name: Release
on:
workflow_dispatch:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
jobs:
pre-check:
name: Pre-check
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version-check.outputs.version }}
steps:
- uses: actions/checkout@v4
- id: version-check
run: |
version_tag="$(git describe --tags --abbrev=0 | sed 's/^v//')"
version_toml="$(grep -m1 -F 'version =' Cargo.toml | cut -d\" -f2)"
if [[ "$version_tag" != "$version_toml" ]]; then
echo "Error: The git tag does not match the Cargo.toml version."
exit 1
fi
echo "Success: The git tag matches the Cargo.toml version."
echo "version=$version_toml" >> $GITHUB_OUTPUT
build:
needs: pre-check
strategy:
matrix:
name:
- linux-x86-64-gnu
- linux-x86-64-musl
- linux-armhf-gnu
- linux-arm64-gnu
- mac-x86-64
- mac-arm64
- windows-gnu
include:
- name: linux-x86-64-gnu
os: ubuntu-20.04
target: x86_64-unknown-linux-gnu
cross: false
experimental: false
- name: linux-x86-64-musl
os: ubuntu-latest
target: x86_64-unknown-linux-musl
cross: true
experimental: false
- name: linux-armhf-gnu
os: ubuntu-20.04
target: armv7-unknown-linux-gnueabihf
cross: true
experimental: false
- name: linux-arm64-gnu
os: ubuntu-20.04
target: aarch64-unknown-linux-gnu
cross: true
experimental: false
- name: mac-x86-64
os: macos-latest
target: x86_64-apple-darwin
cross: false
experimental: false
- name: mac-arm64
os: macos-11.0
target: aarch64-apple-darwin
cross: true
experimental: true
- name: windows-gnu
os: windows-latest
target: x86_64-pc-windows-gnu
cross: true
experimental: false
name: Binaries for ${{ matrix.name }}
runs-on: ${{ matrix.os }}
continue-on-error: ${{ matrix.experimental }}
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }}
- uses: actions/cache@v3
if: startsWith(matrix.name, 'linux-')
with:
path: ~/.cargo/bin
key: ${{ runner.os }}-cargo-bin-${{ hashFiles('.github/workflows/release.yml') }}
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- uses: taiki-e/setup-cross-toolchain-action@v1
with:
# NB: sets CARGO_BUILD_TARGET evar - do not need --target flag in build
target: ${{ matrix.target }}
- uses: taiki-e/install-action@cross
if: ${{ matrix.cross }}
- run: cargo build --release --locked
- name: Extract version
shell: bash
run: |
echo "${{ needs.pre-check.outputs.version }}" > VERSION
- name: Package
shell: bash
run: |
set -euxo pipefail
ext=""
[[ "${{ matrix.name }}" == windows-* ]] && ext=".exe"
bin="target/${{ matrix.target }}/release/keyweave${ext}"
strip "$bin" || true
dst="keyweave-${{ matrix.target }}"
mkdir "$dst"
cp "$bin" "$dst/"
- name: Archive (tar)
if: '! startsWith(matrix.name, ''windows-'')'
shell: bash
run: |
set -euxo pipefail
dst="keyweave-${{ matrix.target }}"
tar cavf "$dst.tar.xz" "$dst"
- uses: actions/upload-artifact@v3
with:
name: builds
retention-days: 1
path: |
keyweave-*.tar.xz
keyweave-x86_64-pc-windows-gnu/keyweave.exe
release:
needs: build
name: Sign and Release
runs-on: ubuntu-latest
outputs:
sha256sums: ${{ steps.homebrew-inputs.outputs.sha256sums }}
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: ~/.cargo/bin
key: sign-tools-${{ hashFiles('.github/workflows/release.yml') }}
- uses: actions/download-artifact@v3
with:
name: builds
- name: Checksums with SHA512 and SHA256
run: |
sha512sum keyweave-* | tee SHA512SUMS
sha256sum keyweave-* | tee SHA256SUMS
- uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
generate_release_notes: true
fail_on_unmatched_files: true
files: |
keyweave-*.tar.xz
keyweave-*/keyweave.exe
*SUMS*
- name: Generate SHA256SUM input for Homebrew
id: homebrew-inputs
run: |
sha256sums="{$(awk '{printf "%s '\''%s'\'': '\''%s'\''", (NR>1 ? "," : ""), $2, $1} END {print ""}' SHA256SUMS)}"
echo "sha256sums=$sha256sums" >> $GITHUB_OUTPUT
publish-brew:
needs: [release, pre-check]
name: Publish brew formula
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v7
name: Dispatch Homebrew release
with:
github-token: ${{ secrets.PAT_TOKEN }}
script: |
const sha256sums = ${{ needs.release.outputs.sha256sums }}
await github.rest.actions.createWorkflowDispatch({
owner: 'bartvdbraak',
repo: 'homebrew-keyweave',
workflow_id: 'release.yml',
ref: 'main',
inputs: {
version: '${{ needs.pre-check.outputs.version }}',
sha256sums: JSON.stringify(sha256sums)
}
})
publish-crate:
needs: release
name: Publish rust crate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- name: Publish to crates.io
run: cargo publish --token ${CARGO_REGISTRY_TOKEN}
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}