trustfall_rustdoc 0.39.0

Run Trustfall queries across multiple rustdoc JSON format versions.
Documentation
# Automatically add new rustdoc JSON format versions to our crate.

---
name: Add support for new rustdoc JSON format version
on:
  workflow_dispatch:
    # Needed so we can run it manually
    inputs:
      next-format:
        description: 'The rustdoc JSON format version to add. If empty, adds version `N+1` where `N` is the highest previously-supported format version.'
        type: number
        required: false
permissions:
  contents: read
defaults:
  run:
    shell: bash
env:
  PR_TITLE: Add support for new rustdoc JSON format
  PR_MESSAGE: |
    Automatically generated by the `add_new_rustdoc_version.yml` workflow.

jobs:
  codegen:
    if: github.repository_owner == 'obi1kenobi'
    runs-on: ubuntu-latest
    steps:
      - name: checkout the source code
        uses: actions/checkout@v7
        with:
          persist-credentials: false

      - name: download yq
        env:
          VERSION: "v4.43.1"
        run: |
          set -euxo pipefail
          wget "https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64" -O yq &&\
            chmod +x ./yq

      - name: codegen new rustdoc format support
        env:
          NEXT_FORMAT: ${{inputs.next-format}}
        run: |
          set -euxo pipefail
          ./scripts/add_new_rustdoc_version.sh "$NEXT_FORMAT"

      - name: upload artifact for use in PR
        uses: actions/upload-artifact@v7
        with:
          name: rustdoc-update
          if-no-files-found: error
          retention-days: 1
          path: |
            Cargo.toml
            Cargo.lock
            src/**/*.rs
            .github/workflows/ci.yml

  make-pr:
    if: github.repository_owner == 'obi1kenobi'
    name: open or amend PR
    needs: codegen
    runs-on: ubuntu-latest
    env:
      BRANCH_NAME: add_new_rustdoc_version
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: checkout the source code
        uses: actions/checkout@v7
        with:
          # We have to use a Personal Access Token (PAT) here.
          # We are going to open a PR with changes to workflows, which requires a special permission
          # that normal GitHub Actions runs don't have.
          token: ${{ secrets.RUSTDOC_VERSION_ADDER_TOKEN }}
          persist-credentials: true

      - name: download from codegen job
        uses: actions/download-artifact@v8
        with:
          name: rustdoc-update

      - name: craft PR body and commit message
        run: |
          set -euo pipefail

          echo "${PR_MESSAGE}" > body.md

      - name: commit
        run: |
          set -euxo pipefail

          git config user.name github-actions
          git config user.email github-actions@github.com
          git switch --force-create "$BRANCH_NAME"
          git add ./Cargo.toml
          git add ./Cargo.lock
          git add ./src
          git add ./.github/workflows/ci.yml
          DIFF="$(git diff --staged)"
          if [[ "$DIFF" == "" ]]; then
            echo >&2 "contents were not changed, bailing out and not making a PR"
            exit 1
          fi
          git commit --no-verify --file=body.md

      - name: push
        run: |
          set -euo pipefail
          git push --no-verify --force --set-upstream origin "$BRANCH_NAME"

      - name: edit existing open pull request
        id: edit
        # Don't fail job if we need to open new PR
        continue-on-error: true
        env:
          # We have to use a Personal Access Token (PAT) here.
          # PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
          # do not automatically trigger more workflows:
          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
          GITHUB_TOKEN: ${{ secrets.RUSTDOC_VERSION_ADDER_TOKEN }}
          NEXT_FORMAT: ${{inputs.next-format}}
        run: |
          set -euxo pipefail

          # Exit with error if PR is closed
          STATE="$(gh pr view "$BRANCH_NAME" --repo "$GITHUB_REPOSITORY" --json state --jq '.state')"
          if [[ "$STATE" != "OPEN" ]]; then
            exit 1
          fi

          if [[ "$NEXT_FORMAT" != "" ]]; then
            # A format was explicitly selected, include it in the PR title.
            FINAL_PR_TITLE="${PR_TITLE} v${NEXT_FORMAT}"
          else
            FINAL_PR_TITLE="${PR_TITLE}"
          fi

          gh pr edit "$BRANCH_NAME" --title "${FINAL_PR_TITLE}" --body-file body.md --repo "$GITHUB_REPOSITORY"

      - name: open new pull request
        # Only run if there wasn't an existing PR
        if: steps.edit.outcome != 'success'
        env:
          # We have to use a Personal Access Token (PAT) here.
          # PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions
          # do not automatically trigger more workflows:
          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
          GITHUB_TOKEN: ${{ secrets.RUSTDOC_VERSION_ADDER_TOKEN }}
          NEXT_FORMAT: ${{inputs.next-format}}
        run: |
          set -euxo pipefail

          if [[ "$NEXT_FORMAT" != "" ]]; then
            # A format was explicitly selected, include it in the PR title.
            FINAL_PR_TITLE="${PR_TITLE} v${NEXT_FORMAT}"
          else
            FINAL_PR_TITLE="${PR_TITLE}"
          fi

          gh pr create --title "${FINAL_PR_TITLE}" --body-file body.md --repo "$GITHUB_REPOSITORY"

      - name: set PR to auto-merge
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh pr merge --squash --auto --delete-branch