Unified publish workflow#2256
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Signed-off-by: Victor Nicolet <victornl@amazon.com>
Signed-off-by: Victor Nicolet <victornl@amazon.com>
victornicolet
force-pushed
the
victornicolet/release-workflow-split-cli-and-core
branch
from
fa31d1b to
ce4fe29
Compare
There was a problem hiding this comment.
Pull request overview
This PR refactors the release automation by moving repeated publish/validation logic into a reusable GitHub Actions workflow, and splitting CLI publishing into its own workflow so symcc can be published independently between the base crates and the CLI.
Changes:
- Replace duplicated validation/publish steps in
publish.ymlandpublish_symcc.ymlwith a new reusable workflow (publish_reusable.yml). - Add a new
publish_cli.ymlworkflow to publishcedar-policy-cliseparately from the base crates. - Update base and symcc publish workflows to call the reusable workflow with appropriate tag/version settings.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| .github/workflows/publish.yml | Switches base-crate publishing to the reusable workflow and removes CLI publishing from this workflow. |
| .github/workflows/publish_symcc.yml | Switches SymCC publishing to the reusable workflow. |
| .github/workflows/publish_cli.yml | Adds a new standalone CLI publishing workflow that uses the reusable workflow. |
| .github/workflows/publish_reusable.yml | Introduces a reusable workflow encapsulating validation, version checks, and publishing logic. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Victor Nicolet <victornl@amazon.com>
This comment was marked as outdated.
This comment was marked as outdated.
Signed-off-by: Victor Nicolet <victornl@amazon.com>
victornicolet
force-pushed
the
victornicolet/release-workflow-split-cli-and-core
branch
2 times, most recently
from
25bc50f to
ddab8cb
Compare
Signed-off-by: Victor Nicolet <victornl@amazon.com>
victornicolet
force-pushed
the
victornicolet/release-workflow-split-cli-and-core
branch
from
ddab8cb to
a8153fb
Compare
Coverage ReportHead Commit: Base Commit: Download the full coverage report. Coverage of Added or Modified Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 100.00% Status: PASSED ✅ Details
Coverage of All Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 86.81% Status: PASSED ✅ Details
|
| -p cedar-policy \ | ||
| -p cedar-policy-cli | ||
| fi | ||
| # Order matters: dependencies must be listed before dependents. |
There was a problem hiding this comment.
I don't think the order actually matters if you specify packages in a single cargo publish command.
There was a problem hiding this comment.
I cannot find clear documentation that says that it does or it doesn't, and I can find some suggestions that it does. The previous workflow had the crates specified in the dependency order, so unless I'm proven wrong I'll leave it here.
victornicolet
changed the title
Signed-off-by: Victor Nicolet <victornl@amazon.com>
victornicolet
force-pushed
the
victornicolet/release-workflow-split-cli-and-core
branch
from
3e5bfe2 to
3944f43
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
john-h-kastner-aws
left a comment
john-h-kastner-aws
left a comment
There was a problem hiding this comment.
Looks good. I'm hoping to use this (with targets: all) for the upcoming release of 4.10.0
victornicolet
changed the title
|
|
||
| # Check that the input tag is welformed. | ||
| # Check that the input tag is well-formed. | ||
| # For core, cli and all, we expect a tag "v<MAJOR>.<MINOR>.<PATCH>" |
There was a problem hiding this comment.
For the cli the tag should be of the form cedar-policy-cli-v<MAJOR>.<MINOR>.<PATCH> to distinguish between the release of the cli for that version and the release of the base cedar crates for that version
There was a problem hiding this comment.
Yes,I think that once the patch versions of CLI and Core start diverging, we'll need to make that change.
| run: cargo publish -p cedar-policy-cli | ||
| env: | ||
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | ||
| publish-all: |
There was a problem hiding this comment.
Will the procedure for patching old cedar versions be that we run publish core and then optionally publish cli?
There was a problem hiding this comment.
Yes, I think so?
…et/release-workflow-split-cli-and-core
victornicolet
changed the title
Coverage ReportHead Commit: Base Commit: Download the full coverage report. Coverage of Added or Modified Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 100.00% Status: PASSED ✅ Details
Coverage of All Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 87.70% Status: PASSED ✅ Details
|
victornicolet
deleted the
victornicolet/release-workflow-split-cli-and-core
branch
Description of changes
Merges workflow for publishing core crates and symcc into one workflow with different targets:
corefor all core crates (i.e. not symcc and cli)symccclifor only the cli.allfor publishing all crates at once.The workflow requires a tag to decide where to publish from and at least the version of the core crates to check what is being published, or validate what core version symcc is being published on.
It requires explicit versions for what is being published depending on the target, on top of the tag that specifies what code to checkout for publishing.
Issue #, if available
Checklist for requesting a review
The change in this PR is (choose one, and delete the other options):
cedar-policy-core,cedarI confirm that this PR (choose one, and delete the other options):
I confirm that
cedar-spec(choose one, and delete the other options):I confirm that
docs.cedarpolicy.com(choose one, and delete the other options):