Google Git
Sign in
pigweed/third_party/github/bazelbuild/rules_fuzzing/d43a2c126d7c071ea51227f1265d3ff14b038bed^!/.
commit
d43a2c126d7c071ea51227f1265d3ff14b038bed
[log]
author
Fabian Meumertzheim <fabian@meumertzhe.im>
Thu Jul 17 19:09:28 2025 +0200
committer
GitHub <noreply@github.com>
Thu Jul 17 19:09:28 2025 +0200
tree
7533a909bb83a892402655bdd43ba6ca2a1d069a
parent
84ce696ec742ac857b703e30af67c7ab4091d6a0 [diff]
Add BCR publishing workflow (#275)

Based on https://github.com/bazel-contrib/rules-template
diff --git a/.bcr/config.yml b/.bcr/config.yml
deleted file mode 100644
index 4225f4f..0000000
--- a/.bcr/config.yml
+++ /dev/null

@@ -1,3 +0,0 @@
-fixedReleaser:
-  login: fmeum
-  email: fabian@meumertzhe.im

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..708fc51
--- /dev/null
+++ b/.github/workflows/publish.yml

@@ -0,0 +1,36 @@
+name: Publish to BCR
+on:
+  # Run the publish workflow after a successful release
+  # Will be triggered from the release.yaml workflow
+  workflow_call:
+    inputs:
+      tag_name:
+        required: true
+        type: string
+    secrets:
+      publish_token:
+        required: true
+  # In case of problems, let release engineers retry by manually dispatching
+  # the workflow from the GitHub UI
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: git tag being released
+        required: true
+        type: string
+jobs:
+  publish:
+    uses: bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml@v0.2.2
+    with:
+      tag_name: ${{ inputs.tag_name }}
+      # GitHub repository which is a fork of the upstream where the Pull Request will be opened.
+      registry_fork: bazel-contrib/bazel-central-registry
+      draft: false
+    permissions:
+      attestations: write
+      contents: write
+      id-token: write
+    secrets:
+      # Necessary to push to the BCR fork, and to open a pull request against a registry
+      # Inherited from the bazel-contrib org
+      publish_token: ${{ secrets.publish_token || secrets.BCR_PUBLISH_TOKEN }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..1e8a55f
--- /dev/null
+++ b/.github/workflows/release.yml

@@ -0,0 +1,36 @@
+# Automatically perform a release whenever a new "release-like" tag is pushed to the repo.
+name: Release
+
+on:
+  # Can be triggered from the tag.yaml workflow
+  workflow_call:
+    inputs:
+      tag_name:
+        required: true
+        type: string
+    secrets:
+      publish_token:
+        required: true
+  # Or, developers can manually push a tag from their clone
+  push:
+    tags:
+      # Detect tags that look like a release.
+      - "v*.*.*"
+permissions:
+  id-token: write
+  attestations: write
+  contents: write
+jobs:
+  release:
+    uses: bazel-contrib/.github/.github/workflows/release_ruleset.yaml@v7.2.2
+    with:
+      prerelease: false
+      release_files: rules_fuzzing-*.tar.gz
+      tag_name: ${{ inputs.tag_name || github.ref_name }}
+  publish:
+    needs: release
+    uses: ./.github/workflows/publish.yml
+    with:
+      tag_name: ${{ inputs.tag_name || github.ref_name }}
+    secrets:
+      publish_token: ${{ secrets.publish_token || secrets.BCR_PUBLISH_TOKEN }}

diff --git a/.github/workflows/release_prep.sh b/.github/workflows/release_prep.sh
new file mode 100755
index 0000000..a149fed
--- /dev/null
+++ b/.github/workflows/release_prep.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o pipefail
+
+# Set by GH actions, see
+# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+readonly TAG=$1
+# The prefix is chosen to match what GitHub generates for source archives.
+# This guarantees that users can easily switch from a released artifact to a source archive
+# with minimal differences in their code (e.g. strip_prefix remains the same)
+readonly PREFIX="rules_fuzzing-${TAG}"
+readonly ARCHIVE="${PREFIX}.tar.gz"
+
+# NB: configuration for 'git archive' is in /.gitattributes
+git archive --format=tar --prefix=${PREFIX}/ ${TAG} | gzip > $ARCHIVE
+SHA=$(shasum -a 256 $ARCHIVE | awk '{print $1}')
+
+# The stdout of this program will be used as the top of the release notes for this release.
+cat << EOF
+## Using MODULE.bazel:
+
+\`\`\`starlark
+bazel_dep(name = "rules_fuzzing", version = "${VERSION}")
+\`\`\`
+
+## Using WORKSPACE:
+
+\`\`\`starlark
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+    name = "rules_fuzzing",
+    sha256 = "${SHA}",
+    strip_prefix = "${PREFIX}",
+    url = "https://github.com/bazelbuild/rules_fuzzing/releases/download/${TAG}/${ARCHIVE}",
+)
+
+load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies")
+
+rules_fuzzing_dependencies()
+
+load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init")
+
+rules_fuzzing_init()
+
+load("@fuzzing_py_deps//:requirements.bzl", "install_deps")
+
+install_deps()
+\`\`\`
+EOF