Smithy4s

.github/workflows/ci.yml

@@ -9,60 +9,79 @@ name: Continuous Integration
 
 on:
   pull_request:
-    branches: ['**']
+    branches: ['**', '!update/**', '!pr/**']
   push:
-    branches: ['**']
+    branches: ['**', '!update/**', '!pr/**']
     tags: [v*]
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+
+concurrency:
+  group: ${{ github.workflow }} @ ${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build:
     name: Build and Test
     strategy:
       matrix:
         os: [ubuntu-latest]
-        scala: [2.13.14, 2.12.20]
-        java: [temurin@8, temurin@11]
+        scala: [2.13, 3]
+        java: [temurin@8]
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
     steps:
+      - name: Install sbt
+        if: contains(runner.os, 'macos')
+        run: brew install sbt
+
       - name: Checkout current branch (full)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Java (temurin@8)
+        id: setup-java-temurin-8
         if: matrix.java == 'temurin@8'
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 8
           cache: sbt
 
-      - name: Setup Java (temurin@11)
-        if: matrix.java == 'temurin@11'
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 11
-          cache: sbt
-
-      - name: Setup sbt
-        uses: sbt/setup-sbt@v1
+      - name: sbt update
+        if: matrix.java == 'temurin@8' && steps.setup-java-temurin-8.outputs.cache-hit == 'false'
+        run: sbt +update
 
       - name: Check that workflows are up to date
-        run: sbt '++ ${{ matrix.scala }}' githubWorkflowCheck
+        run: sbt githubWorkflowCheck
+
+      - name: Test
+        run: sbt '++ ${{ matrix.scala }}' test
+
+      - name: Check binary compatibility
+        if: matrix.java == 'temurin@8' && matrix.os == 'ubuntu-latest'
+        run: sbt '++ ${{ matrix.scala }}' mimaReportBinaryIssues
+
+      - name: Generate API documentation
+        if: matrix.java == 'temurin@8' && matrix.os == 'ubuntu-latest'
+        run: sbt '++ ${{ matrix.scala }}' doc
 
-      - run: sbt '++ ${{ matrix.scala }}' test doc
+      - name: Make target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v'))
+        run: mkdir -p target project/target
 
       - name: Compress target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v'))
         run: tar cf targets.tar target project/target
 
       - name: Upload target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v'))
         uses: actions/upload-artifact@v4
         with:
-          name: target-${{ matrix.os }}-${{ matrix.scala }}-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-${{ matrix.scala }}
           path: targets.tar
 
   publish:
@@ -72,57 +91,107 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        scala: [2.13.14]
         java: [temurin@8]
     runs-on: ${{ matrix.os }}
     steps:
+      - name: Install sbt
+        if: contains(runner.os, 'macos')
+        run: brew install sbt
+
       - name: Checkout current branch (full)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Java (temurin@8)
+        id: setup-java-temurin-8
         if: matrix.java == 'temurin@8'
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 8
           cache: sbt
 
-      - name: Setup Java (temurin@11)
-        if: matrix.java == 'temurin@11'
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 11
-          cache: sbt
-
-      - name: Setup sbt
-        uses: sbt/setup-sbt@v1
+      - name: sbt update
+        if: matrix.java == 'temurin@8' && steps.setup-java-temurin-8.outputs.cache-hit == 'false'
+        run: sbt +update
 
-      - name: Download target directories (2.13.14)
+      - name: Download target directories (2.13)
         uses: actions/download-artifact@v4
         with:
-          name: target-${{ matrix.os }}-2.13.14-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-2.13
 
-      - name: Inflate target directories (2.13.14)
+      - name: Inflate target directories (2.13)
         run: |
           tar xf targets.tar
           rm targets.tar
 
-      - name: Download target directories (2.12.20)
+      - name: Download target directories (3)
         uses: actions/download-artifact@v4
         with:
-          name: target-${{ matrix.os }}-2.12.20-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-3
 
-      - name: Inflate target directories (2.12.20)
+      - name: Inflate target directories (3)
         run: |
           tar xf targets.tar
           rm targets.tar
 
-      - env:
+      - name: Import signing key
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == ''
+        env:
+          PGP_SECRET: ${{ secrets.PGP_SECRET }}
           PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+        run: echo $PGP_SECRET | base64 -d -i - | gpg --import
+
+      - name: Import signing key and strip passphrase
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE != ''
+        env:
           PGP_SECRET: ${{ secrets.PGP_SECRET }}
-          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+        run: |
+          echo "$PGP_SECRET" | base64 -d -i - > /tmp/signing-key.gpg
+          echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg
+          (echo "$PGP_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1)
+
+      - name: Publish
+        env:
           SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
-        run: sbt ci-release
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SONATYPE_CREDENTIAL_HOST: ${{ secrets.SONATYPE_CREDENTIAL_HOST }}
+        run: sbt tlCiRelease
+
+  dependency-submission:
+    name: Submit Dependencies
+    if: github.event.repository.fork == false && github.event_name != 'pull_request'
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        java: [temurin@8]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Install sbt
+        if: contains(runner.os, 'macos')
+        run: brew install sbt
+
+      - name: Checkout current branch (full)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Java (temurin@8)
+        id: setup-java-temurin-8
+        if: matrix.java == 'temurin@8'
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+          cache: sbt
+
+      - name: sbt update
+        if: matrix.java == 'temurin@8' && steps.setup-java-temurin-8.outputs.cache-hit == 'false'
+        run: sbt +update
+
+      - name: Submit Dependencies
+        uses: scalacenter/sbt-dependency-submission@v2
+        with:
+          configs-ignore: test scala-tool scala-doc-tool test-internal

.github/workflows/clean.yml

@@ -17,7 +17,6 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Delete artifacts
-        shell: bash {0}
         run: |
           # Customize those three lines with your repository and credentials:
           REPO=${GITHUB_API_URL}/repos/${{ github.repository }}
@@ -26,7 +25,7 @@ jobs:
           ghapi() { curl --silent --location --user _:$GITHUB_TOKEN "$@"; }
 
           # A temporary file which receives HTTP response headers.
-          TMPFILE=$(mktemp)
+          TMPFILE=/tmp/tmp.$$
 
           # An associative array, key: artifact name, value: number of artifacts of that name.
           declare -A ARTCOUNT

.mergify.yml

@@ -1,33 +1,16 @@
-queue_rules:
-  - name: default
-    conditions:
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@11)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@11)
+# This file was automatically generated by sbt-typelevel-mergify using the
+# mergifyGenerate task. You should add and commit this file to
+# your git repository. It goes without saying that you shouldn't edit
+# this file by hand! Instead, if you wish to make changes, you should
+# change your sbt build configuration to revise the mergify configuration
+# to meet your needs, then regenerate this file.
 
 pull_request_rules:
-  - name: assign and label scala-steward's PRs
-    conditions:
-      - author=dwolla-oss-scala-steward[bot]
-    actions:
-      label:
-        add: [dependency-update]
-  - name: automatic update pull requests
-    conditions:
-      - author=dwolla-oss-scala-steward[bot]
-      - -conflict # skip PRs with conflicts
-      - -draft # filter-out GH draft PRs
-    actions:
-      update:
-  - name: merge scala-steward's PRs
-    conditions:
-      - author=dwolla-oss-scala-steward[bot]
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@11)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@11)
-    actions:
-      queue:
-        method: squash
-        name: default
+- name: merge scala-steward's PRs
+  conditions:
+  - author=scala-steward
+  - body~=labels:.*early-semver-patch
+  - status-success=Build and Test (ubuntu-latest, 2.13, temurin@8)
+  - status-success=Build and Test (ubuntu-latest, 3, temurin@8)
+  actions:
+    merge: {}

README.md

@@ -3,7 +3,7 @@
 ![Dwolla/scala-secure-config CI](https://github.com/Dwolla/scala-secure-config/actions/workflows/ci.yml/badge.svg)
 [![license](https://img.shields.io/github/license/Dwolla/scala-secure-config.svg?style=flat-square)](https://github.com/Dwolla/scala-secure-config/blob/master/LICENSE)
 
-Tagged type and [PureConfig](https://pureconfig.github.io) [ConfigReader](https://github.com/pureconfig/pureconfig/blob/master/core/src/main/scala/pureconfig/ConfigReader.scala) for automatically decrypting encrypted config values in TypeSafe Config files.
+ [PureConfig](https://pureconfig.github.io) [ConfigReader](https://github.com/pureconfig/pureconfig/blob/master/core/src/main/scala/pureconfig/ConfigReader.scala) for automatically decrypting encrypted config values using AWS KMS.
 
 ## Artifacts
 

build.sbt

@@ -1,49 +1,38 @@
-inThisBuild(List(
-  organization := "com.dwolla",
-  description := "Adds support for decrypting values in TypeSafe Config files",
-  homepage := Some(url("https://github.com/Dwolla/scala-secure-config")),
-  licenses += ("MIT", url("http://opensource.org/licenses/MIT")),
-  developers := List(
-    Developer(
-      "bpholt",
-      "Brian Holt",
-      "[email protected]",
-      url("https://dwolla.com")
-    ),
+ThisBuild / organization := "com.dwolla"
+ThisBuild / description := "Adds support for decrypting values in TypeSafe Config files"
+ThisBuild / homepage := Some(url("https://github.com/Dwolla/scala-secure-config"))
+ThisBuild / licenses += ("MIT", url("http://opensource.org/licenses/MIT"))
+ThisBuild / developers := List(
+  Developer(
+    "bpholt",
+    "Brian Holt",
+    "[email protected]",
+    url("https://dwolla.com")
   ),
-  crossScalaVersions := Seq("2.13.14", "2.12.20"),
-  scalaVersion := crossScalaVersions.value.head,
-  startYear := Option(2018),
-  addCompilerPlugin("org.typelevel" %% "kind-projector" % "0.13.3" cross CrossVersion.full),
-  addCompilerPlugin("com.olegpy" %% "better-monadic-for" % "0.3.1"),
-
-  githubWorkflowBuild := Seq(WorkflowStep.Sbt(List("test", "doc"))),
-  githubWorkflowJavaVersions := Seq(JavaSpec.temurin("8"), JavaSpec.temurin("11")),
-  githubWorkflowTargetTags ++= Seq("v*"),
-  githubWorkflowPublishTargetBranches :=
-    Seq(RefPredicate.StartsWith(Ref.Tag("v"))),
-  githubWorkflowPublish := Seq(
-    WorkflowStep.Sbt(
-      List("ci-release"),
-      env = Map(
-        "PGP_PASSPHRASE" -> "${{ secrets.PGP_PASSPHRASE }}",
-        "PGP_SECRET" -> "${{ secrets.PGP_SECRET }}",
-        "SONATYPE_PASSWORD" -> "${{ secrets.SONATYPE_PASSWORD }}",
-        "SONATYPE_USERNAME" -> "${{ secrets.SONATYPE_USERNAME }}"
-      )
-    )
-  ),
-))
+)
+ThisBuild / crossScalaVersions := Seq(
+  "2.13.14",
+  "3.3.3",
+)
+ThisBuild / scalaVersion := crossScalaVersions.value.head
+ThisBuild / startYear := Option(2018)
+ThisBuild / tlBaseVersion := "0.4"
+ThisBuild / tlJdkRelease := Some(8)
 
 lazy val `secure-config` = (project in file("."))
   .settings(
     libraryDependencies ++= {
       Seq(
-        "com.github.pureconfig" %% "pureconfig-cats-effect",
-      ).map(_ % "0.17.1") ++
-      Seq(
-        "com.chuusai" %% "shapeless" % "2.3.12",
-        "com.dwolla" %% "fs2-aws-java-sdk2" % "3.0.0-RC2",
+        "com.github.pureconfig" %% "pureconfig-cats-effect" % "0.17.4",
+        "io.monix" %% "newtypes-core" % "0.3.0",
+        "com.disneystreaming.smithy4s" %% "smithy4s-http4s" % smithy4sVersion.value,
+        "com.disneystreaming.smithy4s" %% "smithy4s-aws-http4s" % smithy4sVersion.value,
+        "org.typelevel" %% "mouse" % "1.3.1",
       )
     },
+    smithy4sAwsSpecs ++= Seq(AWS.kms), // TODO can we put this into its own package to avoid clashing with generated code downstream?
+    scalacOptions += "-Wconf:src=src_managed/.*:s",
+  )
+  .enablePlugins(
+    Smithy4sCodegenPlugin,
   )

project/plugins.sbt

@@ -1,3 +1,4 @@
-addSbtPlugin("com.github.sbt" % "sbt-ci-release" % "1.6.1")
-addSbtPlugin("org.typelevel" % "sbt-tpolecat" % "0.5.2")
-addSbtPlugin("com.github.sbt" % "sbt-github-actions" % "0.24.0")
+addSbtPlugin("org.typelevel" % "sbt-typelevel-ci-release" % "0.7.3")
+addSbtPlugin("org.typelevel" % "sbt-typelevel-settings" % "0.7.3")
+addSbtPlugin("org.typelevel" % "sbt-typelevel-mergify" % "0.7.3")
+addSbtPlugin("com.disneystreaming.smithy4s" % "smithy4s-sbt-codegen" % "0.18.24")