feat(ir): add typed builder for DownloadBuildArtifacts@1 (#1197) #775
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| # Note: the v0.34.0 entry re-records the on.pr.mode change from #922, | |
| # whose squash-merge body broke release-please's commit parser and was | |
| # silently dropped from the v0.33.2 release PR (#924). | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| tag_name: | |
| description: "Release tag to upload assets to (e.g., v0.1.1)" | |
| required: true | |
| type: string | |
| env: | |
| CARGO_TERM_COLOR: always | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| release-please: | |
| name: Release Please | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 | |
| id: release | |
| build: | |
| name: Build (Linux) | |
| needs: release-please | |
| if: >- | |
| always() && | |
| (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch') | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable | |
| - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 | |
| - name: Build | |
| run: cargo build --release --verbose | |
| - name: Run tests | |
| run: cargo test --verbose | |
| - name: Prepare release assets | |
| run: | | |
| set -euo pipefail | |
| cp target/release/ado-aw target/release/ado-aw-linux-x64 | |
| - name: Set up Node.js for ado-script bundle | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| cache-dependency-path: scripts/ado-script/package-lock.json | |
| - name: Build ado-script TypeScript bundle (gate.js) | |
| working-directory: scripts/ado-script | |
| run: | | |
| npm ci | |
| npm run build | |
| # `npm run build` runs codegen + ncc and outputs gate.js + import.js. | |
| - name: Package ado-script bundle | |
| run: | | |
| set -euo pipefail | |
| cd scripts | |
| zip -r ../ado-script.zip ado-script/gate.js ado-script/import.js ado-script/exec-context-pr.js ado-script/exec-context-pr-synth.js ado-script/exec-context-manual.js ado-script/exec-context-pipeline.js ado-script/exec-context-ci-push.js ado-script/exec-context-workitem.js ado-script/exec-context-schedule.js ado-script/exec-context-pr-checks.js ado-script/exec-context-repo.js | |
| - name: Upload release assets | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| TAG="${{ needs.release-please.outputs.tag_name || github.event.inputs.tag_name }}" | |
| gh release upload "$TAG" \ | |
| target/release/ado-aw-linux-x64 \ | |
| ado-script.zip \ | |
| scripts/install/install-linux.sh \ | |
| scripts/install/install-macos.sh \ | |
| scripts/install/install-windows.ps1 \ | |
| --clobber | |
| build-windows: | |
| name: Build (Windows) | |
| needs: release-please | |
| if: >- | |
| always() && | |
| (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch') | |
| runs-on: windows-2022 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable | |
| - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 | |
| - name: Build | |
| run: cargo build --release --verbose | |
| - name: Run tests | |
| run: cargo test --verbose | |
| - name: Prepare release assets | |
| run: | | |
| Copy-Item target/release/ado-aw.exe target/release/ado-aw-windows-x64.exe | |
| - name: Upload release assets | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| $TAG = "${{ needs.release-please.outputs.tag_name || github.event.inputs.tag_name }}" | |
| gh release upload "$TAG" ` | |
| target/release/ado-aw-windows-x64.exe ` | |
| --clobber | |
| build-macos-arm64: | |
| name: Build (macOS arm64) | |
| needs: release-please | |
| if: >- | |
| always() && | |
| (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch') | |
| runs-on: macos-14 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable | |
| - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 | |
| - name: Build | |
| run: cargo build --release --verbose | |
| - name: Run tests | |
| run: cargo test --verbose | |
| - name: Prepare release assets | |
| run: | | |
| set -euo pipefail | |
| cd target/release | |
| cp ado-aw ado-aw-darwin-arm64 | |
| - name: Upload release assets | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| TAG="${{ needs.release-please.outputs.tag_name || github.event.inputs.tag_name }}" | |
| gh release upload "$TAG" \ | |
| target/release/ado-aw-darwin-arm64 \ | |
| --clobber | |
| checksums: | |
| name: Generate Checksums | |
| needs: [release-please, build, build-windows, build-macos-arm64] | |
| if: >- | |
| always() && | |
| (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch') && | |
| needs.build.result == 'success' && | |
| needs.build-windows.result == 'success' && | |
| needs.build-macos-arm64.result == 'success' | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Download release binaries and generate checksums | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| TAG="${{ needs.release-please.outputs.tag_name || github.event.inputs.tag_name }}" | |
| gh release download "$TAG" \ | |
| --pattern "ado-aw-*" \ | |
| --pattern "ado-script.zip" \ | |
| --pattern "install-linux.sh" \ | |
| --pattern "install-macos.sh" \ | |
| --pattern "install-windows.ps1" \ | |
| --repo "${{ github.repository }}" | |
| test -f ado-aw-linux-x64 || { echo "Missing ado-aw-linux-x64"; exit 1; } | |
| test -f ado-aw-windows-x64.exe || { echo "Missing ado-aw-windows-x64.exe"; exit 1; } | |
| test -f ado-aw-darwin-arm64 || { echo "Missing ado-aw-darwin-arm64"; exit 1; } | |
| test -f ado-script.zip || { echo "Missing ado-script.zip"; exit 1; } | |
| test -f install-linux.sh || { echo "Missing install-linux.sh"; exit 1; } | |
| test -f install-macos.sh || { echo "Missing install-macos.sh"; exit 1; } | |
| test -f install-windows.ps1 || { echo "Missing install-windows.ps1"; exit 1; } | |
| sha256sum \ | |
| ado-aw-linux-x64 \ | |
| ado-aw-windows-x64.exe \ | |
| ado-aw-darwin-arm64 \ | |
| ado-script.zip \ | |
| install-linux.sh \ | |
| install-macos.sh \ | |
| install-windows.ps1 \ | |
| > checksums.txt | |
| - name: Upload checksums | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| TAG="${{ needs.release-please.outputs.tag_name || github.event.inputs.tag_name }}" | |
| gh release upload "$TAG" checksums.txt --clobber --repo "${{ github.repository }}" | |
| trigger-recompile-safe-output-fixtures: | |
| name: Trigger safe-output fixture recompile | |
| needs: [release-please, checksums] | |
| # Run only once all release assets (binaries + checksums.txt) are uploaded. | |
| # Releases published via release-please do NOT fire the `release: published` | |
| # event on other workflows (GitHub suppresses this to prevent recursive | |
| # triggers), so we explicitly dispatch the recompile workflow here. The | |
| # default GITHUB_TOKEN has the `actions:write` scope needed to run | |
| # `gh workflow run`; the dispatched workflow uses its own secrets for any | |
| # downstream PR creation. | |
| if: >- | |
| always() && | |
| (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch') && | |
| needs.checksums.result == 'success' | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| actions: write | |
| steps: | |
| - name: Dispatch recompile-safe-output-fixtures | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| TAG="${{ needs.release-please.outputs.tag_name || github.event.inputs.tag_name }}" | |
| echo "Dispatching recompile-safe-output-fixtures for $TAG" | |
| gh workflow run recompile-safe-output-fixtures.lock.yml \ | |
| --repo "${{ github.repository }}" \ | |
| --ref main \ | |
| -f "version=$TAG" |