diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d5bf185..cffab56 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,84 +1,160 @@ -name: Deploy +name: Release on: + workflow_dispatch: push: tags: - - "v[0-9]+.[0-9]+.[0-9]+" - -permissions: - contents: write + - 'v[0-9]+.[0-9]+.[0-9]+' jobs: - build-and-upload: - name: Build and upload - runs-on: ${{ matrix.os }} - + build: strategy: matrix: + name: + # - linux-x86-64-gnu + # - linux-x86-64-musl + - linux-armhf-gnu + - linux-arm64-gnu + - mac-x86-64 + - mac-arm64 include: - - build: linux - os: ubuntu-latest - target: x86_64-unknown-linux-gnu + # - name: linux-x86-64-gnu + # os: ubuntu-20.04 + # target: x86_64-unknown-linux-gnu + # cross: false + # experimental: false + + # - name: linux-x86-64-musl + # os: ubuntu-latest + # target: x86_64-unknown-linux-musl + # cross: true + # experimental: false + + - name: linux-armhf-gnu + os: ubuntu-20.04 + target: armv7-unknown-linux-gnueabihf + cross: true + experimental: false + + - name: linux-arm64-gnu + os: ubuntu-20.04 + target: aarch64-unknown-linux-gnu + cross: true + experimental: false + + - name: mac-x86-64 + os: macos-latest + target: x86_64-apple-darwin + cross: false + experimental: false - - build: macos - os: macos-latest - target: x86_64-apple-darwin + - name: mac-arm64 + os: macos-11.0 + target: aarch64-apple-darwin + cross: true + experimental: true - - build: windows-gnu - os: windows-latest - target: x86_64-pc-windows-gnu + name: Binaries for ${{ matrix.name }} + runs-on: ${{ matrix.os }} + continue-on-error: ${{ matrix.experimental }} steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Get the release version from the tag - shell: bash - run: echo "VERSION=${GITHUB_REF#refs/tags/}}" >> $GITHUB_ENV - - - name: Install development packages of OpenSSL - shell: bash - run: | - if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then - sudo apt install -y libssl-dev - fi - - - name: Install Rust - uses: dtolnay/rust-toolchain@stable - with: - targets: ${{ matrix.target }} - - - name: Build - uses: actions-rs/cargo@v1 - with: - use-cross: true - command: build - args: --verbose --release --target ${{ matrix.target }} - - - name: Build archive - shell: bash - run: | - # Replace with the name of your binary - binary_name="keyweave" - - dirname="$binary_name-${{ env.VERSION }}-${{ matrix.target }}" - mkdir "$dirname" - if [ "${{ matrix.os }}" = "windows-latest" ]; then - mv "target/${{ matrix.target }}/release/$binary_name.exe" "$dirname" - else - mv "target/${{ matrix.target }}/release/$binary_name" "$dirname" - fi - - if [ "${{ matrix.os }}" = "windows-latest" ]; then - 7z a "$dirname.zip" "$dirname" - echo "ASSET=$dirname.zip" >> $GITHUB_ENV - else - tar -czf "$dirname.tar.gz" "$dirname" - echo "ASSET=$dirname.tar.gz" >> $GITHUB_ENV - fi - - - name: Release - uses: softprops/action-gh-release@v1 - with: - files: | - ${{ env.ASSET }} \ No newline at end of file + - uses: actions/checkout@v4 + - uses: actions/cache@v3 + with: + path: ~/.cargo/registry + key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }} + + - uses: actions/cache@v3 + if: startsWith(matrix.name, 'linux-') + with: + path: ~/.cargo/bin + key: ${{ runner.os }}-cargo-bin-${{ hashFiles('.github/workflows/release.yml') }} + + - uses: dtolnay/rust-toolchain@stable + with: + targets: ${{ matrix.target }} + + - uses: taiki-e/setup-cross-toolchain-action@v1 + with: + # NB: sets CARGO_BUILD_TARGET evar - do not need --target flag in build + target: ${{ matrix.target }} + + - uses: taiki-e/install-action@cross + if: ${{ matrix.cross }} + + - run: cargo build --release --locked + + - name: Extract version + shell: bash + run: | + set -euxo pipefail + + version=$(grep -m1 -F 'version =' Cargo.toml | cut -d\" -f2) + + if [[ -z "$version" ]]; then + echo "Error: no version :(" + exit 1 + fi + + echo "$version" > VERSION + + - name: Package + shell: bash + run: | + set -euxo pipefail + ext="" + [[ "${{ matrix.name }}" == windows-* ]] && ext=".exe" + bin="target/${{ matrix.target }}/release/keyweave${ext}" + strip "$bin" || true + dst="keyweave-${{ matrix.target }}" + mkdir "$dst" + cp "$bin" "$dst/" + + - name: Archive (tar) + if: '! startsWith(matrix.name, ''windows-'')' + shell: bash + run: | + set -euxo pipefail + dst="keyweave-${{ matrix.target }}" + tar cavf "$dst.tar.xz" "$dst" + + - uses: actions/upload-artifact@v3 + with: + name: builds + retention-days: 1 + path: | + keyweave-*.tar.xz + + sign: + needs: build + + name: Checksum and sign + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + + steps: + - uses: actions/checkout@v4 + - uses: actions/cache@v3 + with: + path: ~/.cargo/bin + key: sign-tools-${{ hashFiles('.github/workflows/release.yml') }} + + - uses: actions/download-artifact@v3 + with: + name: builds + + - name: Checksums with SHA512 + run: sha512sum keyweave-* | tee SHA512SUMS + + - uses: softprops/action-gh-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + generate_release_notes: true + fail_on_unmatched_files: true + files: | + keyweave-*.tar.xz + *SUMS* \ No newline at end of file