Smithy4s

.github/workflows/ci.yml

@@ -9,60 +9,70 @@ name: Continuous Integration
 
 on:
   pull_request:
-    branches: ['**']
+    branches: ['**', '!update/**', '!pr/**']
   push:
-    branches: ['**']
+    branches: ['**', '!update/**', '!pr/**']
     tags: [v*]
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+
+concurrency:
+  group: ${{ github.workflow }} @ ${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build:
     name: Build and Test
     strategy:
       matrix:
         os: [ubuntu-latest]
-        scala: [2.13.14, 2.12.20]
-        java: [temurin@8, temurin@11]
+        scala: [2.13, 3]
+        java: [temurin@8]
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
     steps:
+      - name: Install sbt
+        if: contains(runner.os, 'macos')
+        run: brew install sbt
+
       - name: Checkout current branch (full)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Java (temurin@8)
+        id: setup-java-temurin-8
         if: matrix.java == 'temurin@8'
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 8
           cache: sbt
 
-      - name: Setup Java (temurin@11)
-        if: matrix.java == 'temurin@11'
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 11
-          cache: sbt
-
-      - name: Setup sbt
-        uses: sbt/setup-sbt@v1
+      - name: sbt update
+        if: matrix.java == 'temurin@8' && steps.setup-java-temurin-8.outputs.cache-hit == 'false'
+        run: sbt +update
 
       - name: Check that workflows are up to date
-        run: sbt '++ ${{ matrix.scala }}' githubWorkflowCheck
+        run: sbt githubWorkflowCheck
 
-      - run: sbt '++ ${{ matrix.scala }}' test doc
+      - run: sbt '++ ${{ matrix.scala }}' compile test
+
+      - name: Make target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v'))
+        run: mkdir -p target scalafix/rules/target project/target
 
       - name: Compress target directories
-        run: tar cf targets.tar target project/target
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v'))
+        run: tar cf targets.tar target scalafix/rules/target project/target
 
       - name: Upload target directories
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v'))
         uses: actions/upload-artifact@v4
         with:
-          name: target-${{ matrix.os }}-${{ matrix.scala }}-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-${{ matrix.scala }}
           path: targets.tar
 
   publish:
@@ -72,57 +82,108 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        scala: [2.13.14]
         java: [temurin@8]
     runs-on: ${{ matrix.os }}
     steps:
+      - name: Install sbt
+        if: contains(runner.os, 'macos')
+        run: brew install sbt
+
       - name: Checkout current branch (full)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Java (temurin@8)
+        id: setup-java-temurin-8
         if: matrix.java == 'temurin@8'
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 8
           cache: sbt
 
-      - name: Setup Java (temurin@11)
-        if: matrix.java == 'temurin@11'
-        uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 11
-          cache: sbt
+      - name: sbt update
+        if: matrix.java == 'temurin@8' && steps.setup-java-temurin-8.outputs.cache-hit == 'false'
+        run: sbt +update
 
-      - name: Setup sbt
-        uses: sbt/setup-sbt@v1
-
-      - name: Download target directories (2.13.14)
+      - name: Download target directories (2.13)
         uses: actions/download-artifact@v4
         with:
-          name: target-${{ matrix.os }}-2.13.14-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-2.13
 
-      - name: Inflate target directories (2.13.14)
+      - name: Inflate target directories (2.13)
         run: |
           tar xf targets.tar
           rm targets.tar
 
-      - name: Download target directories (2.12.20)
+      - name: Download target directories (3)
         uses: actions/download-artifact@v4
         with:
-          name: target-${{ matrix.os }}-2.12.20-${{ matrix.java }}
+          name: target-${{ matrix.os }}-${{ matrix.java }}-3
 
-      - name: Inflate target directories (2.12.20)
+      - name: Inflate target directories (3)
         run: |
           tar xf targets.tar
           rm targets.tar
 
-      - env:
+      - name: Import signing key
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == ''
+        env:
+          PGP_SECRET: ${{ secrets.PGP_SECRET }}
           PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+        run: echo $PGP_SECRET | base64 -d -i - | gpg --import
+
+      - name: Import signing key and strip passphrase
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE != ''
+        env:
           PGP_SECRET: ${{ secrets.PGP_SECRET }}
-          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+        run: |
+          echo "$PGP_SECRET" | base64 -d -i - > /tmp/signing-key.gpg
+          echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg
+          (echo "$PGP_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1)
+
+      - name: Publish
+        env:
           SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
-        run: sbt ci-release
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SONATYPE_CREDENTIAL_HOST: ${{ secrets.SONATYPE_CREDENTIAL_HOST }}
+        run: sbt tlCiRelease
+
+  dependency-submission:
+    name: Submit Dependencies
+    if: github.event.repository.fork == false && github.event_name != 'pull_request'
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        java: [temurin@8]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Install sbt
+        if: contains(runner.os, 'macos')
+        run: brew install sbt
+
+      - name: Checkout current branch (full)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Java (temurin@8)
+        id: setup-java-temurin-8
+        if: matrix.java == 'temurin@8'
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 8
+          cache: sbt
+
+      - name: sbt update
+        if: matrix.java == 'temurin@8' && steps.setup-java-temurin-8.outputs.cache-hit == 'false'
+        run: sbt +update
+
+      - name: Submit Dependencies
+        uses: scalacenter/sbt-dependency-submission@v2
+        with:
+          modules-ignore: smithy4s-preprocessors_2.12
+          configs-ignore: test scala-tool scala-doc-tool test-internal

.github/workflows/clean.yml

@@ -17,7 +17,6 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Delete artifacts
-        shell: bash {0}
         run: |
           # Customize those three lines with your repository and credentials:
           REPO=${GITHUB_API_URL}/repos/${{ github.repository }}
@@ -26,7 +25,7 @@ jobs:
           ghapi() { curl --silent --location --user _:$GITHUB_TOKEN "$@"; }
 
           # A temporary file which receives HTTP response headers.
-          TMPFILE=$(mktemp)
+          TMPFILE=/tmp/tmp.$$
 
           # An associative array, key: artifact name, value: number of artifacts of that name.
           declare -A ARTCOUNT

.mergify.yml

@@ -1,33 +1,32 @@
-queue_rules:
-  - name: default
-    conditions:
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@11)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@11)
+# This file was automatically generated by sbt-typelevel-mergify using the
+# mergifyGenerate task. You should add and commit this file to
+# your git repository. It goes without saying that you shouldn't edit
+# this file by hand! Instead, if you wish to make changes, you should
+# change your sbt build configuration to revise the mergify configuration
+# to meet your needs, then regenerate this file.
 
 pull_request_rules:
-  - name: assign and label scala-steward's PRs
-    conditions:
-      - author=dwolla-oss-scala-steward[bot]
-    actions:
-      label:
-        add: [dependency-update]
-  - name: automatic update pull requests
-    conditions:
-      - author=dwolla-oss-scala-steward[bot]
-      - -conflict # skip PRs with conflicts
-      - -draft # filter-out GH draft PRs
-    actions:
-      update:
-  - name: merge scala-steward's PRs
-    conditions:
-      - author=dwolla-oss-scala-steward[bot]
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.13.10, temurin@11)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@8)
-      - status-success=Build and Test (ubuntu-latest, 2.12.17, temurin@11)
-    actions:
-      queue:
-        method: squash
-        name: default
+- name: merge scala-steward's PRs
+  conditions:
+  - author=scala-steward
+  - body~=labels:.*early-semver-patch
+  - status-success=Build and Test (ubuntu-latest, 2.13, temurin@8)
+  - status-success=Build and Test (ubuntu-latest, 3, temurin@8)
+  actions:
+    merge: {}
+- name: Label rules PRs
+  conditions:
+  - files~=^scalafix/rules/
+  actions:
+    label:
+      add:
+      - rules
+      remove: []
+- name: Label smithy4s-preprocessors PRs
+  conditions:
+  - files~=^smithy4s-preprocessors/
+  actions:
+    label:
+      add:
+      - smithy4s-preprocessors
+      remove: []

.scalafix.conf

@@ -0,0 +1 @@
+triggered.rules = [ com.dwolla.scalafix.smithy4s.PrivatizeGeneratedCode ]

README.md

@@ -3,7 +3,7 @@
 ![Dwolla/scala-secure-config CI](https://github.com/Dwolla/scala-secure-config/actions/workflows/ci.yml/badge.svg)
 [![license](https://img.shields.io/github/license/Dwolla/scala-secure-config.svg?style=flat-square)](https://github.com/Dwolla/scala-secure-config/blob/master/LICENSE)
 
-Tagged type and [PureConfig](https://pureconfig.github.io) [ConfigReader](https://github.com/pureconfig/pureconfig/blob/master/core/src/main/scala/pureconfig/ConfigReader.scala) for automatically decrypting encrypted config values in TypeSafe Config files.
+ [PureConfig](https://pureconfig.github.io) [ConfigReader](https://github.com/pureconfig/pureconfig/blob/master/core/src/main/scala/pureconfig/ConfigReader.scala) for automatically decrypting encrypted config values using AWS KMS.
 
 ## Artifacts