chore: try a new set of workflows for releasing

Author: rix0rrr

.github/workflows/auto-merge.yml

@@ -5,6 +5,7 @@ on:
       - opened
       - reopened
       - ready_for_review
+      - labeled
 jobs:
   enableAutoMerge:
     name: 'Set AutoMerge on PR #${{ github.event.number }}'
@@ -17,4 +18,4 @@ jobs:
         with:
           token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
           pull-request-number: ${{ github.event.number }}
-          merge-method: squash
+          merge-method: ${{ contains(github.event.pull_request.labels.*.name, 'pr/no-squash') && 'merge' || 'squash' }}

.github/workflows/release-sync.yml

@@ -1,4 +1,4 @@
-name: sync-release-branch
+name: Daily Release Check
 
 on:
   workflow_dispatch: {}
@@ -11,9 +11,77 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@main
-      - name: Push to release branch
-        uses: connor-baer/action-sync-branch@main
+        uses: actions/checkout@v4
         with:
-          branch: release
+          ref: main
           token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+
+      - name: 🦀 Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: ⚡ Cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            ${{ runner.os }}-cargo
+
+      - name: Install cargo-release
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-release
+
+      - name: Prepare git identity
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "cdklabs-automation"
+
+      - name: Check if there are commits to release
+        id: check_commits
+        run: |
+          git fetch origin release
+          if [[ "$(git rev-list -n1 origin/release..HEAD)" != "" ]]; then
+            echo "has_commits=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_commits=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Wat
+        run: git log -n 3
+
+      - name: Bump package versions and commit
+        if: steps.check_commits.outputs.has_commits == 'true'
+        run: |
+          cargo release --all-features --verbose minor --execute --no-confirm --no-push --no-tag --no-publish
+
+      - name: After
+        run: git log -n 3
+
+      - name: Determine commit message
+        id: commit
+        if: steps.check_commits.outputs.has_commits == 'true'
+        run: |
+          echo "title=$(git log --format=%B -n 1)" >> $GITHUB_OUTPUT
+
+      # We push the branch ourselves, otherwise peter-evans/create-pull-request will
+      # cherry-pick our top commit onto `release`, which is not what we want.
+      - name: Push the branch
+        if: steps.check_commits.outputs.has_commits == 'true'
+        run: |
+          git push -f origin HEAD:github-actions/release
+          git checkout github-actions/release
+
+      - name: Open release pull request
+        if: steps.check_commits.outputs.has_commits == 'true'
+        run: |
+          env GITHUB_TOKEN=${{ secrets.PROJEN_GITHUB_TOKEN }} gh pr create \
+            --title "${{ steps.commit.outputs.title }}" \
+            --fill \
+            --base release \
+            --label auto-approve \
+            --label pr/no-squash

.github/workflows/release.yml

@@ -1,77 +1,78 @@
 # .github/workflows/release.yml
+name: Release from release branch
 
-name: release
 on:
+  workflow_dispatch: {}
   push:
     branches:
       - release
 
+env:
+  RELEASE_BRANCH: release
+  MERGEBACK_BRANCH: github-actions/mergeback
+
 jobs:
-  release_to_crates:
-    name: Release to crates.io
+  create_mergeback:
+    name: Create the merge-back PR
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@main
-        with:
-          token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
-      - name: Set git identity
-        run: |-
-          git config user.name "cdklabs-automation"
-          git config user.email "[email protected]"
-      - name: Install cargo-release
-        uses: taiki-e/install-action@main
-        with:
-          tool: cargo-binstall
-      - run: cargo binstall --no-confirm cargo-release
-      - run: cargo release --all-features --verbose minor --execute --no-confirm --no-push
-      - name: Open pull request
-        id: create-pr
-        uses: peter-evans/create-pull-request@v7
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
+          ref: ${{ env.RELEASE_BRANCH }}
           token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
-          author: cdklabs-automation <[email protected]>
-          committer: cdklabs-automation <[email protected]>
-          signoff: true
-          branch: github-actions/release
-          base: main
-          body: |
-            release: <%= crate.name %> v<%= version.actual %>
 
-            [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-          commit-message: |-
-            release: <%= crate.name %> v<%= version.actual %>
+      - name: Open merge-back pull request
+        run: |
+          git push -f origin HEAD:${{ env.MERGEBACK_BRANCH }}
+          git checkout ${{ env.MERGEBACK_BRANCH }}
 
-            [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-
-          title: |
-            release: <%= crate.name %> v<%= version.actual %>
-          labels: auto-approve
-      - name: Push New Tag
-        run: git push origin --tags
-    env:
-      CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_TOKEN }}
+          env GITHUB_TOKEN=${{ secrets.PROJEN_GITHUB_TOKEN }} gh pr create \
+            --title "chore: merge-back" \
+            --fill \
+            --base main \
+            --label auto-approve \
+            --label pr/no-squash
 
   release_to_npm:
-    name: Release to npm
-    needs: release_to_crates
+    name: Release to NPM
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@main
+        uses: actions/checkout@v4
         with:
-          ref: github-actions/release
+          ref: ${{ env.RELEASE_BRANCH }}
+          token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+
       - name: Setup Node.js
         uses: actions/setup-node@main
         with:
-          node-version: latest
-      - uses: jetli/[email protected]
-        name: Install wasm-pack
+          node-version: lts/*
+
+      - name: 🦀 Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: ⚡ Cache
+        uses: actions/cache@v4
         with:
-          version: latest
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            ${{ runner.os }}-cargo
+
+      - name: Install wasm-pack
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: wasm-pack
+
       - name: Prepare Release
         run: |-
           wasm-pack build --all-features --target=nodejs --out-name=index
+
       - name: Release
         run: |-
           npm set "//registry.npmjs.org/:_authToken" ${{ secrets.NPM_TOKEN }}

.github/workflows/security-audit.yml

@@ -8,7 +8,7 @@ jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@main
+      - uses: actions/checkout@v4
       - uses: rustsec/audit-check@v2
         with:
           token: ${{ secrets.PROJEN_GITHUB_TOKEN }}

.github/workflows/status-checks.yml

@@ -6,6 +6,7 @@ on:
   merge_group:
     branches:
       - main
+      - release
 name: status-checks
 
 jobs:
@@ -14,28 +15,29 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-          components: rustfmt, clippy
-      # Ensure build.rs has ran before we assert formatting...
-      - name: Build
-        uses: actions-rs/cargo@v1
-        with:
-          command: build
-          args: --all-features
-      - name: Check formatting
-        uses: actions-rs/cargo@v1
+
+      - name: 🦀 Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: ⚡ Cache
+        uses: actions/cache@v4
         with:
-          command: fmt
-          args: --manifest-path ./Cargo.toml --all -- --check
-      - name: Run clippy
-        uses: actions-rs/cargo@v1
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            ${{ runner.os }}-cargo
+
+      - name: Install just
+        uses: baptiste0928/cargo-install@v3
         with:
-          command: clippy
-          args: --manifest-path ./Cargo.toml -- -Adead-code -D warnings
+          crate: just
+
+      - name: Run lint
+        run: just lint
 
   security_audit:
     name: Security Audit
@@ -56,26 +58,57 @@ jobs:
       id-token: write
     steps:
       - uses: actions/checkout@v4
-      - name: Install Rust
-        run: rustup update stable
-      - name: Install cargo-llvm-cov
-        uses: taiki-e/install-action@cargo-llvm-cov
+
+      - name: 🦀 Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: ⚡ Cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+            ${{ runner.os }}-cargo
+
+      - name: Install just
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: just
+
+      - name: Install wasm-pack
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-llvm-cov
+
       - name: Install Java 17
         uses: actions/setup-java@v4
         with:
           distribution: corretto
           java-version: 17
+
       - name: Install Dotnet 8
         uses: actions/setup-dotnet@v4
         with:
           dotnet-version: "8.0.110"
+
+      - name: Try to fix .NET issue
+        # https://github.com/dotnet/runtime/issues/91987
+        run: |
+          sudo rm -rf /tmp/.dotnet
+
       - name: Tests with Coverage
-        run: cargo llvm-cov --all-features --ignore-filename-regex '^(tests/.*\.rs|.*/tests\.rs)$' --no-fail-fast --lcov --output-path target/lcov.info
+        run: just test-cov
+
       - name: Coverage Report
         run: |
           cargo llvm-cov report --hide-instantiations --ignore-filename-regex '^(tests/.*\.rs|.*/tests\.rs)$' --codecov --output-path target/codecov.json
           cargo llvm-cov report --hide-instantiations --ignore-filename-regex '^(tests/.*\.rs|.*/tests\.rs)$' --html --output-dir target/coverage
           cargo llvm-cov report --hide-instantiations --ignore-filename-regex '^(tests/.*\.rs|.*/tests\.rs)$'
+
       - name: Upload Coverage to CodeCov
         uses: codecov/[email protected]
         with:

Justfile

@@ -0,0 +1,24 @@
+alias b := build
+alias r := release
+
+release: build test lint
+
+build:
+		cargo build --all-features
+
+test *TEST:
+    cargo test {{TEST}}
+
+lint: fmt clippy
+
+fmt:
+		cargo fmt -- --version && cargo fmt --check
+
+clippy:
+    cargo clippy --tests -- -Adead-code -Dwarnings -Dclippy::dbg_macro
+
+test-cov:
+		cargo llvm-cov --all-features --ignore-filename-regex '^(tests/.*\.rs|.*/tests\.rs)$' --no-fail-fast --lcov --output-path target/lcov.info
+
+install-tools:
+		cargo install cargo-llvm-cov