ci: automate crate publishing (#337)

Devolutions · Jan 13, 2025 · dfb5aba · dfb5aba
1 parent eaa43c3
commit dfb5aba
Show file tree

Hide file tree

Showing 7 changed files with 189 additions and 19 deletions.
diff --git a/.github/workflows/release-crates.yml b/.github/workflows/release-crates.yml
@@ -0,0 +1,81 @@
+name: Release crates
+
+permissions:
+  pull-requests: write
+  contents: write
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+jobs:
+  # Create a PR with the new versions and changelog, preparing the next release.
+  open-pr:
+    name: Open release PR
+    runs-on: ubuntu-latest
+    environment: cratesio-publish
+
+    concurrency:
+      group: release-plz-${{ github.ref }}
+      cancel-in-progress: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 512
+
+      - name: Run release-plz
+        id: release-plz
+        uses: Devolutions/actions-public/release-plz@v1
+        with:
+          command: release-pr
+          git-name: Devolutions Bot
+          git-email: [email protected]
+          github-token: ${{ secrets.DEVOLUTIONSBOT_WRITE_TOKEN }}
+
+      - name: Update ffi/wasm/Cargo.lock
+        shell: pwsh
+        if: ${{ steps.release-plz.outputs.did-open-pr == 'true' }}
+        run: |
+          $prRaw = '${{ steps.release-plz.outputs.pr }}'
+          Write-Host "prRaw: $prRaw"
+
+          $pr = $prRaw | ConvertFrom-Json
+          Write-Host "pr: $pr"
+
+          Write-Host "Fetch branch $($pr.head_branch)"
+          git fetch origin "$($pr.head_branch)"
+
+          Write-Host "Switch to branch $($pr.head_branch)"
+          git checkout "$($pr.head_branch)"
+
+          Write-Host "Update ./ffi/wasm/Cargo.lock"
+          cargo update --manifest-path ./ffi/wasm/Cargo.toml
+
+          Write-Host "Update last commit"
+          git add ./ffi/wasm/Cargo.lock
+          git commit --amend --no-edit
+
+          Write-Host "Update the release pull request"
+          git push --force
+
+  # Release unpublished packages.
+  release:
+    name: Release crates
+    runs-on: ubuntu-latest
+    environment: cratesio-publish
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 512
+
+      - name: Run release-plz
+        uses: Devolutions/actions-public/release-plz@v1
+        with:
+          command: release
+          registry-token: ${{ secrets.CRATES_IO_TOKEN }}
diff --git a/cliff.toml b/cliff.toml
@@ -0,0 +1,94 @@
+# Configuration file for git-cliff
+
+[changelog]
+trim = false
+
+header = """
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+"""
+
+# https://tera.netlify.app/docs/#introduction
+body = """
+{% if version -%}
+  ## [[{{ version | trim_start_matches(pat="v") }}]{%- if release_link -%}({{ release_link }}){% endif %}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{%- else -%}
+  ## [Unreleased]
+{%- endif %}
+
+{% for group, commits in commits | group_by(attribute="group") -%}
+
+### {{ group | upper_first }}
+
+{%- for commit in commits %}
+
+{%- set message = commit.message | upper_first %}
+
+{%- if commit.breaking %}
+  {%- set breaking = "[**breaking**] " %}
+{%- else %}
+  {%- set breaking = "" %}
+{%- endif %}
+
+{%- set short_sha = commit.id | truncate(length=10, end="") %}
+{%- set commit_url = "https://github.com/Devolutions/picky-rs/commit/" ~ commit.id %}
+{%- set commit_link = "[" ~ short_sha ~ "](" ~ commit_url ~ ")" %}
+
+- {{ breaking }}{{ message }} ({{ commit_link }}) \
+  {% if commit.body %}\n\n  {{ commit.body | replace(from="\n", to="\n  ") }}{% endif %}
+{%- endfor %}
+
+{% endfor -%}
+"""
+
+footer = ""
+
+[git]
+conventional_commits = true
+filter_unconventional = false
+filter_commits = false
+date_order = false
+protect_breaking_commits = true
+sort_commits = "oldest"
+
+commit_preprocessors = [
+  # Replace issue number with the link
+  { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](https://github.com/Devolutions/picky-rs/issues/${2}))"},
+  # Replace commit sha1 with the link
+  { pattern = '([a-f0-9]{10})([a-f0-9]{30})', replace = "[${0}](https://github.com/Devolutions/picky-rs/commit/${1}${2})" }
+]
+
+# regex for parsing and grouping commits
+# <!-- <NUMBER> --> is a trick to control the section order: https://github.com/orhun/git-cliff/issues/9#issuecomment-914521594
+commit_parsers = [
+  { message = "^chore", skip = true },
+  { message = "^style", skip = true },
+  { message = "^refactor", skip = true },
+  { message = "^test", skip = true },
+  { message = "^ci", skip = true },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { footer = "^[Cc]hangelog: ?ignore", skip = true },
+
+  { message = "(?i)security", group = "<!-- 0 -->Security" },
+  { body = "(?i)security", group = "<!-- 0 -->Security" },
+  { footer = "^[Ss]ecurity: ?yes", group = "<!-- 0 -->Security" },
+
+  { message = "^feat", group = "<!-- 1 -->Features" },
+
+  { message = "^revert", group = "<!-- 3 -->Revert" },
+  { message = "^fix", group = "<!-- 4 -->Bug Fixes" },
+  { message = "^perf", group = "<!-- 5 -->Performance" },
+  { message = "^doc", group = "<!-- 6 -->Documentation" },
+  { message = "^build", group = "<!-- 7 -->Build" },
+
+  { message = "(?i)improve", group = "<!-- 2 -->Improvements" },
+  { message = "(?i)adjust", group = "<!-- 2 -->Improvements" },
+  { message = "(?i)change", group = "<!-- 2 -->Improvements" },
+
+  { message = ".*", group = "<!-- 99 -->Please Sort" },
+]
diff --git a/picky-asn1-der/CHANGELOG.md b/picky-asn1-der/CHANGELOG.md
@@ -5,8 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
-
 ## [0.5.1] 2024-11-26
 
 ### Changed

diff --git a/picky-asn1-x509/CHANGELOG.md b/picky-asn1-x509/CHANGELOG.md
@@ -5,8 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
-
 ## [0.14.1] 2024-11-26
 
 ### Changed

diff --git a/picky-asn1/CHANGELOG.md b/picky-asn1/CHANGELOG.md
@@ -5,8 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
-
 ## [0.10.0] 2024-11-26
 
 ### Fixed

diff --git a/picky/CHANGELOG.md b/picky/CHANGELOG.md
@@ -5,9 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-<!-- next-header -->
-
-## [Unreleased] – ReleaseDate
+## [7.0.0-rc.1 to 7.0.0-rc.11](https://github.com/Devolutions/picky-rs/compare/picky-6.4.0...picky-v7.0.0-rc.11)
 
 ### Added
 
@@ -82,6 +80,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - PuTTY PPK key format support
 
 ### Changed
+
 - Bump minimal rustc version to 1.70
 - Updated `p256`/`p384` to latest version
 - (Breaking) Move Authenticode related code from `picky::x509::wincert` to `picky::x509::pkcs7::authenticode` module
@@ -97,6 +96,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - "picky-test-data" is a new dev-dependency.
 
 ### Removed
+
 - (Breaking) `ec` non-default cargo feature (EC operations now enabled by default)
 
 ### Fixed
@@ -119,13 +119,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed invalid padding logic of encrypted SSH keys
 - Fixed invalid generated SSH EC keys
 
-
 ### Removed
 
 - (Breaking) `Jwt::new_encrypted`
 - (Breaking) `Jwt::new_signed`
 
-## [6.4.0] – 2021-08-10
+## [6.4.0](https://github.com/Devolutions/picky-rs/compare/picky-6.3.0...picky-6.4.0) – 2021-08-10
 
 ### Changed
 
@@ -134,7 +133,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Update `picky-asn1` dependency to `0.4`
 - More robust certification validation (see commit [f5f8cb60e41](https://github.com/Devolutions/picky-rs/commit/f5f8cb60e410ffe49aabace131f7b802e206ced0) for details)
 
-## [6.3.0] – 2021-05-27
+## [6.3.0](https://github.com/Devolutions/picky-rs/compare/picky-6.2.0...picky-6.3.0) – 2021-05-27
 
 ### Added
 
@@ -145,7 +144,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Update `aes-gcm` dependency to `0.9`
 
-## [6.2.0] – 2021-03-04
+## [6.2.0](https://github.com/Devolutions/picky-rs/compare/picky-6.1.1...picky-6.2.0) – 2021-03-04
 
 ### Added
 
@@ -251,9 +250,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Deprecated
 
 - `Cert::verify` and `Cert::verify_chain` methods in favor of the `Cert::verifier` method.
-
-<!-- next-url -->
-[Unreleased]: https://github.com/Devolutions/picky-rs/compare/picky-6.4.0...HEAD
-[6.4.0]: https://github.com/Devolutions/picky-rs/compare/picky-6.3.0...picky-6.4.0
-[6.3.0]: https://github.com/Devolutions/picky-rs/compare/picky-6.2.0...picky-6.3.0
-[6.2.0]: https://github.com/Devolutions/picky-rs/compare/picky-6.1.1...picky-6.2.0
diff --git a/release-plz.toml b/release-plz.toml
@@ -0,0 +1,8 @@
+[workspace]
+dependencies_update = true
+git_release_enable = false
+semver_check = true
+pr_branch_prefix = "release-plz/"
+pr_name = "chore(release): prepare for publishing"
+changelog_config = "cliff.toml"
+release_commits = "^(feat|docs|fix|build|perf)"