOUNCEMENT_TITLE: "${{ fromJson(needs.host.outputs.val).announcement_title }}" + ANNOUNCEMENT_BODY: "${{ fromJson(needs.host.outputs.val).announcement_github_body }}" + RELEASE_COMMIT: "${{ github.sha }}" + run: | + # Write and read notes from a file to avoid quoting breaking things + echo "$ANNOUNCEMENT_BODY" > $RUNNER_TEMP/notes.txt + + gh release create "${{ needs.plan.outputs.tag }}" --target "$RELEASE_COMMIT" $PRERELEASE_FLAG --title "$ANNOUNCEMENT_TITLE" --notes-file "$RUNNER_TEMP/notes.txt" artifacts/* custom-notify-dependents: needs: diff --git a/Cargo.toml b/Cargo.toml index 01ab12f7661b3..d2c8b1d6a2012 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -227,7 +227,7 @@ inherits = "release" # Config for 'cargo dist' [workspace.metadata.dist] # The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax) -cargo-dist-version = "0.14.0" +cargo-dist-version = "0.18.0" # CI backends to support ci = ["github"] # The installers to generate for each app @@ -258,12 +258,14 @@ targets = [ ] # Whether to auto-include files like READMEs, LICENSEs, and CHANGELOGs (default true) auto-includes = false -# Whether cargo-dist should create a Github Release or use an existing draft +# Whether cargo-dist should create a GitHub Release or use an existing draft create-release = true # Publish jobs to run in CI pr-run-mode = "skip" # Whether CI should trigger releases with dispatches instead of tag pushes dispatch-releases = true +# The stage during which the GitHub Release should be created +github-release = "announce" # Whether CI should include auto-generated code to build local artifacts build-local-artifacts = false # Local artifacts jobs to run in CI @@ -272,7 +274,7 @@ local-artifacts-jobs = ["./build-binaries", "./build-docker"] publish-jobs = ["./publish-pypi"] # Announcement jobs to run in CI post-announce-jobs = ["./notify-dependents", "./publish-docs", "./publish-playground"] -# Skip checking whether the specified configuration files are up to date -allow-dirty = ["ci"] +# Custom permissions for GitHub Jobs +github-custom-job-permissions = { "build-docker" = { packages = "write", contents = "read" } } # Whether to install an updater program install-updater = false