docs(changelog): cut 0.0.8 #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| crates-io: | |
| name: Publish to crates.io | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install esbuild (for harmont-ts bundle) | |
| working-directory: crates/hm-dsl-engine/harmont-ts | |
| run: npm ci | |
| - name: Set version from tag | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "VERSION=$VERSION" >> "$GITHUB_ENV" | |
| # Bump crate versions. Every workspace member that harmont-cli | |
| # depends on (directly or transitively) must be published, so each | |
| # one needs the tagged version stamped in. | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-util/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-pipeline-ir/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-config/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-plugin-protocol/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-render/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-vm/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-exec/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-plugin-cloud/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm-dsl-engine/Cargo.toml | |
| sed -i "0,/version = \"0.0.0-dev\"/s//version = \"$VERSION\"/" crates/hm/Cargo.toml | |
| # Rewrite workspace.dependencies pins so dependents resolve to the | |
| # tagged version (cargo publish strips path deps; the version field | |
| # is what consumers will receive). | |
| sed -i "s|hm-exec = { path = \"crates/hm-exec\", version = \"0.0.0-dev\" }|hm-exec = { path = \"crates/hm-exec\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-plugin-protocol = { path = \"crates/hm-plugin-protocol\", version = \"0.0.0-dev\" }|hm-plugin-protocol = { path = \"crates/hm-plugin-protocol\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-plugin-cloud = { path = \"crates/hm-plugin-cloud\", version = \"0.0.0-dev\" }|hm-plugin-cloud = { path = \"crates/hm-plugin-cloud\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-pipeline-ir = { path = \"crates/hm-pipeline-ir\", version = \"0.0.0-dev\" }|hm-pipeline-ir = { path = \"crates/hm-pipeline-ir\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-util = { path = \"crates/hm-util\", version = \"0.0.0-dev\" }|hm-util = { path = \"crates/hm-util\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-config = { path = \"crates/hm-config\", version = \"0.0.0-dev\" }|hm-config = { path = \"crates/hm-config\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-dsl-engine = { path = \"crates/hm-dsl-engine\", version = \"0.0.0-dev\" }|hm-dsl-engine = { path = \"crates/hm-dsl-engine\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-render = { path = \"crates/hm-render\", version = \"0.0.0-dev\" }|hm-render = { path = \"crates/hm-render\", version = \"$VERSION\" }|" Cargo.toml | |
| sed -i "s|hm-vm = { path = \"crates/hm-vm\", version = \"0.0.0-dev\" }|hm-vm = { path = \"crates/hm-vm\", version = \"$VERSION\" }|" Cargo.toml | |
| cargo check --workspace --exclude hm-fixtures | |
| - name: Publishability guard (dry-run package the whole graph) | |
| # Fail fast before any real `cargo publish` if the dependency graph | |
| # isn't publishable — e.g. a publishable crate depending on a | |
| # `publish = false` crate, or a missing version bump. `cargo package | |
| # --workspace` resolves sibling path deps locally (no index lookup, | |
| # unlike `cargo publish --dry-run`, which the not-yet-published deps | |
| # would fail), so it catches exactly the publish=false / unpublished-dep | |
| # class of regression. `--no-verify` skips the per-crate rebuild; | |
| # `cargo check --workspace` above already proved it compiles. | |
| run: cargo package --workspace --exclude hm-fixtures --allow-dirty --no-verify | |
| - name: Publish hm-util | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-util/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-util@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-util --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-pipeline-ir | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-pipeline-ir/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-pipeline-ir@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-pipeline-ir --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-config | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-config/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-config@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-config --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-plugin-protocol | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-plugin-protocol/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-plugin-protocol@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-plugin-protocol --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-render | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-render/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-render@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-render --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-vm | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-vm/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-vm@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-vm --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-exec | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-exec/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-exec@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-exec --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-plugin-cloud | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-plugin-cloud/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-plugin-cloud@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-plugin-cloud --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish hm-dsl-engine | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/hm-dsl-engine/$VERSION" > /dev/null 2>&1; then | |
| echo "hm-dsl-engine@$VERSION already published, skipping" | |
| else | |
| cargo publish -p hm-dsl-engine --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty --no-verify | |
| fi | |
| - name: Wait for crates.io index | |
| run: sleep 30 | |
| - name: Publish harmont-cli | |
| run: | | |
| if curl -sf -A "harmont-release-ci (github-actions)" "https://crates.io/api/v1/crates/harmont-cli/$VERSION" > /dev/null 2>&1; then | |
| echo "harmont-cli@$VERSION already published, skipping" | |
| else | |
| cargo publish -p harmont-cli --token ${{ secrets.CRATES_IO_TOKEN }} --allow-dirty --no-verify | |
| fi | |
| npm: | |
| name: Publish to npm | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| registry-url: "https://registry.npmjs.org" | |
| cache: npm | |
| cache-dependency-path: crates/hm-dsl-engine/harmont-ts/package-lock.json | |
| # node 20 ships npm 10, which can sign provenance but cannot AUTHENTICATE | |
| # via OIDC trusted publishing — that needs npm >= 11.5.1. Without it the | |
| # publish PUT goes out unauthenticated and npm masks it as a 404. Upgrade | |
| # so the configured trusted publisher actually authenticates the publish. | |
| - name: Upgrade npm for OIDC trusted publishing | |
| run: npm install -g npm@latest | |
| - name: Install dependencies | |
| working-directory: crates/hm-dsl-engine/harmont-ts | |
| run: npm ci | |
| - name: Build | |
| working-directory: crates/hm-dsl-engine/harmont-ts | |
| run: npm run build | |
| - name: Set version from tag | |
| working-directory: crates/hm-dsl-engine/harmont-ts | |
| run: npm version "${GITHUB_REF_NAME#v}" --no-git-tag-version | |
| - name: Publish | |
| working-directory: crates/hm-dsl-engine/harmont-ts | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| if npm view @harmont/hm@"$VERSION" version 2>/dev/null; then | |
| echo "@harmont/hm@$VERSION already published, skipping" | |
| else | |
| npm publish --access public --provenance | |
| fi | |
| pypi: | |
| name: Publish to PyPI | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install build tools | |
| run: pip install build | |
| - name: Set version from tag | |
| working-directory: crates/hm-dsl-engine/harmont-py | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| sed -i "s/version = \"0.0.0-dev\"/version = \"$VERSION\"/" pyproject.toml | |
| - name: Build | |
| working-directory: crates/hm-dsl-engine/harmont-py | |
| run: python -m build | |
| - name: Check if already published | |
| id: check | |
| working-directory: crates/hm-dsl-engine/harmont-py | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| if curl -sf "https://pypi.org/pypi/harmont/$VERSION/json" > /dev/null 2>&1; then | |
| echo "exists=true" >> "$GITHUB_OUTPUT" | |
| echo "harmont@$VERSION already published, skipping" | |
| fi | |
| - name: Publish | |
| if: steps.check.outputs.exists != 'true' | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: crates/hm-dsl-engine/harmont-py/dist/ | |
| build-binary: | |
| name: Build ${{ matrix.target }} | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-musl | |
| runner: ubuntu-latest | |
| musl: true | |
| - target: aarch64-unknown-linux-musl | |
| runner: ubuntu-24.04-arm | |
| musl: true | |
| - target: aarch64-apple-darwin | |
| runner: macos-latest | |
| - target: x86_64-apple-darwin | |
| runner: macos-latest | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ${{ matrix.target }} | |
| - name: Install musl toolchain | |
| if: matrix.musl | |
| run: sudo apt-get update && sudo apt-get install -y musl-tools | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: npm | |
| cache-dependency-path: crates/hm-dsl-engine/harmont-ts/package-lock.json | |
| - name: Install esbuild | |
| working-directory: crates/hm-dsl-engine/harmont-ts | |
| run: npm ci | |
| - name: Set version from tag | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "VERSION=$VERSION" >> "$GITHUB_ENV" | |
| sed -i'' -e 's/version = "0.0.0-dev"/version = "'"$VERSION"'"/' crates/hm/Cargo.toml | |
| - name: Build | |
| run: cargo build --release --target ${{ matrix.target }} -p harmont-cli | |
| - name: Package | |
| run: | | |
| ARCHIVE="hm-${{ matrix.target }}.tar.gz" | |
| tar czf "$ARCHIVE" -C "target/${{ matrix.target }}/release" hm | |
| sha256sum "$ARCHIVE" > "$ARCHIVE.sha256" || shasum -a 256 "$ARCHIVE" > "$ARCHIVE.sha256" | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: hm-${{ matrix.target }} | |
| path: | | |
| hm-${{ matrix.target }}.tar.gz | |
| hm-${{ matrix.target }}.tar.gz.sha256 | |
| retention-days: 1 | |
| github-release: | |
| name: Create GitHub Release | |
| timeout-minutes: 10 | |
| needs: build-binary | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Create or update release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| if gh release view "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then | |
| gh release upload "$GITHUB_REF_NAME" \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --clobber \ | |
| artifacts/* | |
| else | |
| gh release create "$GITHUB_REF_NAME" \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --title "$GITHUB_REF_NAME" \ | |
| --generate-notes \ | |
| artifacts/* | |
| fi |