1use gh_workflow::*;
2use serde_json::Value;
3
4use crate::tasks::workflows::{
5 runners::Platform,
6 steps::named::function_name,
7 vars::{self, StepOutput},
8};
9
10pub(crate) fn use_clang(job: Job) -> Job {
11 job.add_env(Env::new("CC", "clang"))
12 .add_env(Env::new("CXX", "clang++"))
13}
14
15const SCCACHE_R2_BUCKET: &str = "sccache-zed";
16
17pub(crate) const BASH_SHELL: &str = "bash -euxo pipefail {0}";
18// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idstepsshell
19pub const PWSH_SHELL: &str = "pwsh";
20
21pub(crate) struct Nextest(Step<Run>);
22
23pub(crate) fn cargo_nextest(platform: Platform) -> Nextest {
24 Nextest(named::run(
25 platform,
26 "cargo nextest run --workspace --no-fail-fast --no-tests=warn",
27 ))
28}
29
30impl Nextest {
31 #[allow(dead_code)]
32 pub(crate) fn with_filter_expr(mut self, filter_expr: &str) -> Self {
33 if let Some(nextest_command) = self.0.value.run.as_mut() {
34 nextest_command.push_str(&format!(r#" -E "{filter_expr}""#));
35 }
36 self
37 }
38
39 pub(crate) fn with_changed_packages_filter(mut self, orchestrate_job: &str) -> Self {
40 if let Some(nextest_command) = self.0.value.run.as_mut() {
41 nextest_command.push_str(&format!(
42 r#"${{{{ needs.{orchestrate_job}.outputs.changed_packages && format(' -E "{{0}}"', needs.{orchestrate_job}.outputs.changed_packages) || '' }}}}"#
43 ));
44 }
45 self
46 }
47}
48
49impl From<Nextest> for Step<Run> {
50 fn from(value: Nextest) -> Self {
51 value.0
52 }
53}
54
55#[derive(Default)]
56enum FetchDepth {
57 #[default]
58 Shallow,
59 Full,
60 Custom(serde_json::Value),
61}
62
63#[derive(Default)]
64pub(crate) struct CheckoutStep {
65 fetch_depth: FetchDepth,
66 name: Option<String>,
67 token: Option<String>,
68 path: Option<String>,
69 repository: Option<String>,
70 ref_: Option<String>,
71}
72
73impl CheckoutStep {
74 pub fn with_full_history(mut self) -> Self {
75 self.fetch_depth = FetchDepth::Full;
76 self
77 }
78
79 pub fn with_custom_name(mut self, name: &str) -> Self {
80 self.name = Some(name.to_string());
81 self
82 }
83
84 pub fn with_custom_fetch_depth(mut self, fetch_depth: impl Into<Value>) -> Self {
85 self.fetch_depth = FetchDepth::Custom(fetch_depth.into());
86 self
87 }
88
89 /// Sets `fetch-depth` to `2` on the main branch and `350` on all other branches.
90 pub fn with_deep_history_on_non_main(self) -> Self {
91 self.with_custom_fetch_depth("${{ github.ref == 'refs/heads/main' && 2 || 350 }}")
92 }
93
94 pub fn with_token(mut self, token: &StepOutput) -> Self {
95 self.token = Some(token.to_string());
96 self
97 }
98
99 pub fn with_path(mut self, path: &str) -> Self {
100 self.path = Some(path.to_string());
101 self
102 }
103
104 pub fn with_repository(mut self, repository: &str) -> Self {
105 self.repository = Some(repository.to_string());
106 self
107 }
108
109 pub fn with_ref(mut self, ref_: impl ToString) -> Self {
110 self.ref_ = Some(ref_.to_string());
111 self
112 }
113}
114
115impl From<CheckoutStep> for Step<Use> {
116 fn from(value: CheckoutStep) -> Self {
117 Step::new(value.name.unwrap_or("steps::checkout_repo".to_string()))
118 .uses(
119 "actions",
120 "checkout",
121 "93cb6efe18208431cddfb8368fd83d5badbf9bfd", // v5.0.1
122 )
123 // prevent checkout action from running `git clean -ffdx` which
124 // would delete the target directory
125 .add_with(("clean", false))
126 .map(|step| match value.fetch_depth {
127 FetchDepth::Shallow => step,
128 FetchDepth::Full => step.add_with(("fetch-depth", 0)),
129 FetchDepth::Custom(depth) => step.add_with(("fetch-depth", depth)),
130 })
131 .when_some(value.path, |step, path| step.add_with(("path", path)))
132 .when_some(value.repository, |step, repository| {
133 step.add_with(("repository", repository))
134 })
135 .when_some(value.ref_, |step, ref_| step.add_with(("ref", ref_)))
136 .when_some(value.token, |step, token| step.add_with(("token", token)))
137 }
138}
139
140pub fn checkout_repo() -> CheckoutStep {
141 CheckoutStep::default()
142}
143
144pub fn setup_pnpm() -> Step<Use> {
145 named::uses(
146 "pnpm",
147 "action-setup",
148 "fe02b34f77f8bc703788d5817da081398fad5dd2", // v4.0.0
149 )
150 .add_with(("version", "9"))
151}
152
153pub fn setup_node() -> Step<Use> {
154 named::uses(
155 "actions",
156 "setup-node",
157 "49933ea5288caeca8642d1e84afbd3f7d6820020", // v4
158 )
159 .add_with(("node-version", "20"))
160}
161
162pub fn setup_sentry() -> Step<Use> {
163 named::uses(
164 "matbour",
165 "setup-sentry-cli",
166 "3e938c54b3018bdd019973689ef984e033b0454b",
167 )
168 .add_with(("token", vars::SENTRY_AUTH_TOKEN))
169}
170
171pub fn prettier() -> Step<Run> {
172 named::bash("./script/prettier")
173}
174
175pub fn cargo_fmt() -> Step<Run> {
176 named::bash("cargo fmt --all -- --check")
177}
178
179pub fn cargo_install_nextest() -> Step<Use> {
180 named::uses(
181 "taiki-e",
182 "install-action",
183 "921e2c9f7148d7ba14cd819f417db338f63e733c", // nextest
184 )
185}
186
187pub fn setup_cargo_config(platform: Platform) -> Step<Run> {
188 match platform {
189 Platform::Windows => named::pwsh(indoc::indoc! {r#"
190 New-Item -ItemType Directory -Path "./../.cargo" -Force
191 Copy-Item -Path "./.cargo/ci-config.toml" -Destination "./../.cargo/config.toml"
192 "#}),
193
194 Platform::Linux | Platform::Mac => named::bash(indoc::indoc! {r#"
195 mkdir -p ./../.cargo
196 cp ./.cargo/ci-config.toml ./../.cargo/config.toml
197 "#}),
198 }
199}
200
201pub fn cleanup_cargo_config(platform: Platform) -> Step<Run> {
202 let step = match platform {
203 Platform::Windows => named::pwsh(indoc::indoc! {r#"
204 Remove-Item -Recurse -Path "./../.cargo" -Force -ErrorAction SilentlyContinue
205 "#}),
206 Platform::Linux | Platform::Mac => named::bash(indoc::indoc! {r#"
207 rm -rf ./../.cargo
208 "#}),
209 };
210
211 step.if_condition(Expression::new("always()"))
212}
213
214pub fn clear_target_dir_if_large(platform: Platform) -> Step<Run> {
215 match platform {
216 Platform::Windows => named::pwsh("./script/clear-target-dir-if-larger-than.ps1 250"),
217 Platform::Linux => named::bash("./script/clear-target-dir-if-larger-than 250"),
218 Platform::Mac => named::bash("./script/clear-target-dir-if-larger-than 300"),
219 }
220}
221
222pub fn clippy(platform: Platform, target: Option<&str>) -> Step<Run> {
223 match platform {
224 Platform::Windows => named::pwsh("./script/clippy.ps1"),
225 _ => match target {
226 Some(target) => named::bash(format!("./script/clippy --target {target}")),
227 None => named::bash("./script/clippy"),
228 },
229 }
230}
231
232pub fn install_rustup_target(target: &str) -> Step<Run> {
233 named::bash(format!("rustup target add {target}"))
234}
235
236pub fn cache_rust_dependencies_namespace() -> Step<Use> {
237 named::uses(
238 "namespacelabs",
239 "nscloud-cache-action",
240 "a90bb5d4b27522ce881c6e98eebd7d7e6d1653f9", // v1
241 )
242 .add_with(("cache", "rust"))
243 .add_with(("path", "~/.rustup"))
244}
245
246pub fn setup_sccache(platform: Platform) -> Step<Run> {
247 let step = match platform {
248 Platform::Windows => named::pwsh("./script/setup-sccache.ps1"),
249 Platform::Linux | Platform::Mac => named::bash("./script/setup-sccache"),
250 };
251 step.add_env(("R2_ACCOUNT_ID", vars::R2_ACCOUNT_ID))
252 .add_env(("R2_ACCESS_KEY_ID", vars::R2_ACCESS_KEY_ID))
253 .add_env(("R2_SECRET_ACCESS_KEY", vars::R2_SECRET_ACCESS_KEY))
254 .add_env(("SCCACHE_BUCKET", SCCACHE_R2_BUCKET))
255}
256
257pub fn show_sccache_stats(platform: Platform) -> Step<Run> {
258 match platform {
259 // Use $env:RUSTC_WRAPPER (absolute path) because GITHUB_PATH changes
260 // don't take effect until the next step in PowerShell.
261 // Check if RUSTC_WRAPPER is set first (it won't be for fork PRs without secrets).
262 Platform::Windows => {
263 named::pwsh("if ($env:RUSTC_WRAPPER) { & $env:RUSTC_WRAPPER --show-stats }; exit 0")
264 }
265 Platform::Linux | Platform::Mac => named::bash("sccache --show-stats || true"),
266 }
267}
268
269pub fn cache_nix_dependencies_namespace() -> Step<Use> {
270 named::uses(
271 "namespacelabs",
272 "nscloud-cache-action",
273 "a90bb5d4b27522ce881c6e98eebd7d7e6d1653f9", // v1
274 )
275 .add_with(("cache", "nix"))
276}
277
278pub fn cache_nix_store_macos() -> Step<Use> {
279 // On macOS, `/nix` is on a read-only root filesystem so nscloud's `cache: nix`
280 // cannot mount or symlink there. Instead we cache a user-writable directory and
281 // use nix-store --import/--export in separate steps to transfer store paths.
282 named::uses(
283 "namespacelabs",
284 "nscloud-cache-action",
285 "a90bb5d4b27522ce881c6e98eebd7d7e6d1653f9", // v1
286 )
287 .add_with(("path", "~/nix-cache"))
288}
289
290pub fn setup_linux() -> Step<Run> {
291 named::bash("./script/linux")
292}
293
294fn download_wasi_sdk() -> Step<Run> {
295 named::bash("./script/download-wasi-sdk")
296}
297
298pub(crate) fn install_linux_dependencies(job: Job) -> Job {
299 job.add_step(setup_linux()).add_step(download_wasi_sdk())
300}
301
302pub fn script(name: &str) -> Step<Run> {
303 if name.ends_with(".ps1") {
304 Step::new(name).run(name).shell(PWSH_SHELL)
305 } else {
306 Step::new(name).run(name)
307 }
308}
309
310pub struct NamedJob<J: JobType = RunJob> {
311 pub name: String,
312 pub job: Job<J>,
313}
314
315// impl NamedJob {
316// pub fn map(self, f: impl FnOnce(Job) -> Job) -> Self {
317// NamedJob {
318// name: self.name,
319// job: f(self.job),
320// }
321// }
322// }
323
324pub(crate) const DEFAULT_REPOSITORY_OWNER_GUARD: &str =
325 "(github.repository_owner == 'zed-industries' || github.repository_owner == 'zed-extensions')";
326
327pub fn repository_owner_guard_expression(trigger_always: bool) -> Expression {
328 Expression::new(format!(
329 "{}{}",
330 DEFAULT_REPOSITORY_OWNER_GUARD,
331 trigger_always.then_some(" && always()").unwrap_or_default()
332 ))
333}
334
335pub trait CommonJobConditions: Sized {
336 fn with_repository_owner_guard(self) -> Self;
337}
338
339impl CommonJobConditions for Job {
340 fn with_repository_owner_guard(self) -> Self {
341 self.cond(repository_owner_guard_expression(false))
342 }
343}
344
345pub(crate) fn release_job(deps: &[&NamedJob]) -> Job {
346 dependant_job(deps)
347 .with_repository_owner_guard()
348 .timeout_minutes(60u32)
349}
350
351pub(crate) fn dependant_job(deps: &[&NamedJob]) -> Job {
352 let job = Job::default();
353 if deps.len() > 0 {
354 job.needs(deps.iter().map(|j| j.name.clone()).collect::<Vec<_>>())
355 } else {
356 job
357 }
358}
359
360impl FluentBuilder for Job {}
361impl FluentBuilder for Workflow {}
362impl FluentBuilder for Input {}
363impl<T> FluentBuilder for Step<T> {}
364
365/// A helper trait for building complex objects with imperative conditionals in a fluent style.
366/// Copied from GPUI to avoid adding GPUI as dependency
367/// todo(ci) just put this in gh-workflow
368#[allow(unused)]
369pub trait FluentBuilder {
370 /// Imperatively modify self with the given closure.
371 fn map<U>(self, f: impl FnOnce(Self) -> U) -> U
372 where
373 Self: Sized,
374 {
375 f(self)
376 }
377
378 /// Conditionally modify self with the given closure.
379 fn when(self, condition: bool, then: impl FnOnce(Self) -> Self) -> Self
380 where
381 Self: Sized,
382 {
383 self.map(|this| if condition { then(this) } else { this })
384 }
385
386 /// Conditionally modify self with the given closure.
387 fn when_else(
388 self,
389 condition: bool,
390 then: impl FnOnce(Self) -> Self,
391 else_fn: impl FnOnce(Self) -> Self,
392 ) -> Self
393 where
394 Self: Sized,
395 {
396 self.map(|this| if condition { then(this) } else { else_fn(this) })
397 }
398
399 /// Conditionally unwrap and modify self with the given closure, if the given option is Some.
400 fn when_some<T>(self, option: Option<T>, then: impl FnOnce(Self, T) -> Self) -> Self
401 where
402 Self: Sized,
403 {
404 self.map(|this| {
405 if let Some(value) = option {
406 then(this, value)
407 } else {
408 this
409 }
410 })
411 }
412 /// Conditionally unwrap and modify self with the given closure, if the given option is None.
413 fn when_none<T>(self, option: &Option<T>, then: impl FnOnce(Self) -> Self) -> Self
414 where
415 Self: Sized,
416 {
417 self.map(|this| if option.is_some() { this } else { then(this) })
418 }
419}
420
421// (janky) helper to generate steps with a name that corresponds
422// to the name of the calling function.
423pub mod named {
424 use super::*;
425
426 /// Returns a uses step with the same name as the enclosing function.
427 /// (You shouldn't inline this function into the workflow definition, you must
428 /// wrap it in a new function.)
429 pub fn uses(owner: &str, repo: &str, ref_: &str) -> Step<Use> {
430 Step::new(function_name(1)).uses(owner, repo, ref_)
431 }
432
433 /// Returns a bash-script step with the same name as the enclosing function.
434 /// (You shouldn't inline this function into the workflow definition, you must
435 /// wrap it in a new function.)
436 pub fn bash(script: impl AsRef<str>) -> Step<Run> {
437 Step::new(function_name(1)).run(script.as_ref())
438 }
439
440 /// Returns a pwsh-script step with the same name as the enclosing function.
441 /// (You shouldn't inline this function into the workflow definition, you must
442 /// wrap it in a new function.)
443 pub fn pwsh(script: &str) -> Step<Run> {
444 Step::new(function_name(1)).run(script).shell(PWSH_SHELL)
445 }
446
447 /// Runs the command in either powershell or bash, depending on platform.
448 /// (You shouldn't inline this function into the workflow definition, you must
449 /// wrap it in a new function.)
450 pub fn run(platform: Platform, script: &str) -> Step<Run> {
451 match platform {
452 Platform::Windows => Step::new(function_name(1)).run(script).shell(PWSH_SHELL),
453 Platform::Linux | Platform::Mac => Step::new(function_name(1)).run(script),
454 }
455 }
456
457 /// Returns a Workflow with the same name as the enclosing module with default
458 /// set for the running shell.
459 pub fn workflow() -> Workflow {
460 Workflow::default()
461 .name(
462 named::function_name(1)
463 .split("::")
464 .collect::<Vec<_>>()
465 .into_iter()
466 .rev()
467 .skip(1)
468 .rev()
469 .collect::<Vec<_>>()
470 .join("::"),
471 )
472 .defaults(Defaults::default().run(RunDefaults::default().shell(BASH_SHELL)))
473 }
474
475 /// Returns a Job with the same name as the enclosing function.
476 /// (note job names may not contain `::`)
477 pub fn job<J: JobType>(job: Job<J>) -> NamedJob<J> {
478 NamedJob {
479 name: function_name(1).split("::").last().unwrap().to_owned(),
480 job,
481 }
482 }
483
484 /// Returns the function name N callers above in the stack
485 /// (typically 1).
486 /// This only works because xtask always runs debug builds.
487 pub fn function_name(i: usize) -> String {
488 let mut name = "<unknown>".to_string();
489 let mut count = 0;
490 backtrace::trace(|frame| {
491 if count < i + 3 {
492 count += 1;
493 return true;
494 }
495 backtrace::resolve_frame(frame, |cb| {
496 if let Some(s) = cb.name() {
497 name = s.to_string()
498 }
499 });
500 false
501 });
502
503 name.split("::")
504 .skip_while(|s| s != &"workflows")
505 .skip(1)
506 .collect::<Vec<_>>()
507 .join("::")
508 }
509}
510
511pub fn git_checkout(ref_name: &dyn std::fmt::Display) -> Step<Run> {
512 named::bash(r#"git fetch origin "$REF_NAME" && git checkout "$REF_NAME""#)
513 .add_env(("REF_NAME", ref_name.to_string()))
514}
515
516/// Non-exhaustive list of the permissions to be set for a GitHub app token.
517///
518/// See https://github.com/actions/create-github-app-token?tab=readme-ov-file#permission-permission-name
519/// and beyond for a full list of available permissions.
520#[allow(unused)]
521pub(crate) enum TokenPermissions {
522 Contents,
523 Issues,
524 PullRequests,
525 Workflows,
526}
527
528impl TokenPermissions {
529 pub fn environment_name(&self) -> &'static str {
530 match self {
531 TokenPermissions::Contents => "permission-contents",
532 TokenPermissions::Issues => "permission-issues",
533 TokenPermissions::PullRequests => "permission-pull-requests",
534 TokenPermissions::Workflows => "permission-workflows",
535 }
536 }
537}
538
539pub(crate) struct GenerateAppToken<'a> {
540 job_name: String,
541 app_id: &'a str,
542 app_secret: &'a str,
543 repository_target: Option<RepositoryTarget>,
544 permissions: Option<Vec<(TokenPermissions, Level)>>,
545}
546
547impl<'a> GenerateAppToken<'a> {
548 pub fn for_repository(self, repository_target: RepositoryTarget) -> Self {
549 Self {
550 repository_target: Some(repository_target),
551 ..self
552 }
553 }
554
555 pub fn with_permissions(self, permissions: impl Into<Vec<(TokenPermissions, Level)>>) -> Self {
556 Self {
557 permissions: Some(permissions.into()),
558 ..self
559 }
560 }
561}
562
563impl<'a> From<GenerateAppToken<'a>> for (Step<Use>, StepOutput) {
564 fn from(token: GenerateAppToken<'a>) -> Self {
565 let step = Step::new(token.job_name)
566 .uses(
567 "actions",
568 "create-github-app-token",
569 "f8d387b68d61c58ab83c6c016672934102569859",
570 )
571 .id("generate-token")
572 .add_with(
573 Input::default()
574 .add("app-id", token.app_id)
575 .add("private-key", token.app_secret)
576 .when_some(
577 token.repository_target,
578 |input,
579 RepositoryTarget {
580 owner,
581 repositories,
582 }| {
583 input
584 .when_some(owner, |input, owner| input.add("owner", owner))
585 .when_some(repositories, |input, repositories| {
586 input.add("repositories", repositories)
587 })
588 },
589 )
590 .when_some(token.permissions, |input, permissions| {
591 permissions
592 .into_iter()
593 .fold(input, |input, (permission, level)| {
594 input.add(
595 permission.environment_name(),
596 serde_json::to_value(&level).unwrap_or_default(),
597 )
598 })
599 }),
600 );
601
602 let generated_token = StepOutput::new(&step, "token");
603 (step, generated_token)
604 }
605}
606
607pub(crate) struct RepositoryTarget {
608 owner: Option<String>,
609 repositories: Option<String>,
610}
611
612impl RepositoryTarget {
613 pub fn new<T: ToString>(owner: T, repositories: &[&str]) -> Self {
614 Self {
615 owner: Some(owner.to_string()),
616 repositories: Some(repositories.join("\n")),
617 }
618 }
619
620 pub fn current() -> Self {
621 Self {
622 owner: None,
623 repositories: None,
624 }
625 }
626}
627
628pub(crate) fn generate_token<'a>(
629 app_id_source: &'a str,
630 app_secret_source: &'a str,
631) -> GenerateAppToken<'a> {
632 generate_token_with_job_name(app_id_source, app_secret_source)
633}
634
635pub fn authenticate_as_zippy() -> GenerateAppToken<'static> {
636 generate_token_with_job_name(vars::ZED_ZIPPY_APP_ID, vars::ZED_ZIPPY_APP_PRIVATE_KEY)
637}
638
639fn generate_token_with_job_name<'a>(
640 app_id_source: &'a str,
641 app_secret_source: &'a str,
642) -> GenerateAppToken<'a> {
643 GenerateAppToken {
644 job_name: function_name(1),
645 app_id: app_id_source,
646 app_secret: app_secret_source,
647 repository_target: None,
648 permissions: None,
649 }
650}