grubble 5.2.2

Automatic semantic versioning based on conventional commits, optimized for AI-generated commit messages
name: Version & Release

on:
  push:
    branches: [main]
  workflow_dispatch:
    inputs:
      skip_version_bump:
        description: 'Skip version bumping for testing workflow logic'
        required: false
        default: 'false'
        type: choice
        options:
        - 'true'
        - 'false'

# Prevent concurrent version bumps
concurrency:
  group: version-release
  cancel-in-progress: false

jobs:
  wait-for-ci:
    runs-on: ubuntu-latest
    if: github.event_name != 'workflow_dispatch'
    steps:
      - name: Wait for CI to complete
        uses: lewagon/wait-on-check-action@v1.3.4
        with:
          ref: ${{ github.sha }}
          check-name: 'test'
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          wait-interval: 10

  version:
    runs-on: ubuntu-latest
    needs: [wait-for-ci]
    if: always() && (needs.wait-for-ci.result == 'success' || github.event_name == 'workflow_dispatch')
    outputs:
      version_changed: ${{ steps.bump.outputs.changed }}
      new_version: ${{ steps.bump.outputs.version }}
      tag_name: ${{ steps.bump.outputs.tag_name }}
    permissions:
      contents: write        # Push commits and tags
      pull-requests: write   # Create the release PR
    steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
        fetch-tags: true

    # We build from source (rather than using davegarvey/grubble@v5) so we can
    # dogfood new binary features immediately on merge, without waiting for a
    # release to update the @v5 tag.
    - name: Setup Rust
      uses: actions-rust-lang/setup-rust-toolchain@v1
      with:
        toolchain: stable
        cache: true

    - name: Build grubble
      run: cargo build --release

    # Remove v* tags that are not reachable from main. These are leftovers
    # from previous failed runs that pushed to release/* branches but never
    # merged. Without this, the binary's `git tag v<version>` would fail with
    # "tag already exists". Only unreachable tags are removed — legitimate
    # tags (e.g. v5.1.0 on the current branch's history) are kept so the
    # binary can find the last tag and only analyze new commits.
    - name: Clean up stale tags
      run: |
        git fetch origin --tags
        git tag -l 'v*' | while read -r tag; do
          if ! git merge-base --is-ancestor "$tag" HEAD 2>/dev/null; then
            echo "Removing unreachable tag: $tag"
            git tag -d "$tag"
          fi
        done

    - name: Bump version
      id: bump
      if: github.event_name != 'workflow_dispatch' || github.event.inputs.skip_version_bump != 'true'
      run: |
        VERSION_BEFORE=$(grep '^version' Cargo.toml | head -1 | cut -d'"' -f2)

        ./target/release/grubble \
          --git-user-name "github-actions[bot]" \
          --git-user-email "41898282+github-actions[bot]@users.noreply.github.com" \
          --preset rust \
          --tag \
          --release-notes \
          --changelog \
          --update-major-tag

        VERSION_AFTER=$(grep '^version' Cargo.toml | head -1 | cut -d'"' -f2)

        if [ "$VERSION_AFTER" != "$VERSION_BEFORE" ]; then
          echo "changed=true" >> $GITHUB_OUTPUT
        else
          echo "changed=false" >> $GITHUB_OUTPUT
        fi
        echo "version=$VERSION_AFTER" >> $GITHUB_OUTPUT
        echo "tag_name=v$VERSION_AFTER" >> $GITHUB_OUTPUT

    - name: Push to release branch and create PR
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: |
        if [ "${{ steps.bump.outputs.changed }}" != "true" ]; then
          echo "No version change — skipping push and PR creation."
          exit 0
        fi

        VERSION="${{ steps.bump.outputs.version }}"
        BRANCH="release/v${VERSION}"

        # Force-create the branch in case a previous run left one behind on the remote.
        git checkout -B "${BRANCH}"
        git push --set-upstream origin "${BRANCH}" --force
        git push --tags --force

        PR_URL=$(gh pr create \
          --base main \
          --head "${BRANCH}" \
          --title "Release v${VERSION}" \
          --body "Automated release PR created by grubble.")
        # Use a merge commit (not --squash) so the release branch commit — which
        # carries the v<version> tag — becomes a parent of the merge commit
        # on main. With squash, the tag would be orphaned and the next workflow
        # run would fail with "package version ahead of latest tag".
        gh pr merge "${PR_URL}" --auto --merge

  test:
    name: Pre-release Tests
    runs-on: ubuntu-latest
    needs: version
    if: needs.version.outputs.version_changed == 'true'
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ needs.version.outputs.tag_name }}

      - name: Setup Rust
        uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          toolchain: stable
          components: clippy, rustfmt
          cache: true

      - name: Run tests
        run: cargo test --all-features --verbose

      - name: Run clippy
        run: cargo clippy --all-targets --all-features -- -D warnings

  create-release:
    name: Create Release
    runs-on: ubuntu-latest
    needs: [version, test]
    permissions:
      contents: write
    outputs:
      tag_name: ${{ needs.version.outputs.tag_name }}
      version: ${{ needs.version.outputs.new_version }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ needs.version.outputs.tag_name }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Generate AI Release Notes
        run: |
          npx github:davegarvey/bubble \
            --tag ${{ needs.version.outputs.tag_name }} \
            --repo ${{ github.repository }} \
            --github-token ${{ secrets.GITHUB_TOKEN }} \
            --api-key ${{ secrets.OPENAI_API_KEY }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  build-release:
    name: Build Release
    needs: create-release
    strategy:
      fail-fast: false
      matrix:
        include:
          - target: x86_64-unknown-linux-musl
            os: ubuntu-latest
            name: grubble-linux-x86_64
            cross: true
          - target: aarch64-unknown-linux-musl
            os: ubuntu-latest
            name: grubble-linux-aarch64
            cross: true
          - target: aarch64-apple-darwin
            os: macos-latest
            name: grubble-macos-aarch64
            cross: false
          - target: x86_64-pc-windows-msvc
            os: windows-latest
            name: grubble-windows-x86_64.exe
            cross: false

    runs-on: ${{ matrix.os }}
    permissions:
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ needs.create-release.outputs.tag_name }}

      - name: Setup Rust
        uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          toolchain: stable
          target: ${{ matrix.target }}
          cache: true

      - name: Install cross
        if: matrix.cross
        run: |
          cargo install cross --git https://github.com/cross-rs/cross
          cross --version

      - name: Build (native)
        if: ${{ !matrix.cross }}
        run: cargo build --release --target ${{ matrix.target }}

      - name: Build (cross)
        if: matrix.cross
        run: cross build --release --target ${{ matrix.target }}

      - name: Strip binary (Linux)
        if: matrix.os == 'ubuntu-latest'
        run: |
          strip target/${{ matrix.target }}/release/grubble || true

      - name: Strip binary (macOS)
        if: matrix.os == 'macos-latest'
        run: |
          strip target/${{ matrix.target }}/release/grubble || true

      - name: Prepare binary (Unix)
        if: matrix.os != 'windows-latest'
        run: |
          cd target/${{ matrix.target }}/release
          tar czf ../../../${{ matrix.name }}.tar.gz grubble
          cd -

      - name: Prepare binary (Windows)
        if: matrix.os == 'windows-latest'
        run: |
          cd target/${{ matrix.target }}/release
          7z a ../../../${{ matrix.name }}.zip grubble.exe
          cd -

      - name: Generate SHA256 checksums (Unix)
        if: matrix.os != 'windows-latest'
        run: |
          shasum -a 256 ${{ matrix.name }}.tar.gz > ${{ matrix.name }}.tar.gz.sha256

      - name: Generate SHA256 checksums (Windows)
        if: matrix.os == 'windows-latest'
        shell: pwsh
        run: |
          $hash = (Get-FileHash -Algorithm SHA256 ${{ matrix.name }}.zip).Hash.ToLower()
          "$hash  ${{ matrix.name }}.zip" | Out-File -Encoding ASCII ${{ matrix.name }}.zip.sha256

      - name: Upload Release Asset (Unix)
        if: matrix.os != 'windows-latest'
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ needs.create-release.outputs.tag_name }}
          files: |
            ${{ matrix.name }}.tar.gz
            ${{ matrix.name }}.tar.gz.sha256
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload Release Asset (Windows)
        if: matrix.os == 'windows-latest'
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ needs.create-release.outputs.tag_name }}
          files: |
            ${{ matrix.name }}.zip
            ${{ matrix.name }}.zip.sha256
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  publish-crate:
    name: Publish to crates.io
    runs-on: ubuntu-latest
    needs: [test, build-release, create-release]
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ needs.create-release.outputs.tag_name }}
      
      - name: Setup Rust
        uses: actions-rust-lang/setup-rust-toolchain@v1
        with:
          toolchain: stable
          cache: true

      - name: Authenticate with crates.io
        uses: rust-lang/crates-io-auth-action@v1
        id: auth

      - name: Publish to crates.io
        run: cargo publish
        env:
          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}