diff --git a/.dockerignore b/.dockerignore index a3f73d624f..f1cf6c07df 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,6 +2,8 @@ # to do this for some reason: # $ go get -v -u github.com/pwaller/docker-show-context main +*.gro +**/*.gro *.mashtree **/*.mashtree *.swp diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5ad55e295f..10974f9f60 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse tag # This step converts Grain tags into standard semver, i.e. grain-v1.2.3 -> v1.2.3 @@ -48,7 +48,7 @@ jobs: ssh-private-key: ${{ secrets.AWS_SSH_PRIVATE_KEY }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Set up remote builder run: | @@ -61,7 +61,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v3.6.0 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | grainlang/grain @@ -72,20 +72,20 @@ jobs: type=semver,pattern={{major}}.{{minor}},value=${{ steps.vars.outputs.tag }} - name: Login to DockerHub - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Github Container Registry - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push image - uses: docker/build-push-action@v2.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . file: Dockerfile @@ -100,7 +100,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse tag # This step converts Grain tags into standard semver, i.e. grain-v1.2.3 -> v1.2.3 @@ -128,7 +128,7 @@ jobs: ssh-private-key: ${{ secrets.AWS_SSH_PRIVATE_KEY }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Set up remote builder run: | @@ -141,7 +141,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v3.6.0 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: flavor: | suffix=-slim,onlatest=true @@ -154,20 +154,20 @@ jobs: type=semver,pattern={{major}}.{{minor}},value=${{ steps.vars.outputs.tag }} - name: Login to DockerHub - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Github Container Registry - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push slim image - uses: docker/build-push-action@v2.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . file: Dockerfile-slim diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index daea8c2eb9..6abaa4f246 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,6 +2,7 @@ name: Release on: push: branches: [main] + pull_request: # This will cancel previous runs when a branch or PR is updated concurrency: @@ -9,169 +10,168 @@ concurrency: cancel-in-progress: true jobs: - release-please: - name: Create Release - runs-on: ubuntu-latest - outputs: - release-pr: ${{ steps.release.outputs.pr }} - releases-created: ${{ steps.release.outputs.releases_created }} - tag-name: ${{ steps.release.outputs.tag_name }} - stdlib-tag-name: ${{ steps.release.outputs.stdlib--tag_name }} - steps: - - uses: GoogleCloudPlatform/release-please-action@v3.7.5 - id: release - with: - # Explicitly use GITHUB_TOKEN here so Release Please doesn't start a CI run that will fail - # The correct CI run is triggered by the `generate-docs` job below when it pushes updated documentation - token: ${{ secrets.GITHUB_TOKEN }} - command: manifest - - build-preview: - name: Build preview binaries - needs: [release-please] - if: ${{ needs.release-please.outputs.release-pr }} - uses: ./.github/workflows/build-js.yml - with: - os: ubuntu-latest - ref: ${{ fromJSON(needs.release-please.outputs.release-pr).headBranchName }} - - generate-docs: - name: Generate documentation - needs: [release-please, build-preview] - if: ${{ needs.release-please.outputs.release-pr }} - uses: ./.github/workflows/generate-docs.yml - with: - ref: ${{ fromJSON(needs.release-please.outputs.release-pr).headBranchName }} - secrets: - # This uses WORKFLOW_TOKEN because we want the push to trigger our `ci.yml` runs on the release PR - # and the GITHUB_TOKEN is blocked from triggering other workflows. - # See https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow - PUSH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} - - upload-preview: - name: Upload preview binaries - needs: [release-please, build-preview] - if: ${{ needs.release-please.outputs.release-pr }} - uses: ./.github/workflows/upload-binaries.yml - with: - tag: preview - ref: ${{ fromJSON(needs.release-please.outputs.release-pr).headBranchName }} - secrets: - UPLOAD_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build-release: - name: Build release binaries - needs: [release-please] - if: ${{ needs.release-please.outputs.releases-created }} - uses: ./.github/workflows/build-js.yml - with: - os: ubuntu-latest - ref: ${{ needs.release-please.outputs.tag-name }} - - upload-release: - name: Upload release binaries - needs: [release-please, build-release] - if: ${{ needs.release-please.outputs.releases-created }} - uses: ./.github/workflows/upload-binaries.yml - with: - tag: ${{ needs.release-please.outputs.tag-name }} - ref: ${{ needs.release-please.outputs.tag-name }} - secrets: - UPLOAD_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - upload-npm-artifacts: - needs: [release-please] - if: ${{ needs.release-please.outputs.releases-created }} - name: Upload release npm artifacts - runs-on: ubuntu-latest - outputs: - stdlib-download-url: ${{ steps.stdlib-upload.outputs.browser_download_url }} - steps: - - name: Checkout project - uses: actions/checkout@v3 - with: - ref: ${{ needs.release-please.outputs.tag-name }} - - # Many of these steps are the same as building the compiler for tests - - name: Setup Node.js - uses: actions/setup-node@v3.6.0 - with: - node-version: ">=18.15 <19" - check-latest: true - cache: "npm" - - - name: Pack stdlib - working-directory: ./stdlib - # Runs `npm pack` and assigns the filename to an env var we can use later - run: | - echo "STDLIB_TAR=$(npm pack --json | jq -r '.[0].filename')" >> $GITHUB_ENV - - - name: Upload stdlib - id: stdlib-upload - uses: grain-lang/upload-release-action@v3.0.2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - file: ./stdlib/${{ env.STDLIB_TAR }} - asset_name: stdlib.tgz - tag: ${{ needs.release-please.outputs.stdlib-tag-name }} - - dispatch-website: - needs: [release-please, upload-release] - if: ${{ needs.release-please.outputs.releases-created }} - name: Dispatch website release - runs-on: ubuntu-latest - steps: - - uses: grain-lang/workflow-dispatch-action@v1.0.1 - with: - workflow: Grain Release - token: ${{ secrets.WORKFLOW_TOKEN }} - ref: main - repo: grain-lang/grain-lang.org - tag_input: ${{ needs.release-please.outputs.tag-name }} - - dispatch-homebrew: - needs: [release-please, upload-release] - if: ${{ needs.release-please.outputs.releases-created }} - name: Dispatch homebrew release - runs-on: ubuntu-latest - steps: - - uses: grain-lang/workflow-dispatch-action@v1.0.1 - with: - workflow: Grain Release - token: ${{ secrets.WORKFLOW_TOKEN }} - ref: main - repo: grain-lang/homebrew-tap - tag_input: ${{ needs.release-please.outputs.tag-name }} - dispatch-docker: - needs: [release-please] - if: ${{ needs.release-please.outputs.releases-created }} + # needs: [release-please] + # if: ${{ needs.release-please.outputs.releases-created }} name: Dispatch Docker builds runs-on: ubuntu-latest steps: - uses: grain-lang/workflow-dispatch-action@v1.0.1 with: workflow: Publish Docker images - token: ${{ secrets.WORKFLOW_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} ref: main repo: grain-lang/grain - tag_input: ${{ needs.release-please.outputs.tag-name }} - - npm-release-stdlib: - needs: [release-please, upload-npm-artifacts] - if: ${{ needs.release-please.outputs.releases-created }} - name: Publish stdlib to npm registry - runs-on: ubuntu-latest - steps: - - name: Setup NodeJS - uses: actions/setup-node@v3.6.0 - with: - node-version: ">=18.15 <19" - check-latest: true - registry-url: "https://registry.npmjs.org" - - - name: Publish to npm - run: | - npm publish ${{ needs.upload-npm-artifacts.outputs.stdlib-download-url }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_RELEASE }} + tag_input: 'grain-docker-test' + # release-please: + # name: Create Release + # runs-on: ubuntu-latest + # outputs: + # release-pr: ${{ steps.release.outputs.pr }} + # releases-created: ${{ steps.release.outputs.releases_created }} + # tag-name: ${{ steps.release.outputs.tag_name }} + # stdlib-tag-name: ${{ steps.release.outputs.stdlib--tag_name }} + # steps: + # - uses: GoogleCloudPlatform/release-please-action@v3.7.5 + # id: release + # with: + # # Explicitly use GITHUB_TOKEN here so Release Please doesn't start a CI run that will fail + # # The correct CI run is triggered by the `generate-docs` job below when it pushes updated documentation + # token: ${{ secrets.GITHUB_TOKEN }} + # command: manifest + + # build-preview: + # name: Build preview binaries + # needs: [release-please] + # if: ${{ needs.release-please.outputs.release-pr }} + # uses: ./.github/workflows/build-js.yml + # with: + # os: ubuntu-latest + # ref: ${{ fromJSON(needs.release-please.outputs.release-pr).headBranchName }} + + # generate-docs: + # name: Generate documentation + # needs: [release-please, build-preview] + # if: ${{ needs.release-please.outputs.release-pr }} + # uses: ./.github/workflows/generate-docs.yml + # with: + # ref: ${{ fromJSON(needs.release-please.outputs.release-pr).headBranchName }} + # secrets: + # # This uses WORKFLOW_TOKEN because we want the push to trigger our `ci.yml` runs on the release PR + # # and the GITHUB_TOKEN is blocked from triggering other workflows. + # # See https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow + # PUSH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} + + # upload-preview: + # name: Upload preview binaries + # needs: [release-please, build-preview] + # if: ${{ needs.release-please.outputs.release-pr }} + # uses: ./.github/workflows/upload-binaries.yml + # with: + # tag: preview + # ref: ${{ fromJSON(needs.release-please.outputs.release-pr).headBranchName }} + # secrets: + # UPLOAD_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # build-release: + # name: Build release binaries + # needs: [release-please] + # if: ${{ needs.release-please.outputs.releases-created }} + # uses: ./.github/workflows/build-js.yml + # with: + # os: ubuntu-latest + # ref: ${{ needs.release-please.outputs.tag-name }} + + # upload-release: + # name: Upload release binaries + # needs: [release-please, build-release] + # if: ${{ needs.release-please.outputs.releases-created }} + # uses: ./.github/workflows/upload-binaries.yml + # with: + # tag: ${{ needs.release-please.outputs.tag-name }} + # ref: ${{ needs.release-please.outputs.tag-name }} + # secrets: + # UPLOAD_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # upload-npm-artifacts: + # needs: [release-please] + # if: ${{ needs.release-please.outputs.releases-created }} + # name: Upload release npm artifacts + # runs-on: ubuntu-latest + # outputs: + # stdlib-download-url: ${{ steps.stdlib-upload.outputs.browser_download_url }} + # steps: + # - name: Checkout project + # uses: actions/checkout@v3 + # with: + # ref: ${{ needs.release-please.outputs.tag-name }} + + # # Many of these steps are the same as building the compiler for tests + # - name: Setup Node.js + # uses: actions/setup-node@v3.6.0 + # with: + # node-version: ">=18.15 <19" + # check-latest: true + # cache: "npm" + + # - name: Pack stdlib + # working-directory: ./stdlib + # # Runs `npm pack` and assigns the filename to an env var we can use later + # run: | + # echo "STDLIB_TAR=$(npm pack --json | jq -r '.[0].filename')" >> $GITHUB_ENV + + # - name: Upload stdlib + # id: stdlib-upload + # uses: grain-lang/upload-release-action@v3.0.2 + # with: + # token: ${{ secrets.GITHUB_TOKEN }} + # file: ./stdlib/${{ env.STDLIB_TAR }} + # asset_name: stdlib.tgz + # tag: ${{ needs.release-please.outputs.stdlib-tag-name }} + + # dispatch-website: + # needs: [release-please, upload-release] + # if: ${{ needs.release-please.outputs.releases-created }} + # name: Dispatch website release + # runs-on: ubuntu-latest + # steps: + # - uses: grain-lang/workflow-dispatch-action@v1.0.1 + # with: + # workflow: Grain Release + # token: ${{ secrets.WORKFLOW_TOKEN }} + # ref: main + # repo: grain-lang/grain-lang.org + # tag_input: ${{ needs.release-please.outputs.tag-name }} + + # dispatch-homebrew: + # needs: [release-please, upload-release] + # if: ${{ needs.release-please.outputs.releases-created }} + # name: Dispatch homebrew release + # runs-on: ubuntu-latest + # steps: + # - uses: grain-lang/workflow-dispatch-action@v1.0.1 + # with: + # workflow: Grain Release + # token: ${{ secrets.WORKFLOW_TOKEN }} + # ref: main + # repo: grain-lang/homebrew-tap + # tag_input: ${{ needs.release-please.outputs.tag-name }} + + # npm-release-stdlib: + # needs: [release-please, upload-npm-artifacts] + # if: ${{ needs.release-please.outputs.releases-created }} + # name: Publish stdlib to npm registry + # runs-on: ubuntu-latest + # steps: + # - name: Setup NodeJS + # uses: actions/setup-node@v3.6.0 + # with: + # node-version: ">=18.15 <19" + # check-latest: true + # registry-url: "https://registry.npmjs.org" + + # - name: Publish to npm + # run: | + # npm publish ${{ needs.upload-npm-artifacts.outputs.stdlib-download-url }} + # env: + # NODE_AUTH_TOKEN: ${{ secrets.NPM_RELEASE }} diff --git a/Dockerfile b/Dockerfile index f9f7300a47..fac79ebe01 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # This Dockerfile constructs an environment in which the Grain compiler can be built and used. -FROM ospencer/esy:alpine as esy +FROM ospencer/esy:alpine AS esy FROM node:18 LABEL name="Grain" diff --git a/Dockerfile-slim b/Dockerfile-slim index 1e39d6a36e..9e76499648 100644 --- a/Dockerfile-slim +++ b/Dockerfile-slim @@ -1,8 +1,8 @@ # This Dockerfile constructs a minimal environment in which Grain programs can be compiled. # The environment is only meant to build Grain programs, not develop the compiler. -FROM ospencer/esy:alpine as esy -FROM node:18 as builder +FROM ospencer/esy:alpine AS esy +FROM node:18 AS builder LABEL name="Grain" LABEL description="Grain CLI"