Unverified Commit fcf670df authored by Fahad Zubair's avatar Fahad Zubair Committed by GitHub
Browse files

Merge branch 'main' into fahadzub/cbor-constraint

parents 9977516f 37c1cc0b

.github/workflows/ci.yml

+2 −2
Original line number Diff line number Diff line
@@ -307,11 +307,11 @@ jobs: 
            "OPENSSL_INCLUDE_DIR",

        ]

        [target.powerpc-unknown-linux-gnu]

        pre-build = ["curl -L -s -o /tmp/openssl.sh https://github.com/cross-rs/cross/raw/c183ee37a9dc6b0e6b6a6ac9c918173137bad4ef/docker/openssl.sh && bash /tmp/openssl.sh linux-ppc powerpc-linux-gnu-"]

        pre-build = ["curl -L -s https://github.com/cross-rs/cross/raw/c183ee37a9dc6b0e6b6a6ac9c918173137bad4ef/docker/openssl.sh | sed 's/curl https/curl -L https/' > /tmp/openssl.sh && bash /tmp/openssl.sh linux-ppc powerpc-linux-gnu-"]

        [target.powerpc-unknown-linux-gnu.env]

        passthrough = ["OPENSSL_DIR"]

        [target.powerpc64-unknown-linux-gnu]

        pre-build = ["curl -L -s -o /tmp/openssl.sh https://github.com/cross-rs/cross/raw/c183ee37a9dc6b0e6b6a6ac9c918173137bad4ef/docker/openssl.sh && bash /tmp/openssl.sh linux-ppc64 powerpc64-linux-gnu-"]

        pre-build = ["curl -L -s https://github.com/cross-rs/cross/raw/c183ee37a9dc6b0e6b6a6ac9c918173137bad4ef/docker/openssl.sh | sed 's/curl https/curl -L https/' > /tmp/openssl.sh && bash /tmp/openssl.sh linux-ppc64 powerpc64-linux-gnu-"]

        [target.powerpc64-unknown-linux-gnu.env]

        passthrough = ["OPENSSL_DIR"]

        EOF

.github/workflows/manual-update-lockfiles.yml

0 → 100644
+34 −0
Original line number Diff line number Diff line 
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0



name: Update lockfiles manually

run-name: ${{ github.workflow }} (${{ inputs.base_branch }})

on:

  workflow_dispatch:

    inputs:

      base_branch:

        description: The name of the branch on which to run `cargo update` for lockfiles

        required: true

        type: string

      force_update_on_broken_dependencies:

        description: When true, it forces `cargo update` to update broken dependencies to the latest semver-compatible versions, without downgrading them to the last known working versions

        required: true

        type: boolean

        default: false



concurrency:

  group: ${{ github.workflow }}-${{ inputs.base_branch }}

  cancel-in-progress: true



jobs:

  cargo-update-runtime-lockfiles-and-sdk-lockfile:

    name: Run cargo update on the runtime lockfiles and the SDK lockfile

    if: ${{ github.event_name == 'workflow_dispatch' }}

    uses: ./.github/workflows/pull-request-updating-lockfiles.yml

    with:

      base_branch: ${{ inputs.base_branch }}

      force_update_on_broken_dependencies: ${{ inputs.force_update_on_broken_dependencies }}

    secrets:

      DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}

      SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}

      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

.github/workflows/pull-request-updating-lockfiles.yml

0 → 100644
+121 −0
Original line number Diff line number Diff line 
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0



# This is a shared workflow used by both `update-lockfiles.yml` and `manual-update-lockfiles.yml`.



name: Pull Request for Updating Lockfiles

on:

  workflow_call:

    inputs:

      base_branch:

        description: The name of the branch on which to run `cargo update` for lockfiles

        required: true

        type: string

      force_update_on_broken_dependencies:

        description: When true, it forces `cargo update` to update broken dependencies to the latest semver-compatible versions, without downgrading them to the last known working versions

        required: true

        type: boolean

    secrets:

      DOCKER_LOGIN_TOKEN_PASSPHRASE:

        required: true

      SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN:

        required: true

      RELEASE_AUTOMATION_BOT_PAT:

        required: true



env:

  ecr_repository: public.ecr.aws/w0m4q9l7/github-awslabs-smithy-rs-ci



jobs:

  save-docker-login-token:

    name: Save a docker login token

    timeout-minutes: 10

    outputs:

      docker-login-password: ${{ steps.set-token.outputs.docker-login-password }}

    permissions:

      id-token: write

      contents: read

    continue-on-error: true

    runs-on: ubuntu-latest

    steps:

    - name: Attempt to load a docker login password

      uses: aws-actions/configure-aws-credentials@v4

      with:

        role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}

        role-session-name: GitHubActions

        aws-region: us-west-2

    - name: Save the docker login password to the output

      id: set-token

      run: |

        ENCRYPTED_PAYLOAD=$(

          gpg --symmetric --batch --passphrase "${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}" --output - <(aws ecr-public get-login-password --region us-east-1) | base64 -w0

        )

        echo "docker-login-password=$ENCRYPTED_PAYLOAD" >> $GITHUB_OUTPUT



  acquire-base-image:

    name: Acquire Base Image

    needs: save-docker-login-token

    runs-on: ubuntu-latest

    timeout-minutes: 60

    env:

      ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}

      DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}

    permissions:

      id-token: write

      contents: read

    steps:

    - uses: actions/checkout@v4

      with:

        path: smithy-rs

    - name: Acquire base image

      id: acquire

      env:

        DOCKER_BUILDKIT: 1

      run: ./smithy-rs/.github/scripts/acquire-build-image

    - name: Acquire credentials

      uses: aws-actions/configure-aws-credentials@v4

      with:

        role-to-assume: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}

        role-session-name: GitHubActions

        aws-region: us-west-2

    - name: Upload image

      run: |

        IMAGE_TAG="$(./smithy-rs/.github/scripts/docker-image-hash)"

        docker tag "smithy-rs-base-image:${IMAGE_TAG}" "${{ env.ecr_repository }}:${IMAGE_TAG}"

        aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws

        docker push "${{ env.ecr_repository }}:${IMAGE_TAG}"



  create-pull-request-for-updating-lockfiles:

    name: Create a Pull Request for updating lockfiles

    needs:

    - acquire-base-image

    runs-on: ubuntu-latest

    steps:

    - name: Checkout smithy-rs

      uses: actions/checkout@v4

      with:

        path: smithy-rs

        token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

    - name: Create branch name for updating lockfiles

      id: branch-name-for-updating-lockfiles

      shell: bash

      run: |

        branch_name="update-all-lockfiles-$(date +%s)"

        echo "branch_name=${branch_name}" > $GITHUB_OUTPUT

    - name: Cargo update all lockfiles

      uses: ./smithy-rs/.github/actions/docker-build

      with:

        action: cargo-update-lockfiles

        action-arguments: ${{ inputs.base_branch }} ${{ steps.branch-name-for-updating-lockfiles.outputs.branch_name }} ${{ inputs.force_update_on_broken_dependencies }}

    - name: Create pull request

      working-directory: smithy-rs

      shell: bash

      env:

        GITHUB_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

      run: |

        gh pr create \

          --title 'Run `cargo update` on the runtime lockfiles and the SDK lockfile' \

          --body 'If CI fails, commit the necessary fixes to this PR until all checks pass. If required, update entries in [crateNameToLastKnownWorkingVersions](https://github.com/smithy-lang/smithy-rs/blob/6b42eb5ca00a2dc9c46562452e495a2ec2e43d0f/aws/sdk/build.gradle.kts#L503-L504).' \

          --base ${{ inputs.base_branch }} \

          --head ${{ steps.branch-name-for-updating-lockfiles.outputs.branch_name }} \

          --label "needs-sdk-review"

.github/workflows/update-lockfiles.yml

0 → 100644
+23 −0
Original line number Diff line number Diff line 
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0



name: Update lockfiles scheduled

run-name: ${{ github.workflow }}

on:

  schedule:

    # Runs 22:00 UTC every Tuesday

  - cron: 0 22 * * 2



jobs:

  cargo-update-runtime-lockfiles-and-sdk-lockfile:

    name: Run cargo update on the runtime lockfiles and the SDK lockfile

    # Don't run on forked repositories

    if: github.repository == 'smithy-lang/smithy-rs'

    uses: ./.github/workflows/pull-request-updating-lockfiles.yml

    with:

      base_branch: main

      force_update_on_broken_dependencies: false

    secrets:

      DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}

      SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN: ${{ secrets.SMITHY_RS_PUBLIC_ECR_PUSH_ROLE_ARN }}

      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

CHANGELOG.md

+6 −0
Original line number Diff line number Diff line 
<!-- Do not manually edit this file. Use the `changelogger` tool. -->

September 26th, 2024

====================

**New this release:**

- :bug: (client, [smithy-rs#3820](https://github.com/smithy-lang/smithy-rs/issues/3820)) Fixed a bug with the content length of compressed payloads that caused such requests to hang.





September 17th, 2024

====================