1use std::cell::RefCell;
2
3use gh_workflow::{Concurrency, Env, Expression};
4
5use crate::tasks::workflows::steps::NamedJob;
6
7macro_rules! secret {
8 ($secret_name:ident) => {
9 pub const $secret_name: &str = concat!("${{ secrets.", stringify!($secret_name), " }}");
10 };
11}
12
13macro_rules! var {
14 ($secret_name:ident) => {
15 pub const $secret_name: &str = concat!("${{ vars.", stringify!($secret_name), " }}");
16 };
17}
18
19secret!(APPLE_NOTARIZATION_ISSUER_ID);
20secret!(APPLE_NOTARIZATION_KEY);
21secret!(APPLE_NOTARIZATION_KEY_ID);
22secret!(AZURE_SIGNING_CLIENT_ID);
23secret!(AZURE_SIGNING_CLIENT_SECRET);
24secret!(AZURE_SIGNING_TENANT_ID);
25secret!(CACHIX_AUTH_TOKEN);
26secret!(DIGITALOCEAN_SPACES_ACCESS_KEY);
27secret!(DIGITALOCEAN_SPACES_SECRET_KEY);
28secret!(GITHUB_TOKEN);
29secret!(MACOS_CERTIFICATE);
30secret!(MACOS_CERTIFICATE_PASSWORD);
31secret!(SENTRY_AUTH_TOKEN);
32secret!(ZED_CLIENT_CHECKSUM_SEED);
33secret!(ZED_CLOUD_PROVIDER_ADDITIONAL_MODELS_JSON);
34secret!(ZED_SENTRY_MINIDUMP_ENDPOINT);
35
36// todo(ci) make these secrets too...
37var!(AZURE_SIGNING_ACCOUNT_NAME);
38var!(AZURE_SIGNING_CERT_PROFILE_NAME);
39var!(AZURE_SIGNING_ENDPOINT);
40
41pub const GITHUB_SHA: &str = "${{ github.event.pull_request.head.sha || github.sha }}";
42
43pub fn mac_bundle_envs() -> Env {
44 Env::default()
45 .add("MACOS_CERTIFICATE", MACOS_CERTIFICATE)
46 .add("MACOS_CERTIFICATE_PASSWORD", MACOS_CERTIFICATE_PASSWORD)
47 .add("APPLE_NOTARIZATION_KEY", APPLE_NOTARIZATION_KEY)
48 .add("APPLE_NOTARIZATION_KEY_ID", APPLE_NOTARIZATION_KEY_ID)
49 .add("APPLE_NOTARIZATION_ISSUER_ID", APPLE_NOTARIZATION_ISSUER_ID)
50}
51
52pub fn windows_bundle_envs() -> Env {
53 Env::default()
54 .add("AZURE_TENANT_ID", AZURE_SIGNING_TENANT_ID)
55 .add("AZURE_CLIENT_ID", AZURE_SIGNING_CLIENT_ID)
56 .add("AZURE_CLIENT_SECRET", AZURE_SIGNING_CLIENT_SECRET)
57 .add("ACCOUNT_NAME", AZURE_SIGNING_ACCOUNT_NAME)
58 .add("CERT_PROFILE_NAME", AZURE_SIGNING_CERT_PROFILE_NAME)
59 .add("ENDPOINT", AZURE_SIGNING_ENDPOINT)
60 .add("FILE_DIGEST", "SHA256")
61 .add("TIMESTAMP_DIGEST", "SHA256")
62 .add("TIMESTAMP_SERVER", "http://timestamp.acs.microsoft.com")
63}
64
65pub(crate) fn one_workflow_per_non_main_branch() -> Concurrency {
66 Concurrency::default()
67 .group("${{ github.workflow }}-${{ github.ref_name }}-${{ github.ref_name == 'main' && github.sha || 'anysha' }}")
68 .cancel_in_progress(true)
69}
70
71// Represents a pattern to check for changed files and corresponding output variable
72pub(crate) struct PathCondition {
73 pub name: &'static str,
74 pub pattern: &'static str,
75 pub invert: bool,
76 pub set_by_step: RefCell<Option<String>>,
77}
78impl PathCondition {
79 pub fn new(name: &'static str, pattern: &'static str) -> Self {
80 Self {
81 name,
82 pattern,
83 invert: false,
84 set_by_step: Default::default(),
85 }
86 }
87 pub fn inverted(name: &'static str, pattern: &'static str) -> Self {
88 Self {
89 name,
90 pattern,
91 invert: true,
92 set_by_step: Default::default(),
93 }
94 }
95 pub fn guard(&self, job: NamedJob) -> NamedJob {
96 let set_by_step = self
97 .set_by_step
98 .borrow()
99 .clone()
100 .unwrap_or_else(|| panic!("condition {},is never set", self.name));
101 NamedJob {
102 name: job.name,
103 job: job
104 .job
105 .add_needs(set_by_step.clone())
106 .cond(Expression::new(format!(
107 "needs.{}.outputs.{} == 'true'",
108 &set_by_step, self.name
109 ))),
110 }
111 }
112}