name: Release on: workflow_dispatch: push: tags: - 'v[0-9]+.[0-9]+.[0-9]+' jobs: pre-check: name: Pre-check runs-on: ubuntu-latest outputs: version: ${{ steps.version-check.outputs.version }} steps: - uses: actions/checkout@v4 - id: version-check run: | version_tag="$(git describe --tags --abbrev=0 | sed 's/^v//')" version_toml="$(grep -m1 -F 'version =' Cargo.toml | cut -d\" -f2)" if [[ "$version_tag" != "$version_toml" ]]; then echo "Error: The git tag does not match the Cargo.toml version." exit 1 fi echo "Success: The git tag matches the Cargo.toml version." echo "version=$version_toml" >> $GITHUB_OUTPUT build: needs: pre-check strategy: matrix: name: - linux-x86-64-gnu - linux-x86-64-musl - linux-armhf-gnu - linux-arm64-gnu - mac-x86-64 - mac-arm64 - windows-gnu include: - name: linux-x86-64-gnu os: ubuntu-20.04 target: x86_64-unknown-linux-gnu cross: false experimental: false - name: linux-x86-64-musl os: ubuntu-latest target: x86_64-unknown-linux-musl cross: true experimental: false - name: linux-armhf-gnu os: ubuntu-20.04 target: armv7-unknown-linux-gnueabihf cross: true experimental: false - name: linux-arm64-gnu os: ubuntu-20.04 target: aarch64-unknown-linux-gnu cross: true experimental: false - name: mac-x86-64 os: macos-latest target: x86_64-apple-darwin cross: false experimental: false - name: mac-arm64 os: macos-11.0 target: aarch64-apple-darwin cross: true experimental: true - name: windows-gnu os: windows-latest target: x86_64-pc-windows-gnu cross: true experimental: false name: Binaries for ${{ matrix.name }} runs-on: ${{ matrix.os }} continue-on-error: ${{ matrix.experimental }} steps: - uses: actions/checkout@v4 - uses: actions/cache@v4 with: path: ~/.cargo/registry key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }} - uses: actions/cache@v4 if: startsWith(matrix.name, 'linux-') with: path: ~/.cargo/bin key: ${{ runner.os }}-cargo-bin-${{ hashFiles('.github/workflows/release.yml') }} - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - uses: taiki-e/setup-cross-toolchain-action@v1 with: target: ${{ matrix.target }} - uses: taiki-e/install-action@cross if: ${{ matrix.cross }} - run: cargo build --release --locked - name: Extract version shell: bash run: | echo "${{ needs.pre-check.outputs.version }}" > VERSION - name: Archive and Package shell: bash run: | set -euxo pipefail ext="" [[ "${{ matrix.name }}" == windows-* ]] && ext=".exe" bin="target/${{ matrix.target }}/release/keyweave${ext}" strip "$bin" || true dst="keyweave-${{ matrix.target }}" mkdir -p "$dst" dist cp "$bin" "$dst/" if [[ ${{ !startsWith(matrix.name, 'windows') }} ]] ; then tar cavf "$dst.tar.xz" "$dst" mv "$dst.tar.xz" dist/ else mv "$dst/keyweave${ext}" dist/keyweave-${{ matrix.target }}.exe fi - uses: actions/upload-artifact@v4 with: name: dist-${{ matrix.target }} path: dist release: needs: build name: Sign and Release runs-on: ubuntu-latest outputs: sha256sums: ${{ steps.homebrew-inputs.outputs.sha256sums }} permissions: id-token: write contents: write steps: - uses: actions/checkout@v4 - uses: actions/cache@v4 with: path: ~/.cargo/bin key: sign-tools-${{ hashFiles('.github/workflows/release.yml') }} - uses: actions/download-artifact@v4 with: pattern: dist-* merge-multiple: true path: dist - name: Checksums with SHA512 and SHA256 run: | sha512sum keyweave-* | tee SHA512SUMS sha256sum keyweave-* | tee SHA256SUMS tree - uses: softprops/action-gh-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: generate_release_notes: true fail_on_unmatched_files: true files: | keyweave-*.tar.xz keyweave-*/keyweave.exe *SUMS* - name: Generate SHA256SUM input for Homebrew id: homebrew-inputs run: | sha256sums="{$(awk '{printf "%s '\''%s'\'': '\''%s'\''", (NR>1 ? "," : ""), $2, $1} END {print ""}' SHA256SUMS)}" echo "sha256sums=$sha256sums" >> $GITHUB_OUTPUT publish-brew: needs: [release, pre-check] name: Publish brew formula runs-on: ubuntu-latest steps: - uses: actions/github-script@v7 name: Dispatch Homebrew release with: github-token: ${{ secrets.PAT_TOKEN }} script: | const sha256sums = ${{ needs.release.outputs.sha256sums }} await github.rest.actions.createWorkflowDispatch({ owner: 'bartvdbraak', repo: 'homebrew-keyweave', workflow_id: 'release.yml', ref: 'main', inputs: { version: '${{ needs.pre-check.outputs.version }}', sha256sums: JSON.stringify(sha256sums) } }) publish-crate: needs: release name: Publish rust crate runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable - name: Publish to crates.io run: cargo publish --token ${CARGO_REGISTRY_TOKEN} env: CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}