Fix CI/CD for automated deployments (#278)

lukexor · Jun 4, 2024 · 4f7e1c8 · 4f7e1c8
1 parent 4c861f7
commit 4f7e1c8
Show file tree

Hide file tree

Showing 25 changed files with 1,627 additions and 671 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -1,5 +1,5 @@
 ---
-name: Continuous Deployment
+name: CD
 
 # yamllint disable-line rule:truthy
 on:
@@ -11,19 +11,119 @@ permissions:
   contents: write
 
 jobs:
-  cd:
-    runs-on: ubuntu-latest
+  build-and-upload-artifacts:
+    name: Build & Upload Artifacts (${{ matrix.target }})
+    if: startsWith(github.event.release.name, 'tetanes')
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - target: x86_64-pc-windows-msvc
+            os: windows-latest
+          # TODO: windows aarch64
+          # - target: aarch64-pc-windows-msvc
+          #   os: windows-latest
+          - target: x86_64-unknown-linux-gnu
+            os: ubuntu-latest
+          # TODO: aarch64 linux having trouble with docker in CI
+          # - target: aarch64-unknown-linux-gnu
+          #   os: ubuntu-latest
+          - target: x86_64-apple-darwin
+            os: macos-latest
+          - target: aarch64-apple-darwin
+            os: macos-latest
+          - target: wasm32-unknown-unknown
+            os: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+    outputs:
+      release_tag: ${{ steps.upload.outputs.release_tag }}
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.RELEASE_PLZ_TOKEN }}
       - uses: dtolnay/rust-toolchain@master
         with:
-          toolchain: stable
-      - uses: Swatinem/rust-cache@v2
-      - name: Run release
-        uses: MarcoIeni/[email protected]
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }}
-          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+          toolchain: nightly
+      # wasm32-unknown-unknown doesn't need additional toolchains and rustup
+      # target is managed by build-artifacts already
+      #
+      # Windows/macOS just run `rustup add` since the CI runners support cross-compiling
+      # Linux relies on `cross`
+      - if: ${{ !startsWith(matrix.os, 'ubuntu') }}
+        uses: taiki-e/setup-cross-toolchain-action@v1
+        with:
+          target: ${{ matrix.target }}
+      - if: startsWith(matrix.os, 'ubuntu')
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cross
+          git: https://github.com/cross-rs/cross
+          commit: 19be834
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-make
+      # Build `.deb`
+      - if: startsWith(matrix.os, 'ubuntu')
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-deb
+      # Build `.msi`
+      - if: startsWith(matrix.os, 'windows')
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-wix
+      # Build `.wasm`
+      - if: startsWith(matrix.target, 'wasm32')
+        uses: taiki-e/install-action@v2
+        with:
+          tool: trunk
+      # Install linux dependencies
+      - if: startsWith(matrix.os, 'ubuntu')
+        run: |
+          sudo apt update
+          sudo apt install -y libudev-dev libasound2-dev libssl-dev libfuse2
+      # Windows/macOS/wasm32/ubuntu x86_64 can all build/cross build normally
+      - if: startsWith(matrix.os, 'macos') || startsWith(matrix.target, 'x86_64') || startsWith(matrix.target, 'wasm32')
+        run: |
+          cargo make build-artifacts -- --target ${{ matrix.target }}
+      # ubuntu aarch64 requires cross building
+      - if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.target, 'aarch64')
+        run: |
+          export CROSS_CONTAINER_IN_CONTAINER=true
+          cargo make build-artifacts -- --target ${{ matrix.target }} --cross
+      - uses: actions/upload-artifact@v4
+        name: "Upload artifacts"
+        with:
+          name: ${{ matrix.target }}-artifacts
+          path: dist/
+      - id: upload
+        run: |
+          gh release upload ${{ github.event.release.tag_name }} dist/* --clobber
+          echo "release_tag=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+  update-homebrew-formula:
+    needs: build-and-upload-artifacts
+    runs-on: ubuntu
+    permissions:
+      contents: write
+    env:
+      RELEASE_TAG: ${{ needs.build-and-upload-artifacts.outputs.release_tag }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: "lukexor/homebrew-formulae"
+      - id: commit
+        run: |
+          gh release -R lukexor/tetanes download $RELEASE_TAG --pattern '*-apple-darwin.tar.gz*'
+          x86_64_SHA=$(cat *x86_64*txt | awk '{ print $1 }')
+          aarch64_SHA=$(cat *aarch64*txt | awk '{ print $1 }')
+          VERSION=${RELEASE_TAG#"tetanes-v"}
+          cat tetanes.rb.tmpl | \
+            sed "s/%VERSION%/${VERSION}/g" | \
+            sed "s/%x86_64_SHA%/${x86_64_SHA}/g" | \
+            sed "s/%aarch64_SHA%/${aarch64_SHA}/g" \
+            > Casks/tetanes.rb
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+      - uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: Version Bump v${{ steps.commit.outputs.version }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,8 +5,12 @@ name: CI
 on:
   push:
     branches: [main]
+    paths-ignore:
+      - "**.md"
   pull_request:
     branches: [main]
+    paths-ignore:
+      - "**.md"
 
 env:
   CARGO_TERM_COLOR: always
@@ -19,34 +23,98 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly
+          targets: wasm32-unknown-unknown
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
       - run: cargo fmt --all --check
 
-  build-and-test:
+  lint-web:
+    name: Lint Web
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly
+          targets: wasm32-unknown-unknown
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
+      - run: |
+          cargo clippy --lib --bin tetanes --target wasm32-unknown-unknown --all-features --keep-going -- -D warnings
+
+  lint-tetanes:
+    name: Lint TetaNES (${{ matrix.os }})
     runs-on: ${{ matrix.os }}
     strategy:
-      fail-fast: false
       matrix:
         os: [macos-latest, ubuntu-latest, windows-latest]
-        toolchain: [stable, 1.78.0]
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: dtolnay/rust-toolchain@master
         with:
-          toolchain: ${{ matrix.toolchain }}
-          targets: wasm32-unknown-unknown
+          toolchain: nightly
           components: clippy
       - uses: Swatinem/rust-cache@v2
-      - if: matrix.os == 'ubuntu-latest'
+      - if: startsWith(matrix.os, 'ubuntu')
         run: |
           sudo apt update
-          sudo apt install libudev-dev libasound2-dev
+          sudo apt install -y libudev-dev libasound2-dev
       - run: |
-          cargo clippy --all-targets
-          cargo clippy --target wasm32-unknown-unknown
+          cargo clippy -p tetanes --all-features --keep-going -- -D warnings
+
+  lint-tetanes-core:
+    name: Lint TetaNES Core (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, ubuntu-latest, windows-latest]
+        toolchain: [nightly, stable, 1.78]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.toolchain }}
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
+      - run: |
+          cargo clippy -p tetanes-core --all-features --keep-going -- -D warnings
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly
+      - uses: Swatinem/rust-cache@v2
       - run: |
-          cargo build -p tetanes
-          cargo build -p tetanes --target wasm32-unknown-unknown
-      - run: cargo doc
-      - run: cargo test
+          sudo apt update
+          sudo apt install -y libudev-dev libasound2-dev
+      - run: |
+          cargo test --all-targets --all-features --no-fail-fast
+
+  docs:
+    name: Docs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
+      - env:
+          RUSTDOCFLAGS: -D warnings
+        run: cargo doc --no-deps --document-private-items --all-features --workspace --examples --keep-going
diff --git a/.github/workflows/outdated.yml b/.github/workflows/outdated.yml
@@ -1,22 +1,22 @@
 ---
-name: Outdated
+name: Check Outdated
 
 # yamllint disable-line rule:truthy
 on:
   schedule:
-    # At 08:00 on day-of-month 2 and 16
-    - cron: "0 8 2,16 * *"
+    # At 06:00 on day-of-month 2 and 16
+    - cron: "0 6 2,16 * *"
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   outdated:
-    name: Outdated
+    name: Check Outdated
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: dtolnay/install@cargo-outdated
-      - run: cargo outdated --exit-code 1
+      - run: cargo outdated -e --exit-code 1
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
@@ -0,0 +1,28 @@
+---
+name: Release PR
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches: [main]
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  release-pr:
+    name: Release PR
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.RELEASE_PLZ_TOKEN }}
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      - name: Run release
+        uses: MarcoIeni/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,21 @@
+---
+name: Security Audit
+
+on:
+  schedule:
+    # At 06:00 once a week on Sunday
+    - cron: "0 6 * * 0"
+  push:
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+  pull_request:
+
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v1
diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml
@@ -1,5 +1,5 @@
 ---
-name: Triage
+name: Triage Issues
 
 # yamllint disable-line rule:truthy
 on:
@@ -8,6 +8,7 @@ on:
 
 jobs:
   triage:
+    name: Triage Issue
     runs-on: ubuntu-latest
     steps:
       - name: add needs-triage label

diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,3 @@
-/roms
 tmp/
 test_results*
 target/
-Original file line number
+Diff line change
@@ -1,4 +1,3 @@
-    /roms
     tmp/
     test_results*
     target/
@@ Expand Down @@