diff --git a/.github/workflows/build.yml b/.github/workflows/build-wheels.yml similarity index 81% rename from .github/workflows/build.yml rename to .github/workflows/build-wheels.yml index d5f4dbf6..dd8acb3f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build-wheels.yml @@ -1,13 +1,37 @@ -name: Build / Release PyPI +# Build karva wheels on all platforms. +# +# Generates wheels (for PyPI). +# +# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a local +# artifacts job within `cargo-dist`. +name: "Build wheels" on: - push: - tags: - - v[0-9]*.[0-9]*.[0-9]* - workflow_call: - -permissions: {} + inputs: + plan: + required: true + type: string + pull_request: + paths: + # When we change pyproject.toml, we want to ensure that the maturin builds still work. + - pyproject.toml + # And when we change this workflow itself... + - .github/workflows/build-wheels.yml + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + CARGO_INCREMENTAL: 0 + CARGO_NET_RETRY: 10 + CARGO_TERM_COLOR: always + RUSTUP_MAX_RETRIES: 10 + PYTHON_VERSION: "3.10" jobs: linux: @@ -30,7 +54,7 @@ jobs: - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: 3.x + python-version: ${{ env.PYTHON_VERSION }} - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 @@ -64,7 +88,7 @@ jobs: - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: 3.x + python-version: ${{ env.PYTHON_VERSION }} - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 @@ -96,7 +120,7 @@ jobs: - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: 3.x + python-version: ${{ env.PYTHON_VERSION }} architecture: ${{ matrix.platform.target }} - name: Build wheels @@ -130,7 +154,7 @@ jobs: - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: 3.x + python-version: ${{ env.PYTHON_VERSION }} - name: Build wheels uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 @@ -155,7 +179,7 @@ jobs: - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: 3.x + python-version: ${{ env.PYTHON_VERSION }} - name: Build sdist uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 @@ -168,23 +192,3 @@ jobs: with: name: wheels-sdist path: dist - - release: - name: "release" - - runs-on: ubuntu-latest - - if: startsWith(github.ref, 'refs/tags/') - - needs: [linux, musllinux, windows, macos, sdist] - - steps: - - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - - - name: Publish to PyPI - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4 - env: - MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }} - with: - command: upload - args: --non-interactive --skip-existing wheels-*/* diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f54bfee7..5b51c215 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -265,14 +265,6 @@ jobs: run: cargo codspeed run --bench ${{ matrix.project }} mode: walltime - build-binaries: - name: "build binaries" - - needs: determine_changes - if: ${{ (needs.determine_changes.outputs.code == 'true' || github.ref == 'refs/heads/main') }} - - uses: ./.github/workflows/build.yml - project-diff: name: "run project diff" diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml new file mode 100644 index 00000000..dcfdc4d7 --- /dev/null +++ b/.github/workflows/publish-docs.yml @@ -0,0 +1,71 @@ +name: Deploy Documentation + +on: + workflow_dispatch: + inputs: + ref: + description: "The commit SHA, tag, or branch to publish. Uses the default branch if not specified." + default: "" + type: string + + workflow_call: + inputs: + plan: + required: true + type: string + +concurrency: + group: "pages" + cancel-in-progress: false + +permissions: {} + +env: + PYTHON_VERSION: "3.10" + +jobs: + build: + name: "Build docs" + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + with: + persist-credentials: false + + - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 + with: + python-version: ${{ env.PYTHON_VERSION }} + + - name: Prepare docs + run: uv run --script scripts/prepare_docs.py + + - name: Build docs + run: uv run --isolated --only-group docs zensical build + + - name: Upload artifact + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 + with: + path: ./site + + deploy: + runs-on: ubuntu-latest + + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + + permissions: + contents: read + pages: write + id-token: write + + needs: build + + if: github.ref == 'refs/heads/main' + + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml new file mode 100644 index 00000000..7dc7ddd1 --- /dev/null +++ b/.github/workflows/publish-pypi.yml @@ -0,0 +1,32 @@ +# Publish a release to PyPI registry. +# +# Assumed to run as a subworkflow of .github/workflows/release.yml; specifically, as a publish job +# within `cargo-dist`. +name: "Publish" + +on: + workflow_call: + inputs: + plan: + required: true + type: string + +jobs: + pypi-publish: + name: Upload to PyPI + runs-on: ubuntu-latest + environment: + name: release + permissions: + # For PyPI's trusted publishing. + id-token: write + steps: + - name: "Install uv" + uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + pattern: wheels-* + path: wheels + merge-multiple: true + - name: Publish to PyPi + run: uv publish -v wheels/* diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml deleted file mode 100644 index 51238353..00000000 --- a/.github/workflows/release-drafter.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Release Drafter and Labels - -on: - push: - branches: - - main - - pull_request: - types: [edited, opened, reopened, synchronize, unlabeled, labeled] - -permissions: - contents: read - -jobs: - update_release_draft: - permissions: - contents: write - pull-requests: write - - runs-on: ubuntu-latest - - steps: - - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - require_label: - if: github.event.pull_request - - needs: [update_release_draft] - - runs-on: ubuntu-latest - - permissions: - issues: write - pull-requests: write - - steps: - - name: Wait for labels to be added - # Don't shout at the PR author right away - run: sleep 20 - - - uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1 - with: - mode: minimum - count: 1 - labels: ".+" - add_comment: true - use_regex: true - message: "Please add a label to this pull request." diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07cb86d9..621df740 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,68 +1,261 @@ +# This file was autogenerated by dist: https://axodotdev.github.io/cargo-dist +# +# Copyright 2022-2024, axodotdev +# SPDX-License-Identifier: MIT or Apache-2.0 +# +# CI that: +# +# * checks for a Git Tag that looks like a release +# * builds artifacts with dist (archives, installers, hashes) +# * uploads those artifacts to temporary workflow zip +# * on success, uploads the artifacts to a GitHub Release +# +# Note that the GitHub Release will be created with a generated +# title/body based on your changelogs. + name: Release +permissions: + "contents": "write" +# This task will run whenever you workflow_dispatch with a tag that looks like a version +# like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc. +# Various formats will be parsed into a VERSION and an optional PACKAGE_NAME, where +# PACKAGE_NAME must be the name of a Cargo package in your workspace, and VERSION +# must be a Cargo-style SemVer Version (must have at least major.minor.patch). +# +# If PACKAGE_NAME is specified, then the announcement will be for that +# package (erroring out if it doesn't have the given version or isn't dist-able). +# +# If PACKAGE_NAME isn't specified, then the announcement will be for all +# (dist-able) packages in the workspace with that version (this mode is +# intended for workspaces with only one dist-able package, or with all dist-able +# packages versioned/released in lockstep). +# +# If you push multiple tags at once, separate instances of this workflow will +# spin up, creating an independent announcement for each one. However, GitHub +# will hard limit this to 3 tags per commit, as it will assume more tags is a +# mistake. +# +# If there's a prerelease-style suffix to the version, then the release(s) +# will be marked as a prerelease. on: - push: - tags: - - v[0-9]*.[0-9]*.[0-9]* - -env: - PYTHON_VERSION: "3.14" + pull_request: + workflow_dispatch: + inputs: + tag: + description: Release Tag + required: true + default: dry-run + type: string jobs: - release_github: - runs-on: ubuntu-latest + # Run 'dist plan' (or host) to determine what tasks we need to do + plan: + runs-on: "ubuntu-22.04" + outputs: + val: ${{ steps.plan.outputs.manifest }} + tag: ${{ (inputs.tag != 'dry-run' && inputs.tag) || '' }} + tag-flag: ${{ inputs.tag && inputs.tag != 'dry-run' && format('--tag={0}', inputs.tag) || '' }} + publishing: ${{ inputs.tag && inputs.tag != 'dry-run' }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + with: + persist-credentials: false + submodules: recursive + - name: Install dist + # we specify bash to get pipefail; it guards against the `curl` command + # failing. otherwise `sh` won't catch that `curl` returned non-0 + shell: bash + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.2/cargo-dist-installer.sh | sh" + - name: Cache dist + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/dist + # sure would be cool if github gave us proper conditionals... + # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible + # functionality based on whether this is a pull_request, and whether it's from a fork. + # (PRs run on the *source* but secrets are usually on the *target* -- that's *good* + # but also really annoying to build CI around when it needs secrets to work right.) + - id: plan + run: | + dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --output-format=json > plan-dist-manifest.json + echo "dist ran successfully" + cat plan-dist-manifest.json + echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" + - name: "Upload dist-manifest.json" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: artifacts-plan-dist-manifest + path: plan-dist-manifest.json - permissions: - contents: write + custom-build-wheels: + needs: + - plan + if: ${{ needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload' || inputs.tag == 'dry-run' }} + uses: ./.github/workflows/build-wheels.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit + # Build and package all the platform-agnostic(ish) things + build-global-artifacts: + needs: + - plan + - custom-build-wheels + runs-on: "ubuntu-22.04" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with: persist-credentials: false - - - name: Publish Latest Draft + submodules: recursive + - name: Install cached dist + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/ + - run: chmod +x ~/.cargo/bin/dist + # Get all the local artifacts for the global tasks to use (for e.g. checksums) + - name: Fetch local artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + pattern: artifacts-* + path: target/distrib/ + merge-multiple: true + - id: cargo-dist + shell: bash run: | - if gh release list | grep Draft; then - old_version="$(gh release list | grep Draft | head -1 | cut -f1)" - new_version="${GITHUB_REF_NAME}" - body=$(gh release view "$old_version" --json body -q ".body" | sed "s/\.\.\.$old_version/...$new_version/g") - gh release delete "$old_version" - gh release create "$new_version" --title "${GITHUB_REF_NAME}" --notes "$body"; - else - gh release create "$new_version" --title "${GITHUB_REF_NAME}"; - fi - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json + echo "dist ran successfully" - publish-docs: - runs-on: ubuntu-latest + # Parse out what we just built and upload it to scratch storage + echo "paths<> "$GITHUB_OUTPUT" + jq --raw-output ".upload_files[]" dist-manifest.json >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" - name: Docs builder and publisher + cp dist-manifest.json "$BUILD_MANIFEST_NAME" + - name: "Upload artifacts" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + name: artifacts-build-global + path: | + ${{ steps.cargo-dist.outputs.paths }} + ${{ env.BUILD_MANIFEST_NAME }} + # Determines if we should publish/announce + host: + needs: + - plan + - custom-build-wheels + - build-global-artifacts + # Only run if we're "publishing", and only if plan, local and global didn't fail (skipped is fine) + if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.custom-build-wheels.result == 'skipped' || needs.custom-build-wheels.result == 'success') }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + runs-on: "ubuntu-22.04" + outputs: + val: ${{ steps.host.outputs.manifest }} + steps: + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + with: + persist-credentials: false + submodules: recursive + - name: Install cached dist + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + name: cargo-dist-cache + path: ~/.cargo/bin/ + - run: chmod +x ~/.cargo/bin/dist + # Fetch artifacts from scratch-storage + - name: Fetch artifacts + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 + with: + pattern: artifacts-* + path: target/distrib/ + merge-multiple: true + # This is a harmless no-op for GitHub Releases, hosting for that happens in "announce" + - id: host + shell: bash + run: | + dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json + echo "artifacts uploaded and released successfully" + cat dist-manifest.json + echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT" + - name: "Upload dist-manifest.json" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 + with: + # Overwrite the previous copy + name: artifacts-dist-manifest + path: dist-manifest.json + custom-publish-pypi: + needs: + - plan + - host + if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }} + uses: ./.github/workflows/publish-pypi.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit + # publish jobs get escalated permissions permissions: - contents: write + "id-token": "write" + "packages": "write" + # Create a GitHub Release while uploading all files to it + announce: + needs: + - plan + - host + - custom-publish-pypi + # use "always() && ..." to allow us to wait for all publish jobs while + # still allowing individual publish jobs to skip themselves (for prereleases). + # "host" however must run to completion, no skipping allowed! + if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') }} + runs-on: "ubuntu-22.04" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 with: persist-credentials: false - - - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2 + submodules: recursive + # Create a GitHub Release while uploading all files to it + - name: "Download GitHub Artifacts" + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: - python-version: ${{ env.PYTHON_VERSION }} - enable-cache: false - - - name: Prepare docs - run: uv run --script scripts/prepare_docs.py + pattern: artifacts-* + path: artifacts + merge-multiple: true + - name: Cleanup + run: | + # Remove the granular manifests + rm -f artifacts/*-dist-manifest.json + - name: Create GitHub Release + env: + PRERELEASE_FLAG: "${{ fromJson(needs.host.outputs.val).announcement_is_prerelease && '--prerelease' || '' }}" + ANNOUNCEMENT_TITLE: "${{ fromJson(needs.host.outputs.val).announcement_title }}" + ANNOUNCEMENT_BODY: "${{ fromJson(needs.host.outputs.val).announcement_github_body }}" + RELEASE_COMMIT: "${{ github.sha }}" + run: | + # Write and read notes from a file to avoid quoting breaking things + echo "$ANNOUNCEMENT_BODY" > $RUNNER_TEMP/notes.txt - - name: Build docs - run: uv run --isolated --only-group docs zensical build + gh release create "${{ needs.plan.outputs.tag }}" --target "$RELEASE_COMMIT" $PRERELEASE_FLAG --title "$ANNOUNCEMENT_TITLE" --notes-file "$RUNNER_TEMP/notes.txt" artifacts/* - - name: Deploy - uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: site - publish_branch: gh-pages - keep_files: false - force_orphan: true + custom-publish-docs: + needs: + - plan + - announce + uses: ./.github/workflows/publish-docs.yml + with: + plan: ${{ needs.plan.outputs.val }} + secrets: inherit + permissions: + "contents": "read" + "id-token": "write" + "pages": "write" diff --git a/.github/zizmor.yml b/.github/zizmor.yml index ab63c8ab..303cae5e 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -1,7 +1,19 @@ rules: template-injection: ignore: + # like with `secrets-inherit`, `cargo dist` introduces some + # template injections. We've manually audited these usages for safety. + - release.yml - "diff.yml" + secrets-inherit: + # `cargo dist` makes extensive use of `secrets: inherit`, + # and we can't easily fix that until an upstream release changes that. + disable: true + excessive-permissions: + # it's hard to test what the impact of removing these ignores would be + # without actually running the release workflow... + ignore: + - release.yml unpinned-uses: config: policies: diff --git a/Cargo.toml b/Cargo.toml index 06f4e98d..add70186 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -87,3 +87,8 @@ too_many_lines = "allow" significant_drop_tightening = "allow" must_use_candidate = "allow" option_if_let_else = "allow" + +# The profile that 'dist' will build with +[profile.dist] +inherits = "release" +lto = "thin" diff --git a/dist-workspace.toml b/dist-workspace.toml new file mode 100644 index 00000000..ccdc65d2 --- /dev/null +++ b/dist-workspace.toml @@ -0,0 +1,67 @@ +[workspace] +members = ["cargo:."] +packages = ["karva_cli"] + +# Config for 'dist' +[dist] +# The preferred dist version to use in CI (Cargo.toml SemVer syntax) +cargo-dist-version = "0.30.2" +# Whether to consider the binaries in a package for distribution (defaults true) +dist = false +# CI backends to support +ci = "github" +# The archive format to use for windows builds (defaults .zip) +windows-archive = ".zip" +# The archive format to use for non-windows builds (defaults .tar.xz) +unix-archive = ".tar.gz" +# Target platforms to build apps for (Rust target-triple syntax) +targets = [ + "aarch64-apple-darwin", + "aarch64-unknown-linux-gnu", + "aarch64-unknown-linux-musl", + "arm-unknown-linux-musleabihf", + "armv7-unknown-linux-gnueabihf", + "armv7-unknown-linux-musleabihf", + "x86_64-apple-darwin", + "powerpc64-unknown-linux-gnu", + "powerpc64le-unknown-linux-gnu", + "riscv64gc-unknown-linux-gnu", + "s390x-unknown-linux-gnu", + "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "x86_64-pc-windows-msvc", + "i686-unknown-linux-gnu", + "i686-unknown-linux-musl", +] +# Whether to auto-include files like READMEs, LICENSEEs, and CHANGELOGs (default true) +auto-includes = false +# Whether dist should create a Github Release or use an existing draft +create-release = true +# Which actions to run on pull requests +pr-run-mode = "plan" +# Whether to publish prereleases to package managers +publish-prereleases = true +# Whether CI should trigger releases with dispatches instead of tag pushes +dispatch-releases = true +# Which phase dist should use to create the GitHub release +github-release = "announce" +# Whether CI should include auto-generated code to build local artifacts +build-local-artifacts = false +# Local artifacts jobs to run in CI +local-artifacts-jobs = ["./build-wheels"] +build-global-artifacts = false +# Publish jobs to run in CI +publish-jobs = ["./publish-pypi"] +# Post-announce jobs to run in CI +post-announce-jobs = ["./publish-docs"] +github-custom-job-permissions = { "publish-docs" = { contents = "read", pages = "write", id-token = "write" }} +# Whether to install an updater program +install-updater = false +# Path that installers should place binaries in +install-path = ["$XDG_BIN_HOME/", "$XDG_DATA_HOME/../bin", "~/.local/bin"] + +[dist.github-action-commits] +"actions/checkout" = "1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 +"actions/upload-artifact" = "330a01c490aca151604b8cf639adc76d48f6c5d4" # v5.0.0 +"actions/download-artifact" = "018cc2cf5baa6db3ef3c5f8a56943fffe632ef53" # v6.0.0 +"actions/attest-build-provenance" = "c074443f1aee8d4aeeae555aebba3282517141b2" #v2.2.3 diff --git a/seal.toml b/seal.toml new file mode 100644 index 00000000..42f283da --- /dev/null +++ b/seal.toml @@ -0,0 +1,32 @@ +[release] +current-version = "0.1.11" + +version-files = [ + "README.md", + "crates/karva/Cargo.toml", + "crates/karva_cli/Cargo.toml", + "pyproject.toml", + "python/karva/__init__.py" + # { path = "dist-workspace.toml", field = "workspace.version", format = "toml" } +] + +commit-message = "Release v{version}" +branch-name = "release/v{version}" +push = true +create-pr = true +confirm = true + +[changelog.section-labels] +"Bug Fixes" = ["bug"] +"Reporting" = ["reporting"] +"Extensions" = ["extensions/fixtures", "extensions/tags"] +"Configuration" = ["configuration"] +"Discovery" = ["discovery"] +"CLI" = ["cli"] +"Documentation" = ["documentation"] + +[changelog] +ignore-contributors = ["dependabot[bot]"] +ignore-labels = ["internal", "ci", "duplicate", "rust", "wontfix", "needs-decision"] +include-contributors = true +changelog-heading = "{version}"