Skip to content

Commit 2a8ba7a

Browse files
danielsndanielsn
authored
Merge branch 'main' into dsn/unify-azure-tags
2 parents 1c8e16d + 367c8b2 commit 2a8ba7a

38 files changed

+1282
-2352
lines changed

.github/chainguard/self.read.members.sts.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ issuer: https://token.actions.githubusercontent.com
33
subject_pattern: "repo:DataDog/libdatadog.*"
44

55
claim_pattern:
6-
ref: "(main|release|julio/.*)" # TODO: remove testing branch and uncomment ref_protected
6+
ref: "refs/heads/(main|release|julio/.*|igor/.*)" # TODO: remove testing branch and uncomment ref_protected
77
# ref_protected: "true" # TODO: uncomment once tested.
88

99
permissions:

.github/chainguard/self.write.pr.sts.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,9 @@ issuer: https://token.actions.githubusercontent.com
33
subject_pattern: "repo:DataDog/libdatadog.*"
44

55
claim_pattern:
6-
ref: "refs/heads/(main|release)"
7-
ref_protected: "true"
6+
ref: "refs/heads/(main|release|igor/.*|julio/.*)"
7+
# TODO: commented to debug changelog generation.
8+
# ref_protected: "true"
89
# job_workflow_ref: DataDog/libdatadog/\.github/workflows/release-proposal-dispatch\.yml@.+
910

1011
permissions:

.github/workflows/coverage.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,6 @@ jobs:
4242
cargo llvm-cov --all-features --workspace --no-report nextest
4343
cargo llvm-cov --all-features --workspace --no-report --doc
4444
cargo llvm-cov report --doctests --lcov --output-path lcov.info
45-
cargo clean
4645
- name: Upload coverage to Codecov
4746
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # 5.5.1
4847
with:

.github/workflows/pr-metadata-docs-and-deps.yml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,31 @@ jobs:
180180
body-path: doc-check-results.md
181181
edit-mode: replace
182182

183+
missing-docs-delete:
184+
needs: changed-crates
185+
if: needs.changed-crates.outputs.crates_count == 0
186+
runs-on: ubuntu-latest
187+
permissions:
188+
pull-requests: write
189+
steps:
190+
- name: Find existing comment
191+
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
192+
id: find-comment
193+
with:
194+
issue-number: ${{ github.event.pull_request.number }}
195+
comment-author: 'github-actions[bot]'
196+
body-includes: '## 📚 Documentation Check Results'
197+
- name: Delete existing docs comment
198+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
199+
if: steps.find-comment.outputs.comment-id != ''
200+
with:
201+
script: |
202+
github.rest.issues.deleteComment({
203+
owner: context.repo.owner,
204+
repo: context.repo.repo,
205+
comment_id: ${{ steps.find-comment.outputs.comment-id }},
206+
})
207+
183208
changelog-check:
184209
needs: changed-crates
185210
if: |
@@ -338,3 +363,28 @@ jobs:
338363
run: |
339364
echo "cargo-deny found ${{ steps.cargo-deny.outputs.total_errors }} error(s) and FAIL_IF_CARGO_DENY is enabled"
340365
exit 1
366+
367+
dependency-check-delete:
368+
needs: changed-crates
369+
if: needs.changed-crates.outputs.crates_count == 0
370+
runs-on: ubuntu-latest
371+
permissions:
372+
pull-requests: write
373+
steps:
374+
- name: Find existing comment
375+
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
376+
id: find-comment
377+
with:
378+
issue-number: ${{ github.event.pull_request.number }}
379+
comment-author: 'github-actions[bot]'
380+
body-includes: '## 🔒 Cargo Deny Results'
381+
- name: Delete existing dependency check comment
382+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
383+
if: steps.find-comment.outputs.comment-id != ''
384+
with:
385+
script: |
386+
github.rest.issues.deleteComment({
387+
owner: context.repo.owner,
388+
repo: context.repo.repo,
389+
comment_id: ${{ steps.find-comment.outputs.comment-id }},
390+
})

.github/workflows/pr-name.yaml

Lines changed: 53 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,59 @@ jobs:
5858
});
5959
6060
if (!report.valid) {
61-
core.setFailed("PR title linting failed");
61+
core.info('');
62+
core.info('============================================');
63+
core.info('❌ PR TITLE VALIDATION FAILED');
64+
core.info('============================================');
65+
core.info('');
66+
core.info(`PR Title: ${title}`);
67+
core.info('');
68+
core.info('Errors found:');
69+
report.errors.forEach((error) => {
70+
core.info(` - ${error.message}`);
71+
});
72+
if (report.warnings.length > 0) {
73+
core.info('');
74+
core.info('Warnings:');
75+
report.warnings.forEach((warning) => {
76+
core.info(` - ${warning.message}`);
77+
});
78+
}
79+
core.info('');
80+
core.info('============================================');
81+
core.info('PR TITLE FORMAT GUIDE');
82+
core.info('============================================');
83+
core.info('');
84+
core.info('Expected format: type(scope): description');
85+
core.info('');
86+
core.info('Valid types:');
87+
core.info(' feat - A new feature (triggers minor version bump)');
88+
core.info(' fix - A bug fix (triggers patch version bump)');
89+
core.info(' docs - Documentation only changes');
90+
core.info(' style - Code style changes (formatting, semicolons, etc)');
91+
core.info(' refactor - Code change that neither fixes a bug nor adds a feature');
92+
core.info(' perf - Performance improvement');
93+
core.info(' test - Adding or correcting tests');
94+
core.info(' build - Changes to build system or dependencies');
95+
core.info(' ci - Changes to CI configuration');
96+
core.info(' chore - Other changes that don\'t modify src or test files');
97+
core.info(' revert - Reverts a previous commit');
98+
core.info('');
99+
core.info('Breaking changes: Add ! after type, e.g., feat!: or fix(scope)!:');
100+
core.info('');
101+
core.info('Scope is optional but recommended for clarity.');
102+
core.info('');
103+
core.info('Ticket references: If included, must be at the END of the title');
104+
core.info(' ✓ feat(api): add new endpoint [PROJ-123]');
105+
core.info(' ✗ feat(api): [PROJ-123] add new endpoint');
106+
core.info('');
107+
core.info('Examples of valid PR titles:');
108+
core.info(' feat: add user authentication');
109+
core.info(' fix(parser): handle edge case in tokenizer');
110+
core.info(' feat!: redesign public API');
111+
core.info(' docs: update README with examples [PROJ-456]');
112+
core.info('');
113+
core.setFailed("PR title linting failed - see format guide above");
62114
}
63115
});
64116
});

.github/workflows/pr-title-semver-check.yml

Lines changed: 73 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -259,10 +259,80 @@ jobs:
259259
echo "❌ SEMVER VALIDATION FAILED"
260260
echo "============================================"
261261
echo ""
262-
echo "Details:"
263-
echo " PR Title: $PR_TITLE"
264-
echo " Detected semver level: $SEMVER_LEVEL"
262+
echo "PR Title: $PR_TITLE"
263+
echo "PR Type: $TYPE"
264+
echo "Detected semver level: $SEMVER_LEVEL"
265+
echo "Breaking change marked: ${IS_BREAKING_CHANGE:-no}"
266+
echo ""
267+
echo "--------------------------------------------"
268+
echo "WHAT WAS DETECTED:"
269+
echo "--------------------------------------------"
270+
# Show details for each crate
271+
echo "$SEMVER_RESULT_JSON" | jq -r '.crates[] | "Crate: \(.name)\n Level: \(.level)\n Reason: \(.reason)\n Details:\n\(.details | split("\n") | map(" " + .) | join("\n"))\n"'
272+
echo ""
273+
echo "--------------------------------------------"
274+
echo "WHY THIS FAILED:"
275+
echo "--------------------------------------------"
276+
case "$TYPE" in
277+
fix)
278+
if [[ "$SEMVER_LEVEL" == "major" ]] && [[ -z "$IS_BREAKING_CHANGE" ]]; then
279+
echo "'fix' with major changes requires breaking change marker."
280+
echo "Add '!' to PR title (fix!:) or add 'BREAKING CHANGE:' footer in PR body."
281+
elif [[ "$SEMVER_LEVEL" == "minor" ]]; then
282+
echo "'fix' cannot have minor-level changes (new public API)."
283+
echo "Use 'feat' type instead, or remove the new public API additions."
284+
elif [[ "$SEMVER_LEVEL" == "none" ]]; then
285+
echo "'fix' requires changes to published crates."
286+
echo "Use 'chore' or 'ci' for non-published changes."
287+
fi
288+
;;
289+
feat)
290+
if [[ "$SEMVER_LEVEL" == "major" ]] && [[ -z "$IS_BREAKING_CHANGE" ]]; then
291+
echo "'feat' with major changes requires breaking change marker."
292+
echo "Add '!' to PR title (feat!:) or add 'BREAKING CHANGE:' footer in PR body."
293+
elif [[ "$SEMVER_LEVEL" == "patch" ]]; then
294+
echo "'feat' requires minor-level changes (new public API)."
295+
echo "Use 'fix' for bug fixes, or ensure new items are marked 'pub'."
296+
elif [[ "$SEMVER_LEVEL" == "none" ]]; then
297+
echo "'feat' requires changes to published crates."
298+
echo "Use 'chore' for non-published changes."
299+
fi
300+
;;
301+
chore|ci|docs|style|test|build|perf)
302+
if [[ -n "$IS_BREAKING_CHANGE" ]]; then
303+
echo "'$TYPE' cannot have breaking change marker."
304+
echo "Remove '!' from title or use 'feat!', 'fix!', or 'refactor!' instead."
305+
elif [[ "$SEMVER_LEVEL" == "major" ]]; then
306+
echo "'$TYPE' cannot have major-level changes (breaking API)."
307+
echo "Use 'refactor!' or 'feat!' for intentional breaking changes."
308+
elif [[ "$SEMVER_LEVEL" == "minor" ]]; then
309+
echo "'$TYPE' cannot have minor-level changes (new public API)."
310+
echo "Use 'feat' for new features, or mark new items as pub(crate)."
311+
fi
312+
;;
313+
refactor)
314+
if [[ "$SEMVER_LEVEL" == "major" ]] && [[ -z "$IS_BREAKING_CHANGE" ]]; then
315+
echo "'refactor' with major changes requires breaking change marker."
316+
echo "Add '!' to PR title (refactor!:) or add 'BREAKING CHANGE:' footer in PR body."
317+
fi
318+
;;
319+
*)
320+
echo "Unknown PR type: '$TYPE'"
321+
echo "Valid types: feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert"
322+
;;
323+
esac
324+
echo ""
325+
echo "--------------------------------------------"
326+
echo "VALID COMBINATIONS:"
327+
echo "--------------------------------------------"
328+
echo " fix -> patch, or major (with '!')"
329+
echo " feat -> minor, or major (with '!')"
330+
echo " refactor -> patch, minor, or major (with '!')"
331+
echo " chore/ci/docs/style/test/build/perf -> patch or none only"
332+
echo " revert -> any level"
333+
echo ""
265334
exit 1
266335
else
336+
echo "✅ Semver validation passed: '$TYPE' is compatible with '$SEMVER_LEVEL'"
267337
exit 0
268338
fi

.github/workflows/release-proposal-dispatch.yml

Lines changed: 66 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ env:
3232
MAIN_BRANCH: main
3333
RELEASE_BRANCH: release
3434
PROPOSAL_BRANCH_PREFIX: release-proposal
35+
GIT_USER_NAME: "dd-octo-sts[bot]"
36+
GIT_USER_EMAIL: "200755185+dd-octo-sts[bot]@users.noreply.github.com"
3537

3638
jobs:
3739
check-proposal-ongoing:
@@ -53,29 +55,75 @@ jobs:
5355
fi
5456
echo "No release proposal is ongoing."
5557
58+
check-membership:
59+
permissions:
60+
id-token: write # Enable OIDC
61+
runs-on: ubuntu-latest
62+
needs: check-proposal-ongoing
63+
steps:
64+
- uses: DataDog/dd-octo-sts-action@08f2144903ced3254a3dafec2592563409ba2aa0 # v1.0.1
65+
id: octo-sts
66+
with:
67+
scope: DataDog/libdatadog # target repository
68+
policy: self.read.members # trust policy in target repo, without the .sts.yaml extension
69+
70+
- name: Check if user is in the team allowed to make crate releases
71+
id: check
72+
uses: TheModdingInquisition/actions-team-membership@057d91bb80f2976a1bc6dfab5b4ae1da9aebbd89 #v1.0.1
73+
with:
74+
team: 'apm-common-components-core'
75+
organization: 'Datadog'
76+
token: ${{ steps.octo-sts.outputs.token }} # Needs 'read:org' scope
77+
exit: false
78+
79+
- name: Check output
80+
run: |
81+
permitted=${{ steps.check.outputs.permitted }}
82+
if [[ "$permitted" != "true" ]]; then
83+
echo "User is not part of apm-common-components-core"
84+
exit 1
85+
fi
86+
5687
update-release-branch:
5788
permissions:
5889
id-token: write # Enable OIDC
5990
contents: write
6091
runs-on: ubuntu-latest
61-
needs: check-proposal-ongoing
92+
needs: check-membership
6293
steps:
94+
- uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
95+
id: octo-sts
96+
with:
97+
scope: DataDog/libdatadog
98+
policy: self.write.pr
99+
63100
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
64101
with:
102+
token: ${{ steps.octo-sts.outputs.token }}
65103
fetch-depth: 0
66104
fetch-tags: true
105+
106+
- name: Configure Git identity for dd-octo-sts GitHub App
107+
env:
108+
GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
109+
run: |
110+
111+
git config --global user.name "$GIT_USER_NAME"
112+
git config --global user.email "$GIT_USER_EMAIL"
113+
67114
- name: Merge the main branch into the release branch
68115
run: |
69116
git fetch origin "${{ env.RELEASE_BRANCH }}" --tags
70117
git checkout "${{ env.RELEASE_BRANCH }}"
71-
# only fast-forward the merge
72-
if ! git merge --ff-only origin/"${{ env.MAIN_BRANCH }}"; then
73-
echo "Error: Cannot fast-forward merge ${{ env.MAIN_BRANCH }} into ${{ env.RELEASE_BRANCH }}" >&2
74-
echo "The branches have diverged." >&2
118+
119+
if ! git merge origin/"${{ env.MAIN_BRANCH }}"; then
120+
echo "Error: Cannot merge ${{ env.MAIN_BRANCH }} into ${{ env.RELEASE_BRANCH }}" >&2
121+
echo "There are merge conflicts or the branches have diverged." >&2
75122
echo "If you have recently launched another release, it is possible that ${{ env.MAIN_BRANCH }} branch is not yet updated with the ${{ env.RELEASE_BRANCH }} changes." >&2
76123
echo "Please try again later." >&2
77124
exit 1
78125
fi
126+
79127
git push origin "${{ env.RELEASE_BRANCH }}" --tags
80128
81129
cargo-release:
@@ -85,12 +133,12 @@ jobs:
85133
contents: write
86134
needs: update-release-branch
87135
runs-on: ubuntu-latest
88-
# TODO: uncomment this when we have a way to test this workflow
89-
# if: ${{ github.repository_owner == 'datadog' }}
90136
steps:
91137
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
92138
with:
93-
fetch-depth: 0 # Need full history for git tags
139+
ref: ${{ env.RELEASE_BRANCH }}
140+
fetch-depth: 0
141+
fetch-tags: true
94142
- uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
95143
with:
96144
cache-targets: true
@@ -117,8 +165,8 @@ jobs:
117165

118166
- name: Configure Git for signing
119167
run: |
120-
git config --global user.name "github-actions[bot]"
121-
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
168+
git config --global user.name "${{ env.GIT_USER_NAME }}"
169+
git config --global user.email "${{ env.GIT_USER_EMAIL }}"
122170
123171
- name: Get publication order for crate and dependencies
124172
run: |
@@ -140,6 +188,14 @@ jobs:
140188
- name: Create a branch for the release proposal
141189
id: proposal-branch
142190
run: |
191+
git status
192+
193+
IS_SHALLOW=$(git rev-parse --is-shallow-repository)
194+
if [ "$IS_SHALLOW" = "true" ]; then
195+
echo "Repository is shallow"
196+
git pull --unshallow
197+
fi
198+
143199
git checkout "${{ env.RELEASE_BRANCH }}"
144200
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
145201
BRANCH_NAME="${{ env.PROPOSAL_BRANCH_PREFIX }}/${{ inputs.crate }}/$TIMESTAMP"
@@ -334,7 +390,6 @@ jobs:
334390
"",
335391
(if $api_info.version then "**Next version:** `\($api_info.version)`\n" else null end),
336392
"**Semver bump:** `\($api_info.level)`",
337-
"",
338393
(if $api_info.tag then "**Tag:** `\($api_info.tag)`\n" else null end),
339394
(if $api_info.initial_release == "true" then
340395
"**Warning:** this is an initial release. Please verify that the version and commits included are correct.\n"

0 commit comments

Comments
 (0)