1use std::{cell::RefCell, ops::Not};
2
3use gh_workflow::{
4 Concurrency, Env, Expression, Step, WorkflowCallInput, WorkflowCallSecret,
5 WorkflowDispatchInput,
6};
7
8use crate::tasks::workflows::{runners::Platform, steps::NamedJob};
9
10macro_rules! secret {
11 ($secret_name:ident) => {
12 pub const $secret_name: &str = concat!("${{ secrets.", stringify!($secret_name), " }}");
13 };
14}
15
16macro_rules! var {
17 ($var_name:ident) => {
18 pub const $var_name: &str = concat!("${{ vars.", stringify!($var_name), " }}");
19 };
20}
21
22secret!(ANTHROPIC_API_KEY);
23secret!(OPENAI_API_KEY);
24secret!(GOOGLE_AI_API_KEY);
25secret!(GOOGLE_CLOUD_PROJECT);
26secret!(APPLE_NOTARIZATION_ISSUER_ID);
27secret!(APPLE_NOTARIZATION_KEY);
28secret!(APPLE_NOTARIZATION_KEY_ID);
29secret!(AZURE_SIGNING_CLIENT_ID);
30secret!(AZURE_SIGNING_CLIENT_SECRET);
31secret!(AZURE_SIGNING_TENANT_ID);
32secret!(CACHIX_AUTH_TOKEN);
33secret!(CLUSTER_NAME);
34secret!(DIGITALOCEAN_ACCESS_TOKEN);
35secret!(DIGITALOCEAN_SPACES_ACCESS_KEY);
36secret!(DIGITALOCEAN_SPACES_SECRET_KEY);
37secret!(GITHUB_TOKEN);
38secret!(MACOS_CERTIFICATE);
39secret!(MACOS_CERTIFICATE_PASSWORD);
40secret!(SENTRY_AUTH_TOKEN);
41secret!(ZED_CLIENT_CHECKSUM_SEED);
42secret!(ZED_CLOUD_PROVIDER_ADDITIONAL_MODELS_JSON);
43secret!(ZED_SENTRY_MINIDUMP_ENDPOINT);
44secret!(SLACK_APP_ZED_UNIT_EVALS_BOT_TOKEN);
45secret!(ZED_ZIPPY_APP_ID);
46secret!(ZED_ZIPPY_APP_PRIVATE_KEY);
47secret!(DISCORD_WEBHOOK_RELEASE_NOTES);
48secret!(WINGET_TOKEN);
49secret!(VERCEL_TOKEN);
50secret!(SLACK_WEBHOOK_WORKFLOW_FAILURES);
51secret!(R2_ACCOUNT_ID);
52secret!(R2_ACCESS_KEY_ID);
53secret!(R2_SECRET_ACCESS_KEY);
54secret!(CLOUDFLARE_API_TOKEN);
55secret!(CLOUDFLARE_ACCOUNT_ID);
56secret!(DOCS_AMPLITUDE_API_KEY);
57
58// todo(ci) make these secrets too...
59var!(AZURE_SIGNING_ACCOUNT_NAME);
60var!(AZURE_SIGNING_CERT_PROFILE_NAME);
61var!(AZURE_SIGNING_ENDPOINT);
62
63pub fn bundle_envs(platform: Platform) -> Env {
64 let env = Env::default()
65 .add("CARGO_INCREMENTAL", 0)
66 .add("ZED_CLIENT_CHECKSUM_SEED", ZED_CLIENT_CHECKSUM_SEED)
67 .add("ZED_MINIDUMP_ENDPOINT", ZED_SENTRY_MINIDUMP_ENDPOINT);
68
69 match platform {
70 Platform::Linux => env,
71 Platform::Mac => env
72 .add("MACOS_CERTIFICATE", MACOS_CERTIFICATE)
73 .add("MACOS_CERTIFICATE_PASSWORD", MACOS_CERTIFICATE_PASSWORD)
74 .add("APPLE_NOTARIZATION_KEY", APPLE_NOTARIZATION_KEY)
75 .add("APPLE_NOTARIZATION_KEY_ID", APPLE_NOTARIZATION_KEY_ID)
76 .add("APPLE_NOTARIZATION_ISSUER_ID", APPLE_NOTARIZATION_ISSUER_ID),
77 Platform::Windows => env
78 .add("AZURE_TENANT_ID", AZURE_SIGNING_TENANT_ID)
79 .add("AZURE_CLIENT_ID", AZURE_SIGNING_CLIENT_ID)
80 .add("AZURE_CLIENT_SECRET", AZURE_SIGNING_CLIENT_SECRET)
81 .add("ACCOUNT_NAME", AZURE_SIGNING_ACCOUNT_NAME)
82 .add("CERT_PROFILE_NAME", AZURE_SIGNING_CERT_PROFILE_NAME)
83 .add("ENDPOINT", AZURE_SIGNING_ENDPOINT)
84 .add("FILE_DIGEST", "SHA256")
85 .add("TIMESTAMP_DIGEST", "SHA256")
86 .add("TIMESTAMP_SERVER", "http://timestamp.acs.microsoft.com"),
87 }
88}
89
90pub fn one_workflow_per_non_main_branch() -> Concurrency {
91 one_workflow_per_non_main_branch_and_token("")
92}
93
94pub fn one_workflow_per_non_main_branch_and_token<T: AsRef<str>>(token: T) -> Concurrency {
95 Concurrency::default()
96 .group(format!(
97 concat!(
98 "${{{{ github.workflow }}}}-${{{{ github.ref_name }}}}-",
99 "${{{{ github.ref_name == 'main' && github.sha || 'anysha' }}}}{}"
100 ),
101 token.as_ref()
102 ))
103 .cancel_in_progress(true)
104}
105
106pub(crate) fn allow_concurrent_runs() -> Concurrency {
107 Concurrency::default()
108 .group("${{ github.workflow }}-${{ github.ref_name }}-${{ github.run_id }}")
109 .cancel_in_progress(true)
110}
111
112// Represents a pattern to check for changed files and corresponding output variable
113pub struct PathCondition {
114 pub name: &'static str,
115 pub pattern: &'static str,
116 pub invert: bool,
117 pub set_by_step: RefCell<Option<String>>,
118}
119impl PathCondition {
120 pub fn new(name: &'static str, pattern: &'static str) -> Self {
121 Self {
122 name,
123 pattern,
124 invert: false,
125 set_by_step: Default::default(),
126 }
127 }
128 pub fn inverted(name: &'static str, pattern: &'static str) -> Self {
129 Self {
130 name,
131 pattern,
132 invert: true,
133 set_by_step: Default::default(),
134 }
135 }
136
137 pub fn and_always<'a>(&'a self) -> PathContextCondition<'a> {
138 PathContextCondition {
139 condition: self,
140 run_in_merge_queue: true,
141 }
142 }
143
144 pub fn and_not_in_merge_queue<'a>(&'a self) -> PathContextCondition<'a> {
145 PathContextCondition {
146 condition: self,
147 run_in_merge_queue: false,
148 }
149 }
150}
151
152pub struct PathContextCondition<'a> {
153 condition: &'a PathCondition,
154 run_in_merge_queue: bool,
155}
156
157impl<'a> PathContextCondition<'a> {
158 pub fn then(&'a self, job: NamedJob) -> NamedJob {
159 let set_by_step = self
160 .condition
161 .set_by_step
162 .borrow()
163 .clone()
164 .unwrap_or_else(|| panic!("condition {},is never set", self.condition.name));
165 NamedJob {
166 name: job.name,
167 job: job.job.add_need(set_by_step.clone()).cond(Expression::new(
168 format!(
169 "needs.{}.outputs.{} == 'true' {merge_queue_condition}",
170 &set_by_step,
171 self.condition.name,
172 merge_queue_condition = self
173 .run_in_merge_queue
174 .not()
175 .then_some("&& github.event_name != 'merge_group'")
176 .unwrap_or_default()
177 )
178 .trim(),
179 )),
180 }
181 }
182}
183
184pub(crate) struct StepOutput {
185 pub name: &'static str,
186 step_id: String,
187}
188
189impl StepOutput {
190 pub fn new<T>(step: &Step<T>, name: &'static str) -> Self {
191 let step_id = step
192 .value
193 .id
194 .clone()
195 .expect("Steps that produce outputs must have an ID");
196
197 assert!(
198 step.value
199 .run
200 .as_ref()
201 .is_none_or(|run_command| run_command.contains(name)),
202 "Step output with name '{name}' must occur at least once in run command with ID {step_id}!"
203 );
204
205 Self { name, step_id }
206 }
207
208 pub fn new_unchecked<T>(step: &Step<T>, name: &'static str) -> Self {
209 let step_id = step
210 .value
211 .id
212 .clone()
213 .expect("Steps that produce outputs must have an ID");
214
215 Self { name, step_id }
216 }
217
218 pub fn expr(&self) -> String {
219 format!("steps.{}.outputs.{}", self.step_id, self.name)
220 }
221
222 pub fn as_job_output(self, job: &NamedJob) -> JobOutput {
223 JobOutput {
224 job_name: job.name.clone(),
225 name: self.name,
226 }
227 }
228}
229
230impl serde::Serialize for StepOutput {
231 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
232 where
233 S: serde::Serializer,
234 {
235 serializer.serialize_str(&self.to_string())
236 }
237}
238
239impl std::fmt::Display for StepOutput {
240 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
241 write!(f, "${{{{ {} }}}}", self.expr())
242 }
243}
244
245pub(crate) struct JobOutput {
246 job_name: String,
247 name: &'static str,
248}
249
250impl JobOutput {
251 pub fn expr(&self) -> String {
252 format!("needs.{}.outputs.{}", self.job_name, self.name)
253 }
254}
255
256impl serde::Serialize for JobOutput {
257 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
258 where
259 S: serde::Serializer,
260 {
261 serializer.serialize_str(&self.to_string())
262 }
263}
264
265impl std::fmt::Display for JobOutput {
266 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
267 write!(f, "${{{{ {} }}}}", self.expr())
268 }
269}
270
271pub struct WorkflowInput {
272 pub input_type: &'static str,
273 pub name: &'static str,
274 pub default: Option<String>,
275 pub description: Option<String>,
276}
277
278impl WorkflowInput {
279 pub fn string(name: &'static str, default: Option<String>) -> Self {
280 Self {
281 input_type: "string",
282 name,
283 default,
284 description: None,
285 }
286 }
287
288 pub fn bool(name: &'static str, default: Option<bool>) -> Self {
289 Self {
290 input_type: "boolean",
291 name,
292 default: default.as_ref().map(ToString::to_string),
293 description: None,
294 }
295 }
296
297 pub fn description(mut self, description: impl ToString) -> Self {
298 self.description = Some(description.to_string());
299 self
300 }
301
302 pub fn input(&self) -> WorkflowDispatchInput {
303 WorkflowDispatchInput {
304 description: self
305 .description
306 .clone()
307 .unwrap_or_else(|| self.name.to_owned()),
308 required: self.default.is_none(),
309 input_type: self.input_type.to_owned(),
310 default: self.default.clone(),
311 }
312 }
313
314 pub fn call_input(&self) -> WorkflowCallInput {
315 WorkflowCallInput {
316 description: self.name.to_owned(),
317 required: self.default.is_none(),
318 input_type: self.input_type.to_owned(),
319 default: self.default.clone(),
320 }
321 }
322
323 pub(crate) fn expr(&self) -> String {
324 format!("inputs.{}", self.name)
325 }
326}
327
328impl std::fmt::Display for WorkflowInput {
329 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
330 write!(f, "${{{{ {} }}}}", self.expr())
331 }
332}
333
334impl serde::Serialize for WorkflowInput {
335 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
336 where
337 S: serde::Serializer,
338 {
339 serializer.serialize_str(&self.to_string())
340 }
341}
342
343pub(crate) struct WorkflowSecret {
344 pub name: &'static str,
345 description: String,
346 required: bool,
347}
348
349impl WorkflowSecret {
350 pub fn new(name: &'static str, description: impl ToString) -> Self {
351 Self {
352 name,
353 description: description.to_string(),
354 required: true,
355 }
356 }
357
358 pub fn secret_configuration(&self) -> WorkflowCallSecret {
359 WorkflowCallSecret {
360 description: self.description.clone(),
361 required: self.required,
362 }
363 }
364}
365
366impl std::fmt::Display for WorkflowSecret {
367 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
368 write!(f, "${{{{ secrets.{} }}}}", self.name)
369 }
370}
371
372impl serde::Serialize for WorkflowSecret {
373 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
374 where
375 S: serde::Serializer,
376 {
377 serializer.serialize_str(&self.to_string())
378 }
379}
380
381pub mod assets {
382 // NOTE: these asset names also exist in the zed.dev codebase.
383 pub const MAC_AARCH64: &str = "Zed-aarch64.dmg";
384 pub const MAC_X86_64: &str = "Zed-x86_64.dmg";
385 pub const LINUX_AARCH64: &str = "zed-linux-aarch64.tar.gz";
386 pub const LINUX_X86_64: &str = "zed-linux-x86_64.tar.gz";
387 pub const WINDOWS_X86_64: &str = "Zed-x86_64.exe";
388 pub const WINDOWS_AARCH64: &str = "Zed-aarch64.exe";
389
390 pub const REMOTE_SERVER_MAC_AARCH64: &str = "zed-remote-server-macos-aarch64.gz";
391 pub const REMOTE_SERVER_MAC_X86_64: &str = "zed-remote-server-macos-x86_64.gz";
392 pub const REMOTE_SERVER_LINUX_AARCH64: &str = "zed-remote-server-linux-aarch64.gz";
393 pub const REMOTE_SERVER_LINUX_X86_64: &str = "zed-remote-server-linux-x86_64.gz";
394 pub const REMOTE_SERVER_WINDOWS_AARCH64: &str = "zed-remote-server-windows-aarch64.zip";
395 pub const REMOTE_SERVER_WINDOWS_X86_64: &str = "zed-remote-server-windows-x86_64.zip";
396
397 pub fn all() -> Vec<&'static str> {
398 vec![
399 MAC_AARCH64,
400 MAC_X86_64,
401 LINUX_AARCH64,
402 LINUX_X86_64,
403 WINDOWS_X86_64,
404 WINDOWS_AARCH64,
405 REMOTE_SERVER_MAC_AARCH64,
406 REMOTE_SERVER_MAC_X86_64,
407 REMOTE_SERVER_LINUX_AARCH64,
408 REMOTE_SERVER_LINUX_X86_64,
409 REMOTE_SERVER_WINDOWS_AARCH64,
410 REMOTE_SERVER_WINDOWS_X86_64,
411 ]
412 }
413}