typelevel · armanbilge · Jun 22, 2022 · Jun 22, 2022 · Jun 22, 2022 · Jun 22, 2022
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -205,12 +205,12 @@ jobs:
       - name: Make target directories
         if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
         shell: bash
-        run: mkdir -p github/target github-actions/target kernel/target versioning/target ci-release/target scalafix/target site/target ci-signing/target mergify/target unidoc/target mima/target no-publish/target sonatype/target ci/target sonatype-ci-release/target core/target settings/target project/target
+        run: mkdir -p github/target github-actions/target kernel/target versioning/target ci-release/target scalafix/target site/target ci-signing/target mergify/target unidoc/target mima/target site-ci-release/target no-publish/target sonatype/target ci/target sonatype-ci-release/target core/target settings/target project/target
 
       - name: Compress target directories
         if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
         shell: bash
-        run: tar cf targets.tar github/target github-actions/target kernel/target versioning/target ci-release/target scalafix/target site/target ci-signing/target mergify/target unidoc/target mima/target no-publish/target sonatype/target ci/target sonatype-ci-release/target core/target settings/target project/target
+        run: tar cf targets.tar github/target github-actions/target kernel/target versioning/target ci-release/target scalafix/target site/target ci-signing/target mergify/target unidoc/target mima/target site-ci-release/target no-publish/target sonatype/target ci/target sonatype-ci-release/target core/target settings/target project/target
 
       - name: Upload target directories
         if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
@@ -221,7 +221,7 @@ jobs:
 
   publish:
     name: Publish Artifacts
-    needs: [build]
+    needs: [build, site]
     if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
     strategy:
       matrix:
@@ -340,6 +340,16 @@ jobs:
           tar xf targets.tar
           rm targets.tar
 
+      - name: Download target directories (site)
+        uses: actions/download-artifact@v3
+        with:
+          name: site
+
+      - name: Inflate target directories (site)
+        run: |
+          tar xf targets.tar
+          rm targets.tar
+
       - name: Import signing key
         if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == ''
         env:
@@ -476,7 +486,7 @@ jobs:
       - name: Submit Dependencies
         uses: scalacenter/sbt-dependency-submission@v2
         with:
-          modules-ignore: sbt-typelevelJVM docs sbt-typelevelNative sbt-typelevel sbt-typelevelJS
+          modules-ignore: sbt-typelevelJVM sbt-typelevelNative sbt-typelevel sbt-typelevelJS docs
           configs-ignore: test scala-tool scala-doc-tool
 
   validate-steward:
@@ -613,3 +623,40 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: mdocs/target/docs/site
           keep_files: true
+
+      - name: Import signing key
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == ''
+        env:
+          PGP_SECRET: ${{ secrets.PGP_SECRET }}
+          PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+        run: echo $PGP_SECRET | base64 -di | gpg --import
+
+      - name: Import signing key and strip passphrase
+        if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE != ''
+        env:
+          PGP_SECRET: ${{ secrets.PGP_SECRET }}
+          PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
+        run: |
+          echo "$PGP_SECRET" | base64 -di > /tmp/signing-key.gpg
+          echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg
+          (echo "$PGP_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1)
+
+      - name: Publish site to sonatype
+        if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main')
+        env:
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          SONATYPE_CREDENTIAL_HOST: ${{ secrets.SONATYPE_CREDENTIAL_HOST }}
+        run: sbt docs/publish
+
+      - name: Make target directories
+        run: mkdir -p target
+
+      - name: Compress target directories
+        run: tar cf targets.tar target
+
+      - name: Upload target directories
+        uses: actions/upload-artifact@v3
+        with:
+          name: site
+          path: targets.tar
diff --git a/.mergify.yml b/.mergify.yml
@@ -146,6 +146,14 @@ pull_request_rules:
       add:
       - site
       remove: []
+- name: Label site-ci-release PRs
+  conditions:
+  - files~=^site-ci-release/
+  actions:
+    label:
+      add:
+      - site-ci-release
+      remove: []
 - name: Label sonatype PRs
   conditions:
   - files~=^sonatype/

diff --git a/build.sbt b/build.sbt
@@ -61,11 +61,11 @@ lazy val `sbt-typelevel` = tlCrossRootProject.aggregate(
   ciSigning,
   sonatypeCiRelease,
   ci,
-  core,
   ciRelease,
   site,
-  unidoc,
-  docs
+  siteCiRelease,
+  core,
+  unidoc
 )
 
 lazy val kernel = project
@@ -187,6 +187,22 @@ lazy val ciRelease = project
     ciSigning
   )
 
+lazy val site = project
+  .in(file("site"))
+  .enablePlugins(SbtPlugin)
+  .settings(
+    name := "sbt-typelevel-site"
+  )
+  .dependsOn(kernel, github, githubActions, noPublish)
+
+lazy val siteCiRelease = project
+  .in(file("site-ci-release"))
+  .enablePlugins(SbtPlugin)
+  .settings(
+    name := "sbt-typelevel-site-ci-release"
+  )
+  .dependsOn(site, sonatypeCiRelease, ciSigning)
+
 lazy val core = project
   .in(file("core"))
   .enablePlugins(SbtPlugin)
@@ -195,17 +211,10 @@ lazy val core = project
   )
   .dependsOn(
     ciRelease,
-    settings
+    settings,
+    siteCiRelease
   )
 
-lazy val site = project
-  .in(file("site"))
-  .enablePlugins(SbtPlugin)
-  .settings(
-    name := "sbt-typelevel-site"
-  )
-  .dependsOn(kernel, github, githubActions, noPublish)
-
 lazy val unidoc = project
   .in(file("unidoc"))
   .enablePlugins(TypelevelUnidocPlugin)
@@ -217,6 +226,7 @@ lazy val docs = project
   .in(file("mdocs"))
   .enablePlugins(TypelevelSitePlugin)
   .settings(
+    name := "sbt-typelevel-website",
     laikaConfig ~= { _.withRawContent },
     tlSiteApiPackage := Some("org.typelevel.sbt"),
     tlSiteHelium ~= {

diff --git a/ci-signing/src/main/scala/org/typelevel/sbt/TypelevelCiSigningPlugin.scala b/ci-signing/src/main/scala/org/typelevel/sbt/TypelevelCiSigningPlugin.scala
@@ -26,12 +26,18 @@ import Keys._
 
 object TypelevelCiSigningPlugin extends AutoPlugin {
 
+  object autoImport {
+    lazy val tlCiSigningImportKey = settingKey[Seq[WorkflowStep]]("Steps to import the PGP key")
+  }
+
+  import autoImport._
+
   override def requires = SbtGpg && GitHubActionsPlugin && GenerativePlugin
 
   override def trigger = allRequirements
 
   override def buildSettings = Seq(
-    githubWorkflowPublishPreamble := Seq(
+    tlCiSigningImportKey := Seq(
       WorkflowStep.Run( // if your key is not passphrase-protected
         List("echo $PGP_SECRET | base64 -di | gpg --import"),
         name = Some("Import signing key"),
@@ -48,7 +54,8 @@ object TypelevelCiSigningPlugin extends AutoPlugin {
         cond = Some("env.PGP_SECRET != '' && env.PGP_PASSPHRASE != ''"),
         env = env
       )
-    )
+    ),
+    githubWorkflowPublishPreamble := tlCiSigningImportKey.value
   )
 
   import SbtGpg.autoImport._

diff --git a/ci/src/main/scala/org/typelevel/sbt/TypelevelCiPlugin.scala b/ci/src/main/scala/org/typelevel/sbt/TypelevelCiPlugin.scala
@@ -46,6 +46,9 @@ object TypelevelCiPlugin extends AutoPlugin {
 
     lazy val tlCiDependencyGraphJob =
       settingKey[Boolean]("Whether to add a job to submit dependencies to GH (default: true)")
+    lazy val tlCiDependencyIgnoreModules =
+      settingKey[Seq[ProjectRef]](
+        "Modules to ignore in dependency submission job (default: no-publish modules)")
 
     lazy val tlCiStewardValidateConfig = settingKey[Option[File]](
       "The location of the Scala Steward config to validate (default: `.scala-steward.conf`, if exists)")
@@ -61,6 +64,7 @@ object TypelevelCiPlugin extends AutoPlugin {
     tlCiMimaBinaryIssueCheck := false,
     tlCiDocCheck := false,
     tlCiDependencyGraphJob := true,
+    tlCiDependencyIgnoreModules := noPublishProjectRefs.value,
     githubWorkflowTargetBranches ++= Seq(
       "!update/**", // ignore steward branches
       "!pr/**" // escape-hatch to disable ci on a branch
@@ -148,7 +152,7 @@ object TypelevelCiPlugin extends AutoPlugin {
               steps = githubWorkflowJobSetup.value.toList :+
                 WorkflowStep.DependencySubmission(
                   None,
-                  Some(noPublishProjectRefs.value.toList.map(_.project)),
+                  Some(tlCiDependencyIgnoreModules.value.toList.map(_.project)),
                   Some(List("test", "scala-tool", "scala-doc-tool")),
                   None
                 ),

diff --git a/docs/customization.md b/docs/customization.md
@@ -54,7 +54,8 @@ Instead of using the super-plugins, for finer-grained control you can always add
 - `tlCiScalafixCheck` (setting): Whether to do scalafix check in CI (default: `false`).
 - `tlCiMimaBinaryIssueCheck` (setting): Whether to do MiMa binary issues check in CI (default: `false`).
 - `tlCiDocCheck` (setting): Whether to build API docs in CI (default: `false`).
-- `tlCiDependencyGraphJob` (setting): Whether to add a job to submit dependencies to GH (default: `true`)
+- `tlCiDependencyGraphJob` (setting): Whether to add a job to submit dependencies to GH (default: `true`).
+- `tlCiDependencyIgnoreModules` (setting): "Modules to ignore in dependency submission job (default: no-publish modules).
 - `tlCiStewardValidateConfig` (setting): The location of the Scala Steward config to validate (default: `.scala-steward.conf`, if exists).
 - `tlCrossRootProject` (method): helper to create a `root` project that can aggregate both `Project`s and `CrossProject`s. Automatically creates separate jobs in the CI matrix for each platform (JVM, JS, etc.).
 

diff --git a/github-actions/src/main/scala/org/typelevel/sbt/gha/GenerativeKeys.scala b/github-actions/src/main/scala/org/typelevel/sbt/gha/GenerativeKeys.scala
@@ -76,6 +76,8 @@ trait GenerativeKeys {
     "A set of branch predicates which will be applied to determine whether the current branch gets a publication stage; if empty, publish will be skipped entirely (default: [== main])")
   lazy val githubWorkflowPublishCond = settingKey[Option[String]](
     "A set of conditionals to apply to the publish job to further restrict its run (default: [])")
+  lazy val githubWorkflowPublishNeeds =
+    settingKey[Set[String]]("A set of job IDs the publish job needs (default: {build})")
   lazy val githubWorkflowPublishTimeoutMinutes = settingKey[Option[Int]](
     "The maximum number of minutes to let the publish job run before GitHub automatically cancels it (default: None)")
 
@@ -99,6 +101,8 @@ trait GenerativeKeys {
 
   lazy val githubWorkflowArtifactUpload = settingKey[Boolean](
     "Controls whether or not to upload target directories in the event that multiple jobs are running sequentially. Can be set on a per-project basis (default: true)")
+  lazy val githubWorkflowArtifactDownloadExtraArtifacts =
+    settingKey[Set[String]]("Additional artifacts which should be downloaded (default: {})")
   lazy val githubWorkflowArtifactDownloadExtraKeys = settingKey[Set[String]](
     "Additional matrix keys for which *all* artifacts should be downloaded and not just for the primary value (default: {})")
   lazy val githubWorkflowJobSetup = settingKey[Seq[WorkflowStep]](