add publish actions for wit and component (#70)

markfisher · web-flow · commit cd294d45ffb8 · 2026-05-09T11:37:46.000-04:00
Signed-off-by: markfisher &lt;mark@modulewise.com&gt;
diff --git a/.github/workflows/publish-component.yml b/.github/workflows/publish-component.yml
@@ -0,0 +1,124 @@
+name: Publish Component
+
+on:
+  push:
+    tags:
+      - 'component-*-v[0-9]+.[0-9]+.[0-9]+-?**'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Parse tag
+        id: parse
+        run: |
+          tag="${GITHUB_REF#refs/tags/}"
+          rest="${tag#component-}"
+          name="${rest%-v*}"
+          version="${rest##*-v}"
+          echo "name=$name" >> "$GITHUB_OUTPUT"
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+
+      - name: Read component metadata
+        id: meta
+        working-directory: components
+        run: |
+          name="${{ steps.parse.outputs.name }}"
+          version="${{ steps.parse.outputs.version }}"
+          json=$(cargo metadata --no-deps --format-version 1 \
+            | jq --arg n "$name" '.packages[] | select(.name == $n)')
+          if [ -z "$json" ]; then
+            echo "Component '$name' not found in cargo workspace" >&2
+            exit 1
+          fi
+          manifest_version=$(echo "$json" | jq -r '.version')
+          if [ "$manifest_version" != "$version" ]; then
+            echo "Tag version ($version) does not match Cargo.toml version ($manifest_version) for $name" >&2
+            exit 1
+          fi
+          description=$(echo "$json" | jq -r '.description // ""')
+          homepage=$(echo "$json" | jq -r '.homepage // ""')
+          repository=$(echo "$json" | jq -r '.repository // ""')
+          license=$(echo "$json" | jq -r '.license // ""')
+          for field in description homepage repository license; do
+            if [ -z "${!field}" ]; then
+              echo "Component '$name' is missing '$field' in Cargo.toml" >&2
+              exit 1
+            fi
+          done
+          echo "description=$description" >> "$GITHUB_OUTPUT"
+          echo "homepage=$homepage" >> "$GITHUB_OUTPUT"
+          echo "source=$repository" >> "$GITHUB_OUTPUT"
+          echo "license=$license" >> "$GITHUB_OUTPUT"
+
+      - name: Add wasm32-unknown-unknown target
+        run: rustup target add wasm32-unknown-unknown
+
+      - name: Install cargo-binstall
+        uses: cargo-bins/cargo-binstall@v1
+
+      - name: Install build tools
+        run: |
+          cargo binstall cargo-auditable --no-confirm
+          cargo binstall auditable2cdx --no-confirm
+          cargo binstall wasm-tools --no-confirm
+
+      - name: Build core wasm with cargo-auditable
+        working-directory: components
+        run: cargo auditable build -p ${{ steps.parse.outputs.name }} --target wasm32-unknown-unknown --release
+
+      - name: Wrap as wasm component
+        working-directory: components
+        run: |
+          name="${{ steps.parse.outputs.name }}"
+          cargo_name="${name//-/_}"
+          wasm-tools component new \
+            "target/wasm32-unknown-unknown/release/${cargo_name}.wasm" \
+            -o "/tmp/${name}.wasm"
+
+      - name: Extract SBOM
+        run: |
+          name="${{ steps.parse.outputs.name }}"
+          auditable2cdx "/tmp/${name}.wasm" > "/tmp/${name}.cdx.json"
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish component to GitHub Container Registry
+        id: publish
+        uses: bytecodealliance/wkg-github-action@v5
+        with:
+          file: /tmp/${{ steps.parse.outputs.name }}.wasm
+          oci-reference-without-tag: ghcr.io/modulewise/component/${{ steps.parse.outputs.name }}
+          version: ${{ steps.parse.outputs.version }}
+          description: ${{ steps.meta.outputs.description }}
+          source: ${{ steps.meta.outputs.source }}
+          homepage: ${{ steps.meta.outputs.homepage }}
+          licenses: ${{ steps.meta.outputs.license }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v4
+
+      - name: Sign component
+        run: |
+          cosign sign --yes \
+            ghcr.io/modulewise/component/${{ steps.parse.outputs.name }}@${{ steps.publish.outputs.digest }}
+
+      - name: Attest SBOM
+        run: |
+          name="${{ steps.parse.outputs.name }}"
+          cosign attest --yes \
+            --type cyclonedx \
+            --predicate "/tmp/${name}.cdx.json" \
+            ghcr.io/modulewise/component/${name}@${{ steps.publish.outputs.digest }}
diff --git a/.github/workflows/publish-wit.yml b/.github/workflows/publish-wit.yml
@@ -0,0 +1,100 @@
+name: Publish WIT package
+
+on:
+  push:
+    tags:
+      - 'wit-*-v[0-9]+.[0-9]+.[0-9]+-?**'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Parse tag
+        id: parse
+        run: |
+          tag="${GITHUB_REF#refs/tags/}"
+          rest="${tag#wit-}"
+          name="${rest%-v*}"
+          version="${rest##*-v}"
+          wit_dir="components/${name}/wit"
+          wkg_toml="components/${name}/wkg.toml"
+          package_wit="${wit_dir}/package.wit"
+          for f in "$wit_dir" "$wkg_toml" "$package_wit"; do
+            if [ ! -e "$f" ]; then
+              echo "Required path not found: $f" >&2
+              exit 1
+            fi
+          done
+          # Namespace from `package <ns>:<name>@<version>;` declaration
+          ns=$(sed -nE 's/^package ([a-z][a-z0-9-]*):.*$/\1/p' "$package_wit" | head -1)
+          if [ -z "$ns" ]; then
+            echo "Failed to extract namespace from $package_wit" >&2
+            exit 1
+          fi
+          echo "name=$name" >> "$GITHUB_OUTPUT"
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+          echo "namespace=$ns" >> "$GITHUB_OUTPUT"
+          echo "wkg_toml=$wkg_toml" >> "$GITHUB_OUTPUT"
+
+      - name: Read package metadata
+        id: meta
+        run: |
+          file="${{ steps.parse.outputs.wkg_toml }}"
+          description=$(yq -p toml -o yaml -r '.metadata.description // ""' "$file")
+          homepage=$(yq -p toml -o yaml -r '.metadata.homepage // ""' "$file")
+          repository=$(yq -p toml -o yaml -r '.metadata.repository // ""' "$file")
+          license=$(yq -p toml -o yaml -r '.metadata.license // ""' "$file")
+          for field in description homepage repository license; do
+            if [ -z "${!field}" ]; then
+              echo "wkg.toml is missing '$field' under [metadata]" >&2
+              exit 1
+            fi
+          done
+          echo "description=$description" >> "$GITHUB_OUTPUT"
+          echo "homepage=$homepage" >> "$GITHUB_OUTPUT"
+          echo "source=$repository" >> "$GITHUB_OUTPUT"
+          echo "license=$license" >> "$GITHUB_OUTPUT"
+
+      - name: Install cargo-binstall
+        uses: cargo-bins/cargo-binstall@v1
+
+      - name: Install wkg
+        run: cargo binstall wkg --no-confirm
+
+      - name: Build WIT package
+        working-directory: components/${{ steps.parse.outputs.name }}
+        run: wkg wit build --output /tmp/wit-package.wasm
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish WIT to GitHub Container Registry
+        id: publish
+        uses: bytecodealliance/wkg-github-action@v5
+        with:
+          file: /tmp/wit-package.wasm
+          oci-reference-without-tag: ghcr.io/modulewise/wit/${{ steps.parse.outputs.namespace }}/${{ steps.parse.outputs.name }}
+          version: ${{ steps.parse.outputs.version }}
+          description: ${{ steps.meta.outputs.description }}
+          source: ${{ steps.meta.outputs.source }}
+          homepage: ${{ steps.meta.outputs.homepage }}
+          licenses: ${{ steps.meta.outputs.license }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v4
+
+      - name: Sign WIT package
+        run: |
+          cosign sign --yes \
+            ghcr.io/modulewise/wit/${{ steps.parse.outputs.namespace }}/${{ steps.parse.outputs.name }}@${{ steps.publish.outputs.digest }}
diff --git a/components/http/README.md b/components/http/README.md
@@ -0,0 +1,33 @@
+# composable:http
+
+HTTP client support, including a WIT definition and a Wasm Component.
+
+(for hosting Wasm Components behind an HTTP server, see [`crates/http-server`](../../crates/http-server))
+
+## The `composable:http/client` Interface
+
+Request functions (each returns `result<http-response, string>`):
+
+- `request(method, url, headers, body, options)`
+- `get(url, headers, options)`
+- `post(url, headers, body, options)`
+- `put(url, headers, body, options)`
+- `delete(url, headers, options)`
+- `patch(url, headers, body, options)`
+- `head(url, headers, options)`
+- `options(url, headers, options)`
+
+The `options` arg includes per-request timeouts and response-size limits. If not provided, default timeouts will be used, and there will be no cap on the response size.
+
+See [`wit/package.wit`](wit/package.wit) for the full type definitions.
+
+## The `http-client` World
+
+- exports `composable:http/client`
+- imports `wasi:http/outgoing-handler`
+
+That import can be satisfied by the `wasi:http` Capability which is available in the core runtime.
+
+## The `http-client` Component
+
+Implementation of the `http-client` world, with source code in the [client](client/) sub-directory.
diff --git a/components/http/client/Cargo.toml b/components/http/client/Cargo.toml
@@ -2,6 +2,10 @@
 name = "http-client"
 version = "0.1.0"
 edition = "2024"
+description = "HTTP client component implementing the composable:http/client interface"
+homepage = "https://github.com/modulewise/composable-runtime/tree/main/components/http"
+license = "Apache-2.0"
+repository = "https://github.com/modulewise/composable-runtime"
 
 [lib]
 crate-type = ["cdylib"]
diff --git a/components/http/wkg.toml b/components/http/wkg.toml
@@ -0,0 +1,5 @@
+[metadata]
+description = "WIT package defining the composable:http interfaces"
+license = "Apache-2.0"
+homepage = "https://github.com/modulewise/composable-runtime/tree/main/components/http"
+repository = "https://github.com/modulewise/composable-runtime"
