chore(deps): Bump rust-toolchain from 1.92.0 to 1.93.1 (#891) #2531
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ship | ||
| on: | ||
| push: | ||
| workflow_dispatch: | ||
| jobs: | ||
| nix-build: | ||
| name: nix build | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| target: | ||
| - x86_64-linux | ||
| - aarch64-linux | ||
| steps: | ||
| - name: Checkout ποΈ | ||
| uses: actions/checkout@v6 | ||
| - name: Install Nix β | ||
| uses: cachix/install-nix-action@v31 | ||
| with: | ||
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Set up the Nix Cache π | ||
| uses: cachix/cachix-action@v16 | ||
| with: | ||
| name: hasura-v3-dev | ||
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | ||
| - name: Build a binary with Nix | ||
| run: nix build --print-build-logs '.#${{ matrix.target }}' | ||
| - name: Build a Docker image with Nix | ||
| run: nix build --print-build-logs '.#docker-${{ matrix.target }}' | ||
| - name: Load and get Docker image | ||
| id: load-image | ||
| run: | | ||
| # Load the image and capture its name | ||
| LOADED_IMAGE=$(docker load < result | awk -F': ' '{print $2}') | ||
| echo "image=$LOADED_IMAGE" >> $GITHUB_OUTPUT | ||
| echo "Loaded image: $LOADED_IMAGE" | ||
| - name: Scan Docker Image with gokakashi | ||
| uses: shinobistack/gokakashi-action@v0.2.0 | ||
| continue-on-error: true | ||
| with: | ||
| image: ${{ steps.load-image.outputs.image }} | ||
| labels: agentKey=${{ github.run_id }}-${{ matrix.target }} | ||
| policy: ci-platform | ||
| server: https://gokakashi-server.hasura-app.io | ||
| token: ${{ secrets.GOKAKASHI_API_TOKEN }} | ||
| cf_client_id: ${{ secrets.CF_ACCESS_CLIENT_ID }} | ||
| cf_client_secret: ${{ secrets.CF_ACCESS_CLIENT_SECRET }} | ||
| interval: 10 | ||
| retries: 8 | ||
| timeout: 30m | ||
| # scream into Slack if something goes wrong | ||
| - name: Report Status | ||
| if: always() && github.ref == 'refs/heads/main' | ||
| uses: ravsamhq/notify-slack-action@v2 | ||
| with: | ||
| status: ${{ job.status }} | ||
| notify_when: failure | ||
| notification_title: "π§ Error on <{repo_url}|{repo}>" | ||
| message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} | ||
| push-docker-images: | ||
| name: push Docker images | ||
| needs: | ||
| - nix-build | ||
| runs-on: ubuntu-latest | ||
| # Only run on the `main` branch, version tags, or when the | ||
| # `upload-engine-docker` label is found | ||
| if: | | ||
|
Check warning on line 79 in .github/workflows/ship.yaml
|
||
| github.ref == 'refs/heads/main' | ||
| || startsWith(github.ref, 'refs/tags/v') | ||
| || ${{ github.event.label.name == 'upload-engine-docker' }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| packages: write | ||
| steps: | ||
| - name: Checkout ποΈ | ||
| uses: actions/checkout@v6 | ||
| - name: Install Nix β | ||
| uses: cachix/install-nix-action@v31 | ||
| with: | ||
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Set up the Nix Cache π | ||
| uses: cachix/cachix-action@v16 | ||
| with: | ||
| name: hasura-v3-dev | ||
| authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | ||
| - id: gcloud-auth | ||
| name: Authenticate to Google Cloud π | ||
| uses: google-github-actions/auth@v3 | ||
| with: | ||
| token_format: access_token | ||
| service_account: "hasura-ci-docker-writer@hasura-ddn.iam.gserviceaccount.com" | ||
| workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github" | ||
| - name: Login to Google Container Registry π¦ | ||
| uses: "docker/login-action@v3" | ||
| with: | ||
| registry: "us-docker.pkg.dev" | ||
| username: "oauth2accesstoken" | ||
| password: "${{ steps.gcloud-auth.outputs.access_token }}" | ||
| - name: Login to GitHub Container Registry π¦ | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Push Docker images to Google Container Registry π’ | ||
| run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-postgres' | ||
| - name: Push Docker images to GitHub Packages π’ | ||
| run: nix run .#publish-docker-image '${{ github.ref }}' 'ghcr.io/hasura/ndc-postgres' | ||
| # scream into Slack if something goes wrong | ||
| - name: Report Status | ||
| if: always() | ||
| uses: ravsamhq/notify-slack-action@v2 | ||
| with: | ||
| status: ${{ job.status }} | ||
| notify_when: failure | ||
| notification_title: "π§ Error on <{repo_url}|{repo}>" | ||
| message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} | ||
| build-cli-binaries: | ||
| name: build the CLI binaries | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| - runner: ubuntu-latest | ||
| target: x86_64-unknown-linux-gnu | ||
| - runner: ubuntu-latest | ||
| target: aarch64-unknown-linux-gnu | ||
| linux-packages: gcc-aarch64-linux-gnu | ||
| linker: /usr/bin/aarch64-linux-gnu-gcc | ||
| - runner: macos-latest | ||
| target: x86_64-apple-darwin | ||
| - runner: macos-latest | ||
| target: aarch64-apple-darwin | ||
| - runner: windows-latest | ||
| target: x86_64-pc-windows-msvc | ||
| extension: .exe | ||
| extra-rust-flags: "-C target-feature=+crt-static" | ||
| runs-on: ${{ matrix.runner }} | ||
| env: | ||
| CARGO_BUILD_TARGET: ${{ matrix.target }} | ||
| CARGO_NET_GIT_FETCH_WITH_CLI: "true" | ||
| RUSTFLAGS: "-D warnings" # fail on warnings | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: install protoc | ||
| uses: arduino/setup-protoc@v3 | ||
| with: | ||
| version: "25.x" | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: install tools | ||
| run: | | ||
| rustup show | ||
| rustup target add ${{ matrix.target }} | ||
| - name: install other packages required | ||
| if: matrix.linux-packages | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y ${{ matrix.linux-packages }} | ||
| - uses: Swatinem/rust-cache@v2 | ||
| with: | ||
| shared-key: "build-${matrix.runner}" # share the cache across jobs | ||
| - name: build the CLI | ||
| run: | | ||
| # If we're on a tag, use the tag name as the release version. | ||
| if [[ "$GITHUB_REF_TYPE" == 'tag' ]]; then | ||
| # Ensure that the version specified in Cargo.toml is the same as the tag (with a 'v' prefix). | ||
| CARGO_VERSION="$(cargo metadata --format-version=1 | jq -r '.packages | .[] | select(.name == "ndc-postgres") | .version')" | ||
| echo "Git tag: ${GITHUB_REF_NAME}" | ||
| echo "Cargo version: ${CARGO_VERSION}" | ||
| if [[ "$GITHUB_REF_NAME" != "v${CARGO_VERSION}" ]]; then | ||
| echo >&2 "The Git tag is \"${GITHUB_REF_NAME}\", but the version in Cargo.toml is \"${CARGO_VERSION}\"." | ||
| echo >&2 'These must be the same, with a "v" prefix for the tag. Aborting.' | ||
| exit 1 | ||
| fi | ||
| export RELEASE_VERSION="$GITHUB_REF_NAME" | ||
| echo "RELEASE_VERSION = ${RELEASE_VERSION}" | ||
| fi | ||
| if [[ -n '${{ matrix.linker }}' ]]; then | ||
| TARGET_SCREAMING="$(echo '${{ matrix.target }}' | tr '[:lower:]' '[:upper:]' | tr '-' '_')" | ||
| echo "CARGO_TARGET_${TARGET_SCREAMING}_LINKER"='${{ matrix.linker }}' | ||
| declare "CARGO_TARGET_${TARGET_SCREAMING}_LINKER"='${{ matrix.linker }}' | ||
| export "CARGO_TARGET_${TARGET_SCREAMING}_LINKER" | ||
| fi | ||
| if [[ -n '${{ matrix.extra-rust-flags }}' ]]; then | ||
| RUSTFLAGS="${RUSTFLAGS} ${{ matrix.extra-rust-flags }}" | ||
| export RUSTFLAGS | ||
| fi | ||
| echo "RUSTFLAGS = ${RUSTFLAGS}" | ||
| echo "Building for target: ${CARGO_BUILD_TARGET}" | ||
| cargo build --release --package=ndc-postgres-cli | ||
| mkdir -p release | ||
| mv -v target/${{ matrix.target }}/release/ndc-postgres-cli release/ndc-postgres-cli-${{ matrix.target }}${{ matrix.extension }} | ||
| - uses: actions/upload-artifact@v6 | ||
| with: | ||
| name: ndc-postgres-cli-${{ matrix.target }} | ||
| path: release | ||
| if-no-files-found: error | ||
| release: | ||
| name: release to GitHub | ||
| needs: | ||
| - push-docker-images # not strictly necessary, but if this fails, we should abort | ||
| - build-cli-binaries | ||
| runs-on: ubuntu-latest | ||
| # We release when a tag is pushed. | ||
| if: startsWith(github.ref, 'refs/tags/v') | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - uses: actions/download-artifact@v7 | ||
| with: | ||
| path: release/artifacts | ||
| merge-multiple: true | ||
| - name: generate SHA-256 checksums | ||
| run: | | ||
| cd release/artifacts | ||
| sha256sum * > ./sha256sum | ||
| - name: extract release notes from changelog | ||
| run: ./ci/release-notes.sh "${GITHUB_REF_NAME}" changelog.md release/notes.md | ||
| - name: generate a connector package definition | ||
| run: ./ci/connector-package-definition.sh "${GITHUB_REF_NAME}" | ||
| - uses: actions/upload-artifact@v6 | ||
| with: | ||
| name: package.tar.gz | ||
| path: ./release/artifacts/package.tar.gz | ||
| compression-level: 0 # Already compressed | ||
| - name: create a release | ||
| uses: ncipollo/release-action@v1 | ||
| with: | ||
| draft: false | ||
| bodyFile: release/notes.md | ||
| artifacts: release/artifacts/* | ||
| create-ndc-hub-pr: | ||
| name: Create NDC-Hub Release PR | ||
| needs: | ||
| - release | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| GH_TOKEN: ${{ secrets.HASURA_BOT_TOKEN }} | ||
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | ||
| steps: | ||
| - name: check out this repository | ||
| uses: actions/checkout@v6 | ||
| with: | ||
| path: ndc-postgres | ||
| - name: check out ndc-hub | ||
| uses: actions/checkout@v6 | ||
| with: | ||
| repository: hasura/ndc-hub | ||
| path: ndc-hub | ||
| token: ${{ secrets.HASURA_BOT_TOKEN }} | ||
| - uses: actions/download-artifact@v7 | ||
| with: | ||
| path: release/artifacts | ||
| merge-multiple: true | ||
| - name: create ndc-hub PR | ||
| run: ./ndc-postgres/ci/create-hub-release-pr.sh "${GITHUB_REF_NAME}" "ndc-postgres" "ndc-hub" | ||
