Modify release process, release v0.16.0 (#221)

IronCoreLabs · Nov 2, 2023 · 0b70766 · 0b70766
1 parent 7ee2451
commit 0b70766
Show file tree

Hide file tree

Showing 20 changed files with 287 additions and 221 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -57,8 +57,9 @@ jobs:
       - uses: IronCoreLabs/rust-toolchain@v1
       - name: Build
         run: |
-          cargo install cross
-          cross build --target ${{ matrix.arch }} -p ironoxide-android
+          cargo install cargo-ndk
+          rustup target install ${{ matrix.arch }}
+          cargo ndk -t ${{ matrix.arch }} build -p ironoxide-android
           cp -r target/${{ matrix.arch }}/debug/build/ironoxide-android*/out/java android/ironoxide-android/src/main/
           mkdir -p android/ironoxide-android/src/main/jniLibs/${{ matrix.folder-name }}/
           cp -r target/${{ matrix.arch }}/debug/libironoxide_android.so android/ironoxide-android/src/main/jniLibs/${{ matrix.folder-name }}/
@@ -108,8 +109,6 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Install cross
-        run: cargo install cross
       - name: Run build script
         run: ./build.sh
         working-directory: android
@@ -120,27 +119,32 @@ jobs:
         working-directory: android
 
   cpp-build:
-    strategy:
-      matrix:
-        os: [ubuntu-22.04, macos-12]
-    runs-on: ${{ matrix.os }}
+    runs-on: macos-12
+    steps:
+      - uses: actions/checkout@v4
+      - uses: IronCoreLabs/rust-toolchain@v1
+        with:
+          toolchain: stable
+      - name: Setup iOS build
+        run: |
+          rustup target add x86_64-apple-ios aarch64-apple-ios
+          cargo install cargo-lipo
+      - name: Build for iOS
+        run: cargo lipo -p ironoxide-cpp
+
+  cpp-test:
+    # Cmake on macos fails to find TargetConditionals.h
+    # See https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
       - uses: IronCoreLabs/rust-toolchain@v1
         with:
           toolchain: stable
       - name: Build and test
         run: |
-          cargo build --release -p ironoxide-cpp
+          cargo build -p ironoxide-cpp
           cd cpp/
           cmake .
           make
           ./cpp-tests
-      - name: Setup iOS build
-        if: startsWith(matrix.os, 'macos')
-        run: |
-          rustup target add x86_64-apple-ios aarch64-apple-ios
-          cargo install cargo-lipo
-      - name: Build for iOS
-        if: startsWith(matrix.os, 'macos')
-        run: cargo lipo --release -p ironoxide-cpp
diff --git a/.github/workflows/release-android.yaml b/.github/workflows/release-android.yaml
@@ -20,8 +20,6 @@ jobs:
           java-version: 8
           distribution: adopt
       - run: sudo apt-get install -y clang
-      - name: Install cross
-        run: cargo install cross
       - name: Run build script
         run: ./build-aar.sh
         working-directory: android

diff --git a/.github/workflows/release-github.yaml b/.github/workflows/release-github.yaml
@@ -14,7 +14,8 @@ jobs:
     runs-on: ubuntu-22.04
     needs:
       - build-java
-      - build-cpp
+    # CPP is current disabled because of an issue with Cmake https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222
+    #   - build-cpp
     steps:
       - uses: actions/checkout@v4
         with:
@@ -92,24 +93,24 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Download iOS release artifacts from build-cpp
-        uses: actions/download-artifact@v3
-        with:
-          name: release-iOS
-          path: release/release-iOS
-      - name: Delete artifact
-        uses: geekyeggo/delete-artifact@v1
-        with:
-          name: release-macos-12
-          failOnError: false
-      - name: Sign iOS artifact
-        run: |
-          gpg --batch --detach-sign -a release/release-iOS/ironoxide-homebrew.tar.gz
-          gpg --batch --verify release/release-iOS/ironoxide-homebrew.tar.gz.asc release/release-iOS/ironoxide-homebrew.tar.gz
-      - name: Upload tar for release-iOS
-        run: gh release upload ${{ steps.version.outputs.tag }} release/release-iOS/ironoxide-homebrew.tar.gz release/release-iOS/ironoxide-homebrew.tar.gz.asc --clobber
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   - name: Download iOS release artifacts from build-cpp
+      #     uses: actions/download-artifact@v3
+      #     with:
+      #       name: release-iOS
+      #       path: release/release-iOS
+      #   - name: Delete artifact
+      #     uses: geekyeggo/delete-artifact@v1
+      #     with:
+      #       name: release-macos-12
+      #       failOnError: false
+      #   - name: Sign iOS artifact
+      #     run: |
+      #       gpg --batch --detach-sign -a release/release-iOS/ironoxide-homebrew.tar.gz
+      #       gpg --batch --verify release/release-iOS/ironoxide-homebrew.tar.gz.asc release/release-iOS/ironoxide-homebrew.tar.gz
+      #   - name: Upload tar for release-iOS
+      #     run: gh release upload ${{ steps.version.outputs.tag }} release/release-iOS/ironoxide-homebrew.tar.gz release/release-iOS/ironoxide-homebrew.tar.gz.asc --clobber
+      #     env:
+      #       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Increment to next -SNAPSHOT version for Java.
         run: |
@@ -150,77 +151,78 @@ jobs:
         with:
           name: release-macos-12
           path: target/release/libironoxide_java.dylib
+# See https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222
+#   build-cpp:
+#     if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
+#     runs-on: macos-12
+#     steps:
+#       - uses: actions/checkout@v4
+#       - uses: IronCoreLabs/rust-toolchain@v1
+#       - name: Setup iOS build
+#         run: |
+#           rustup target add x86_64-apple-ios aarch64-apple-ios
+#           cargo install cargo-lipo
+#       - name: Build for iOS
+#         run: cargo lipo --release -p ironoxide-cpp
+#       - name: Build iOS tar
+#         run: |
+#           ( cd cpp/generated && mv sdk headers )
+#           tar -c -f ironoxide-homebrew.tar -C cpp/generated headers
+#           tar -r -f ironoxide-homebrew.tar -C cpp ironoxide.pc.in
+#           tar -r -f ironoxide-homebrew.tar -C target/universal/release libironoxide.a
+#           gzip ironoxide-homebrew.tar
+#       - name: Upload iOS artifact
+#         uses: actions/upload-artifact@v3
+#         with:
+#           name: release-iOS
+#           path: ironoxide-homebrew.tar.gz
 
-  build-cpp:
-    if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
-    runs-on: macos-12
-    steps:
-      - uses: actions/checkout@v4
-      - uses: IronCoreLabs/rust-toolchain@v1
-      - name: Setup iOS build
-        run: |
-          rustup target add x86_64-apple-ios aarch64-apple-ios
-          cargo install cargo-lipo
-      - name: Build for iOS
-        run: cargo lipo --release -p ironoxide-cpp
-      - name: Build iOS tar
-        run: |
-          ( cd cpp/generated && mv sdk headers )
-          tar -c -f ironoxide-homebrew.tar -C cpp/generated headers
-          tar -r -f ironoxide-homebrew.tar -C cpp ironoxide.pc.in
-          tar -r -f ironoxide-homebrew.tar -C target/universal/release libironoxide.a
-          gzip ironoxide-homebrew.tar
-      - name: Upload iOS artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: release-iOS
-          path: ironoxide-homebrew.tar.gz
-
-  # Creates a PR to update homebrew-ironcore, which depends on releases from this repository.
-  homebrew-ironcore:
-    if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
-    runs-on: ubuntu-22.04
-    needs:
-      - release
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          # If we use the default GITHUB_TOKEN, it won't run our CI job once we create a PR. The WORKFLOW_PAT is a personal
-          # access token with "repo" permissions.
-          token: ${{ secrets.WORKFLOW_PAT }}
-          repository: IronCoreLabs/homebrew-ironcore
-      - name: Configure git
-        run: |
-          git config --local user.email [email protected]
-          git config --local user.name "Leeroy Travis"
-      - name: Set variables from version and hash
-        id: vars
-        run: |
-          CURRENT=$(basename ${{ github.head_ref }})
-          NAME=$(echo ${CURRENT} | sed 's/release-//')
-          ARTIFACT=https://github.com/IronCoreLabs/ironoxide-swig-bindings/releases/download/${NAME}/ironoxide-homebrew.tar.gz
-          wget -q ${ARTIFACT}
-          SHA256=$(sha256sum -b ironoxide-homebrew.tar.gz | awk '{print $1}')
-          echo "tag=${NAME}" >> "$GITHUB_OUTPUT"
-          echo "pr_branch=ironoxide-swig-bindings-${NAME}" >> "$GITHUB_OUTPUT"
-          echo "artifact=${ARTIFACT}" >> "$GITHUB_OUTPUT"
-          echo "sha256=${SHA256}" >> "$GITHUB_OUTPUT"
-      - name: Edit files for pending release
-        run: |
-          sed -i -e 's,^\( *url "\)[^"]*\("\)$,\1${{ steps.vars.outputs.artifact }}\2,' Formula/ironoxide.rb
-          sed -i -e 's,^\( *sha256 "\)[0-9a-f]*\("\)$,\1${{ steps.vars.outputs.sha256 }}\2,' Formula/ironoxide.rb
-      - run: git add Formula/ironoxide.rb
-      - run: git checkout -b ${{ steps.vars.outputs.pr_branch }}
-      - run: git commit -m "Use new ironoxide-homebrew ${{ steps.vars.outputs.tag }}"
-      - run: git push origin ${{ steps.vars.outputs.pr_branch }}
-      - name: Create PR
-        run: |
-          curl --silent --show-error --fail -X POST \
-            -H "Authorization: token ${{ secrets.WORKFLOW_PAT }}" \
-            -H "Content-Type: application/json" \
-            --data '{"title": "Use new ironoxide-swig-bindings ${{ steps.vars.outputs.tag }}",
-              "head": "${{ steps.vars.outputs.pr_branch }}",
-              "base": "main",
-              "body": ""
-              }' \
-            https://api.github.com/repos/IronCoreLabs/homebrew-ironcore/pulls
+# See https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222
+# Creates a PR to update homebrew-ironcore, which depends on releases from this repository.
+#   homebrew-ironcore:
+#     if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
+#     runs-on: ubuntu-22.04
+#     needs:
+#       - release
+#     steps:
+#       - uses: actions/checkout@v4
+#         with:
+#           # If we use the default GITHUB_TOKEN, it won't run our CI job once we create a PR. The WORKFLOW_PAT is a personal
+#           # access token with "repo" permissions.
+#           token: ${{ secrets.WORKFLOW_PAT }}
+#           repository: IronCoreLabs/homebrew-ironcore
+#       - name: Configure git
+#         run: |
+#           git config --local user.email [email protected]
+#           git config --local user.name "Leeroy Travis"
+#       - name: Set variables from version and hash
+#         id: vars
+#         run: |
+#           CURRENT=$(basename ${{ github.head_ref }})
+#           NAME=$(echo ${CURRENT} | sed 's/release-//')
+#           ARTIFACT=https://github.com/IronCoreLabs/ironoxide-swig-bindings/releases/download/${NAME}/ironoxide-homebrew.tar.gz
+#           wget -q ${ARTIFACT}
+#           SHA256=$(sha256sum -b ironoxide-homebrew.tar.gz | awk '{print $1}')
+#           echo "tag=${NAME}" >> "$GITHUB_OUTPUT"
+#           echo "pr_branch=ironoxide-swig-bindings-${NAME}" >> "$GITHUB_OUTPUT"
+#           echo "artifact=${ARTIFACT}" >> "$GITHUB_OUTPUT"
+#           echo "sha256=${SHA256}" >> "$GITHUB_OUTPUT"
+#       - name: Edit files for pending release
+#         run: |
+#           sed -i -e 's,^\( *url "\)[^"]*\("\)$,\1${{ steps.vars.outputs.artifact }}\2,' Formula/ironoxide.rb
+#           sed -i -e 's,^\( *sha256 "\)[0-9a-f]*\("\)$,\1${{ steps.vars.outputs.sha256 }}\2,' Formula/ironoxide.rb
+#       - run: git add Formula/ironoxide.rb
+#       - run: git checkout -b ${{ steps.vars.outputs.pr_branch }}
+#       - run: git commit -m "Use new ironoxide-homebrew ${{ steps.vars.outputs.tag }}"
+#       - run: git push origin ${{ steps.vars.outputs.pr_branch }}
+#       - name: Create PR
+#         run: |
+#           curl --silent --show-error --fail -X POST \
+#             -H "Authorization: token ${{ secrets.WORKFLOW_PAT }}" \
+#             -H "Content-Type: application/json" \
+#             --data '{"title": "Use new ironoxide-swig-bindings ${{ steps.vars.outputs.tag }}",
+#               "head": "${{ steps.vars.outputs.pr_branch }}",
+#               "base": "main",
+#               "body": ""
+#               }' \
+#             https://api.github.com/repos/IronCoreLabs/homebrew-ironcore/pulls
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,8 @@
+# Changelog
+
+## 0.16.0
+
+- [[#221](https://github.com/IronCoreLabs/ironoxide-swig-bindings/pull/221)] Dependency updates
+    - Notably, ironoxide now contains policy caching for unmanaged encryption.
+
+_Due to an issue with GitHub Actions, ironoxide-cpp is not included in this release._