1use std::{cell::RefCell, ops::Not};
2
3use gh_workflow::{
4 Concurrency, Env, Expression, Step, WorkflowCallInput, WorkflowCallSecret,
5 WorkflowDispatchInput,
6};
7
8use crate::tasks::workflows::{runners::Platform, steps::NamedJob};
9
10macro_rules! secret {
11 ($secret_name:ident) => {
12 pub const $secret_name: &str = concat!("${{ secrets.", stringify!($secret_name), " }}");
13 };
14}
15
16macro_rules! var {
17 ($var_name:ident) => {
18 pub const $var_name: &str = concat!("${{ vars.", stringify!($var_name), " }}");
19 };
20}
21
22secret!(ANTHROPIC_API_KEY);
23secret!(OPENAI_API_KEY);
24secret!(GOOGLE_AI_API_KEY);
25secret!(GOOGLE_CLOUD_PROJECT);
26secret!(APPLE_NOTARIZATION_ISSUER_ID);
27secret!(APPLE_NOTARIZATION_KEY);
28secret!(APPLE_NOTARIZATION_KEY_ID);
29secret!(AZURE_SIGNING_CLIENT_ID);
30secret!(AZURE_SIGNING_CLIENT_SECRET);
31secret!(AZURE_SIGNING_TENANT_ID);
32secret!(CACHIX_AUTH_TOKEN);
33secret!(CLUSTER_NAME);
34secret!(DIGITALOCEAN_ACCESS_TOKEN);
35secret!(DIGITALOCEAN_SPACES_ACCESS_KEY);
36secret!(DIGITALOCEAN_SPACES_SECRET_KEY);
37secret!(GITHUB_TOKEN);
38secret!(MACOS_CERTIFICATE);
39secret!(MACOS_CERTIFICATE_PASSWORD);
40secret!(SENTRY_AUTH_TOKEN);
41secret!(ZED_CLIENT_CHECKSUM_SEED);
42secret!(ZED_CLOUD_PROVIDER_ADDITIONAL_MODELS_JSON);
43secret!(ZED_SENTRY_MINIDUMP_ENDPOINT);
44secret!(SLACK_APP_ZED_UNIT_EVALS_BOT_TOKEN);
45secret!(ZED_ZIPPY_APP_ID);
46secret!(ZED_ZIPPY_APP_PRIVATE_KEY);
47secret!(DISCORD_WEBHOOK_RELEASE_NOTES);
48secret!(WINGET_TOKEN);
49secret!(VERCEL_TOKEN);
50secret!(SLACK_WEBHOOK_WORKFLOW_FAILURES);
51secret!(R2_ACCOUNT_ID);
52secret!(R2_ACCESS_KEY_ID);
53secret!(R2_SECRET_ACCESS_KEY);
54
55// todo(ci) make these secrets too...
56var!(AZURE_SIGNING_ACCOUNT_NAME);
57var!(AZURE_SIGNING_CERT_PROFILE_NAME);
58var!(AZURE_SIGNING_ENDPOINT);
59
60pub fn bundle_envs(platform: Platform) -> Env {
61 let env = Env::default()
62 .add("CARGO_INCREMENTAL", 0)
63 .add("ZED_CLIENT_CHECKSUM_SEED", ZED_CLIENT_CHECKSUM_SEED)
64 .add("ZED_MINIDUMP_ENDPOINT", ZED_SENTRY_MINIDUMP_ENDPOINT);
65
66 match platform {
67 Platform::Linux => env,
68 Platform::Mac => env
69 .add("MACOS_CERTIFICATE", MACOS_CERTIFICATE)
70 .add("MACOS_CERTIFICATE_PASSWORD", MACOS_CERTIFICATE_PASSWORD)
71 .add("APPLE_NOTARIZATION_KEY", APPLE_NOTARIZATION_KEY)
72 .add("APPLE_NOTARIZATION_KEY_ID", APPLE_NOTARIZATION_KEY_ID)
73 .add("APPLE_NOTARIZATION_ISSUER_ID", APPLE_NOTARIZATION_ISSUER_ID),
74 Platform::Windows => env
75 .add("AZURE_TENANT_ID", AZURE_SIGNING_TENANT_ID)
76 .add("AZURE_CLIENT_ID", AZURE_SIGNING_CLIENT_ID)
77 .add("AZURE_CLIENT_SECRET", AZURE_SIGNING_CLIENT_SECRET)
78 .add("ACCOUNT_NAME", AZURE_SIGNING_ACCOUNT_NAME)
79 .add("CERT_PROFILE_NAME", AZURE_SIGNING_CERT_PROFILE_NAME)
80 .add("ENDPOINT", AZURE_SIGNING_ENDPOINT)
81 .add("FILE_DIGEST", "SHA256")
82 .add("TIMESTAMP_DIGEST", "SHA256")
83 .add("TIMESTAMP_SERVER", "http://timestamp.acs.microsoft.com"),
84 }
85}
86
87pub fn one_workflow_per_non_main_branch() -> Concurrency {
88 one_workflow_per_non_main_branch_and_token("")
89}
90
91pub fn one_workflow_per_non_main_branch_and_token<T: AsRef<str>>(token: T) -> Concurrency {
92 Concurrency::default()
93 .group(format!(
94 concat!(
95 "${{{{ github.workflow }}}}-${{{{ github.ref_name }}}}-",
96 "${{{{ github.ref_name == 'main' && github.sha || 'anysha' }}}}{}"
97 ),
98 token.as_ref()
99 ))
100 .cancel_in_progress(true)
101}
102
103pub(crate) fn allow_concurrent_runs() -> Concurrency {
104 Concurrency::default()
105 .group("${{ github.workflow }}-${{ github.ref_name }}-${{ github.run_id }}")
106 .cancel_in_progress(true)
107}
108
109// Represents a pattern to check for changed files and corresponding output variable
110pub struct PathCondition {
111 pub name: &'static str,
112 pub pattern: &'static str,
113 pub invert: bool,
114 pub set_by_step: RefCell<Option<String>>,
115}
116impl PathCondition {
117 pub fn new(name: &'static str, pattern: &'static str) -> Self {
118 Self {
119 name,
120 pattern,
121 invert: false,
122 set_by_step: Default::default(),
123 }
124 }
125 pub fn inverted(name: &'static str, pattern: &'static str) -> Self {
126 Self {
127 name,
128 pattern,
129 invert: true,
130 set_by_step: Default::default(),
131 }
132 }
133
134 pub fn and_always<'a>(&'a self) -> PathContextCondition<'a> {
135 PathContextCondition {
136 condition: self,
137 run_in_merge_queue: true,
138 }
139 }
140
141 pub fn and_not_in_merge_queue<'a>(&'a self) -> PathContextCondition<'a> {
142 PathContextCondition {
143 condition: self,
144 run_in_merge_queue: false,
145 }
146 }
147}
148
149pub struct PathContextCondition<'a> {
150 condition: &'a PathCondition,
151 run_in_merge_queue: bool,
152}
153
154impl<'a> PathContextCondition<'a> {
155 pub fn guard(&'a self, job: NamedJob) -> NamedJob {
156 let set_by_step = self
157 .condition
158 .set_by_step
159 .borrow()
160 .clone()
161 .unwrap_or_else(|| panic!("condition {},is never set", self.condition.name));
162 NamedJob {
163 name: job.name,
164 job: job.job.add_need(set_by_step.clone()).cond(Expression::new(
165 format!(
166 "needs.{}.outputs.{} == 'true' {merge_queue_condition}",
167 &set_by_step,
168 self.condition.name,
169 merge_queue_condition = self
170 .run_in_merge_queue
171 .not()
172 .then_some("&& github.event_name != 'merge_group'")
173 .unwrap_or_default()
174 )
175 .trim(),
176 )),
177 }
178 }
179}
180
181pub(crate) struct StepOutput {
182 pub name: &'static str,
183 step_id: String,
184}
185
186impl StepOutput {
187 pub fn new<T>(step: &Step<T>, name: &'static str) -> Self {
188 let step_id = step
189 .value
190 .id
191 .clone()
192 .expect("Steps that produce outputs must have an ID");
193
194 assert!(
195 step.value
196 .run
197 .as_ref()
198 .is_none_or(|run_command| run_command.contains(name)),
199 "Step Output name {name} must occur at least once in run command with ID {step_id}!"
200 );
201
202 Self { name, step_id }
203 }
204
205 pub fn new_unchecked<T>(step: &Step<T>, name: &'static str) -> Self {
206 let step_id = step
207 .value
208 .id
209 .clone()
210 .expect("Steps that produce outputs must have an ID");
211
212 Self { name, step_id }
213 }
214
215 pub fn expr(&self) -> String {
216 format!("steps.{}.outputs.{}", self.step_id, self.name)
217 }
218
219 pub fn as_job_output(self, job: &NamedJob) -> JobOutput {
220 JobOutput {
221 job_name: job.name.clone(),
222 name: self.name,
223 }
224 }
225}
226
227impl serde::Serialize for StepOutput {
228 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
229 where
230 S: serde::Serializer,
231 {
232 serializer.serialize_str(&self.to_string())
233 }
234}
235
236impl std::fmt::Display for StepOutput {
237 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
238 write!(f, "${{{{ {} }}}}", self.expr())
239 }
240}
241
242pub(crate) struct JobOutput {
243 job_name: String,
244 name: &'static str,
245}
246
247impl JobOutput {
248 pub fn expr(&self) -> String {
249 format!("needs.{}.outputs.{}", self.job_name, self.name)
250 }
251}
252
253impl serde::Serialize for JobOutput {
254 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
255 where
256 S: serde::Serializer,
257 {
258 serializer.serialize_str(&self.to_string())
259 }
260}
261
262impl std::fmt::Display for JobOutput {
263 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
264 write!(f, "${{{{ {} }}}}", self.expr())
265 }
266}
267
268pub struct WorkflowInput {
269 pub input_type: &'static str,
270 pub name: &'static str,
271 pub default: Option<String>,
272 pub description: Option<String>,
273}
274
275impl WorkflowInput {
276 pub fn string(name: &'static str, default: Option<String>) -> Self {
277 Self {
278 input_type: "string",
279 name,
280 default,
281 description: None,
282 }
283 }
284
285 pub fn bool(name: &'static str, default: Option<bool>) -> Self {
286 Self {
287 input_type: "boolean",
288 name,
289 default: default.as_ref().map(ToString::to_string),
290 description: None,
291 }
292 }
293
294 pub fn description(mut self, description: impl ToString) -> Self {
295 self.description = Some(description.to_string());
296 self
297 }
298
299 pub fn input(&self) -> WorkflowDispatchInput {
300 WorkflowDispatchInput {
301 description: self
302 .description
303 .clone()
304 .unwrap_or_else(|| self.name.to_owned()),
305 required: self.default.is_none(),
306 input_type: self.input_type.to_owned(),
307 default: self.default.clone(),
308 }
309 }
310
311 pub fn call_input(&self) -> WorkflowCallInput {
312 WorkflowCallInput {
313 description: self.name.to_owned(),
314 required: self.default.is_none(),
315 input_type: self.input_type.to_owned(),
316 default: self.default.clone(),
317 }
318 }
319
320 pub(crate) fn expr(&self) -> String {
321 format!("inputs.{}", self.name)
322 }
323}
324
325impl std::fmt::Display for WorkflowInput {
326 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
327 write!(f, "${{{{ {} }}}}", self.expr())
328 }
329}
330
331impl serde::Serialize for WorkflowInput {
332 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
333 where
334 S: serde::Serializer,
335 {
336 serializer.serialize_str(&self.to_string())
337 }
338}
339
340pub(crate) struct WorkflowSecret {
341 pub name: &'static str,
342 description: String,
343 required: bool,
344}
345
346impl WorkflowSecret {
347 pub fn new(name: &'static str, description: impl ToString) -> Self {
348 Self {
349 name,
350 description: description.to_string(),
351 required: true,
352 }
353 }
354
355 pub fn secret_configuration(&self) -> WorkflowCallSecret {
356 WorkflowCallSecret {
357 description: self.description.clone(),
358 required: self.required,
359 }
360 }
361}
362
363impl std::fmt::Display for WorkflowSecret {
364 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
365 write!(f, "${{{{ secrets.{} }}}}", self.name)
366 }
367}
368
369impl serde::Serialize for WorkflowSecret {
370 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
371 where
372 S: serde::Serializer,
373 {
374 serializer.serialize_str(&self.to_string())
375 }
376}
377
378pub mod assets {
379 // NOTE: these asset names also exist in the zed.dev codebase.
380 pub const MAC_AARCH64: &str = "Zed-aarch64.dmg";
381 pub const MAC_X86_64: &str = "Zed-x86_64.dmg";
382 pub const LINUX_AARCH64: &str = "zed-linux-aarch64.tar.gz";
383 pub const LINUX_X86_64: &str = "zed-linux-x86_64.tar.gz";
384 pub const WINDOWS_X86_64: &str = "Zed-x86_64.exe";
385 pub const WINDOWS_AARCH64: &str = "Zed-aarch64.exe";
386
387 pub const REMOTE_SERVER_MAC_AARCH64: &str = "zed-remote-server-macos-aarch64.gz";
388 pub const REMOTE_SERVER_MAC_X86_64: &str = "zed-remote-server-macos-x86_64.gz";
389 pub const REMOTE_SERVER_LINUX_AARCH64: &str = "zed-remote-server-linux-aarch64.gz";
390 pub const REMOTE_SERVER_LINUX_X86_64: &str = "zed-remote-server-linux-x86_64.gz";
391 pub const REMOTE_SERVER_WINDOWS_AARCH64: &str = "zed-remote-server-windows-aarch64.zip";
392 pub const REMOTE_SERVER_WINDOWS_X86_64: &str = "zed-remote-server-windows-x86_64.zip";
393
394 pub fn all() -> Vec<&'static str> {
395 vec![
396 MAC_AARCH64,
397 MAC_X86_64,
398 LINUX_AARCH64,
399 LINUX_X86_64,
400 WINDOWS_X86_64,
401 WINDOWS_AARCH64,
402 REMOTE_SERVER_MAC_AARCH64,
403 REMOTE_SERVER_MAC_X86_64,
404 REMOTE_SERVER_LINUX_AARCH64,
405 REMOTE_SERVER_LINUX_X86_64,
406 REMOTE_SERVER_WINDOWS_AARCH64,
407 REMOTE_SERVER_WINDOWS_X86_64,
408 ]
409 }
410}