1use std::cell::RefCell;
2
3use gh_workflow::{
4 Concurrency, Env, Expression, Step, WorkflowCallInput, WorkflowCallSecret,
5 WorkflowDispatchInput,
6};
7
8use crate::tasks::workflows::{runners::Platform, steps::NamedJob};
9
10macro_rules! secret {
11 ($secret_name:ident) => {
12 pub const $secret_name: &str = concat!("${{ secrets.", stringify!($secret_name), " }}");
13 };
14}
15
16macro_rules! var {
17 ($var_name:ident) => {
18 pub const $var_name: &str = concat!("${{ vars.", stringify!($var_name), " }}");
19 };
20}
21
22secret!(ANTHROPIC_API_KEY);
23secret!(OPENAI_API_KEY);
24secret!(GOOGLE_AI_API_KEY);
25secret!(GOOGLE_CLOUD_PROJECT);
26secret!(APPLE_NOTARIZATION_ISSUER_ID);
27secret!(APPLE_NOTARIZATION_KEY);
28secret!(APPLE_NOTARIZATION_KEY_ID);
29secret!(AZURE_SIGNING_CLIENT_ID);
30secret!(AZURE_SIGNING_CLIENT_SECRET);
31secret!(AZURE_SIGNING_TENANT_ID);
32secret!(CACHIX_AUTH_TOKEN);
33secret!(DIGITALOCEAN_SPACES_ACCESS_KEY);
34secret!(DIGITALOCEAN_SPACES_SECRET_KEY);
35secret!(GITHUB_TOKEN);
36secret!(MACOS_CERTIFICATE);
37secret!(MACOS_CERTIFICATE_PASSWORD);
38secret!(SENTRY_AUTH_TOKEN);
39secret!(ZED_CLIENT_CHECKSUM_SEED);
40secret!(ZED_CLOUD_PROVIDER_ADDITIONAL_MODELS_JSON);
41secret!(ZED_SENTRY_MINIDUMP_ENDPOINT);
42secret!(SLACK_APP_ZED_UNIT_EVALS_BOT_TOKEN);
43secret!(ZED_ZIPPY_APP_ID);
44secret!(ZED_ZIPPY_APP_PRIVATE_KEY);
45secret!(DISCORD_WEBHOOK_RELEASE_NOTES);
46secret!(WINGET_TOKEN);
47secret!(VERCEL_TOKEN);
48secret!(SLACK_WEBHOOK_WORKFLOW_FAILURES);
49
50// todo(ci) make these secrets too...
51var!(AZURE_SIGNING_ACCOUNT_NAME);
52var!(AZURE_SIGNING_CERT_PROFILE_NAME);
53var!(AZURE_SIGNING_ENDPOINT);
54
55pub fn bundle_envs(platform: Platform) -> Env {
56 let env = Env::default()
57 .add("CARGO_INCREMENTAL", 0)
58 .add("ZED_CLIENT_CHECKSUM_SEED", ZED_CLIENT_CHECKSUM_SEED)
59 .add("ZED_MINIDUMP_ENDPOINT", ZED_SENTRY_MINIDUMP_ENDPOINT);
60
61 match platform {
62 Platform::Linux => env,
63 Platform::Mac => env
64 .add("MACOS_CERTIFICATE", MACOS_CERTIFICATE)
65 .add("MACOS_CERTIFICATE_PASSWORD", MACOS_CERTIFICATE_PASSWORD)
66 .add("APPLE_NOTARIZATION_KEY", APPLE_NOTARIZATION_KEY)
67 .add("APPLE_NOTARIZATION_KEY_ID", APPLE_NOTARIZATION_KEY_ID)
68 .add("APPLE_NOTARIZATION_ISSUER_ID", APPLE_NOTARIZATION_ISSUER_ID),
69 Platform::Windows => env
70 .add("AZURE_TENANT_ID", AZURE_SIGNING_TENANT_ID)
71 .add("AZURE_CLIENT_ID", AZURE_SIGNING_CLIENT_ID)
72 .add("AZURE_CLIENT_SECRET", AZURE_SIGNING_CLIENT_SECRET)
73 .add("ACCOUNT_NAME", AZURE_SIGNING_ACCOUNT_NAME)
74 .add("CERT_PROFILE_NAME", AZURE_SIGNING_CERT_PROFILE_NAME)
75 .add("ENDPOINT", AZURE_SIGNING_ENDPOINT)
76 .add("FILE_DIGEST", "SHA256")
77 .add("TIMESTAMP_DIGEST", "SHA256")
78 .add("TIMESTAMP_SERVER", "http://timestamp.acs.microsoft.com"),
79 }
80}
81
82pub fn one_workflow_per_non_main_branch() -> Concurrency {
83 one_workflow_per_non_main_branch_and_token("")
84}
85
86pub fn one_workflow_per_non_main_branch_and_token<T: AsRef<str>>(token: T) -> Concurrency {
87 Concurrency::default()
88 .group(format!(
89 concat!(
90 "${{{{ github.workflow }}}}-${{{{ github.ref_name }}}}-",
91 "${{{{ github.ref_name == 'main' && github.sha || 'anysha' }}}}{}"
92 ),
93 token.as_ref()
94 ))
95 .cancel_in_progress(true)
96}
97
98pub(crate) fn allow_concurrent_runs() -> Concurrency {
99 Concurrency::default()
100 .group("${{ github.workflow }}-${{ github.ref_name }}-${{ github.run_id }}")
101 .cancel_in_progress(true)
102}
103
104// Represents a pattern to check for changed files and corresponding output variable
105pub struct PathCondition {
106 pub name: &'static str,
107 pub pattern: &'static str,
108 pub invert: bool,
109 pub set_by_step: RefCell<Option<String>>,
110}
111impl PathCondition {
112 pub fn new(name: &'static str, pattern: &'static str) -> Self {
113 Self {
114 name,
115 pattern,
116 invert: false,
117 set_by_step: Default::default(),
118 }
119 }
120 pub fn inverted(name: &'static str, pattern: &'static str) -> Self {
121 Self {
122 name,
123 pattern,
124 invert: true,
125 set_by_step: Default::default(),
126 }
127 }
128 pub fn guard(&self, job: NamedJob) -> NamedJob {
129 let set_by_step = self
130 .set_by_step
131 .borrow()
132 .clone()
133 .unwrap_or_else(|| panic!("condition {},is never set", self.name));
134 NamedJob {
135 name: job.name,
136 job: job
137 .job
138 .add_need(set_by_step.clone())
139 .cond(Expression::new(format!(
140 "needs.{}.outputs.{} == 'true'",
141 &set_by_step, self.name
142 ))),
143 }
144 }
145}
146
147pub(crate) struct StepOutput {
148 pub name: &'static str,
149 step_id: String,
150}
151
152impl StepOutput {
153 pub fn new<T>(step: &Step<T>, name: &'static str) -> Self {
154 Self {
155 name,
156 step_id: step
157 .value
158 .id
159 .clone()
160 .expect("Steps that produce outputs must have an ID"),
161 }
162 }
163
164 pub fn expr(&self) -> String {
165 format!("steps.{}.outputs.{}", self.step_id, self.name)
166 }
167
168 pub fn as_job_output(self, job: &NamedJob) -> JobOutput {
169 JobOutput {
170 job_name: job.name.clone(),
171 name: self.name,
172 }
173 }
174}
175
176impl serde::Serialize for StepOutput {
177 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
178 where
179 S: serde::Serializer,
180 {
181 serializer.serialize_str(&self.to_string())
182 }
183}
184
185impl std::fmt::Display for StepOutput {
186 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
187 write!(f, "${{{{ {} }}}}", self.expr())
188 }
189}
190
191pub(crate) struct JobOutput {
192 job_name: String,
193 name: &'static str,
194}
195
196impl JobOutput {
197 pub fn expr(&self) -> String {
198 format!("needs.{}.outputs.{}", self.job_name, self.name)
199 }
200}
201
202impl serde::Serialize for JobOutput {
203 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
204 where
205 S: serde::Serializer,
206 {
207 serializer.serialize_str(&self.to_string())
208 }
209}
210
211impl std::fmt::Display for JobOutput {
212 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
213 write!(f, "${{{{ {} }}}}", self.expr())
214 }
215}
216
217pub struct WorkflowInput {
218 pub input_type: &'static str,
219 pub name: &'static str,
220 pub default: Option<String>,
221 pub description: Option<String>,
222}
223
224impl WorkflowInput {
225 pub fn string(name: &'static str, default: Option<String>) -> Self {
226 Self {
227 input_type: "string",
228 name,
229 default,
230 description: None,
231 }
232 }
233
234 pub fn bool(name: &'static str, default: Option<bool>) -> Self {
235 Self {
236 input_type: "boolean",
237 name,
238 default: default.as_ref().map(ToString::to_string),
239 description: None,
240 }
241 }
242
243 pub fn description(mut self, description: impl ToString) -> Self {
244 self.description = Some(description.to_string());
245 self
246 }
247
248 pub fn input(&self) -> WorkflowDispatchInput {
249 WorkflowDispatchInput {
250 description: self
251 .description
252 .clone()
253 .unwrap_or_else(|| self.name.to_owned()),
254 required: self.default.is_none(),
255 input_type: self.input_type.to_owned(),
256 default: self.default.clone(),
257 }
258 }
259
260 pub fn call_input(&self) -> WorkflowCallInput {
261 WorkflowCallInput {
262 description: self.name.to_owned(),
263 required: self.default.is_none(),
264 input_type: self.input_type.to_owned(),
265 default: self.default.clone(),
266 }
267 }
268
269 pub(crate) fn expr(&self) -> String {
270 format!("inputs.{}", self.name)
271 }
272}
273
274impl std::fmt::Display for WorkflowInput {
275 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
276 write!(f, "${{{{ {} }}}}", self.expr())
277 }
278}
279
280impl serde::Serialize for WorkflowInput {
281 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
282 where
283 S: serde::Serializer,
284 {
285 serializer.serialize_str(&self.to_string())
286 }
287}
288
289pub(crate) struct WorkflowSecret {
290 pub name: &'static str,
291 description: String,
292 required: bool,
293}
294
295impl WorkflowSecret {
296 pub fn new(name: &'static str, description: impl ToString) -> Self {
297 Self {
298 name,
299 description: description.to_string(),
300 required: true,
301 }
302 }
303
304 pub fn secret_configuration(&self) -> WorkflowCallSecret {
305 WorkflowCallSecret {
306 description: self.description.clone(),
307 required: self.required,
308 }
309 }
310}
311
312impl std::fmt::Display for WorkflowSecret {
313 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
314 write!(f, "${{{{ secrets.{} }}}}", self.name)
315 }
316}
317
318impl serde::Serialize for WorkflowSecret {
319 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
320 where
321 S: serde::Serializer,
322 {
323 serializer.serialize_str(&self.to_string())
324 }
325}
326
327pub mod assets {
328 // NOTE: these asset names also exist in the zed.dev codebase.
329 pub const MAC_AARCH64: &str = "Zed-aarch64.dmg";
330 pub const MAC_X86_64: &str = "Zed-x86_64.dmg";
331 pub const LINUX_AARCH64: &str = "zed-linux-aarch64.tar.gz";
332 pub const LINUX_X86_64: &str = "zed-linux-x86_64.tar.gz";
333 pub const WINDOWS_X86_64: &str = "Zed-x86_64.exe";
334 pub const WINDOWS_AARCH64: &str = "Zed-aarch64.exe";
335
336 pub const REMOTE_SERVER_MAC_AARCH64: &str = "zed-remote-server-macos-aarch64.gz";
337 pub const REMOTE_SERVER_MAC_X86_64: &str = "zed-remote-server-macos-x86_64.gz";
338 pub const REMOTE_SERVER_LINUX_AARCH64: &str = "zed-remote-server-linux-aarch64.gz";
339 pub const REMOTE_SERVER_LINUX_X86_64: &str = "zed-remote-server-linux-x86_64.gz";
340
341 pub fn all() -> Vec<&'static str> {
342 vec![
343 MAC_AARCH64,
344 MAC_X86_64,
345 LINUX_AARCH64,
346 LINUX_X86_64,
347 WINDOWS_X86_64,
348 WINDOWS_AARCH64,
349 REMOTE_SERVER_MAC_AARCH64,
350 REMOTE_SERVER_MAC_X86_64,
351 REMOTE_SERVER_LINUX_AARCH64,
352 REMOTE_SERVER_LINUX_X86_64,
353 ]
354 }
355}