-
Notifications
You must be signed in to change notification settings - Fork 17
135 lines (130 loc) · 4.44 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
on:
push:
tags-ignore:
- "**"
branches:
- main
pull_request:
# ignore gh-pages
name: main
permissions: write-all
jobs:
build-test:
strategy:
matrix:
runs-on: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v13
- uses: DeterminateSystems/magic-nix-cache-action@v7
- name: Run `nixci build`
run: |
nix run nixpkgs#nixci -- \
--extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \
-v \
build
- name: Collect artifacts
id: collect-artifacts
run: |
ALL=$(nix eval --raw '.#all.outPath')/bin/*
echo ::set-output name=all::$ALL
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.runs-on }}
path: ${{steps.collect-artifacts.outputs.all}}
docs:
needs: [build-test]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- uses: DeterminateSystems/nix-installer-action@v13
- uses: DeterminateSystems/magic-nix-cache-action@v7
- name: Run Zola
run: |
nix develop --command zola build
cp ./static/pages/* public
working-directory: docs
- uses: peaceiris/actions-gh-pages@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs/public
force_orphan: true
publish:
name: Publish
needs: [build-test]
if: github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'release:')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
- uses: katyo/publish-crates@v2
continue-on-error: true
with:
registry-token: ${{ secrets.CRATES_IO_TOKEN }}
args: --no-verify
gh-release:
name: Github Release Upload
needs: [build-test]
if: github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'release:')
strategy:
matrix:
runs-on: [ubuntu-latest, macos-latest]
target:
[
clang-tidy-sarif,
clippy-sarif,
hadolint-sarif,
shellcheck-sarif,
sarif-fmt,
]
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: Swatinem/rust-cache@v2
- uses: DeterminateSystems/nix-installer-action@v13
- uses: DeterminateSystems/magic-nix-cache-action@v7
- uses: actions-rs/cargo@v1
with:
command: build
args: --release --bin ${{ matrix.target }}
- name: targets
id: targets
run: |
TARGET_TRIPLE=$(rustc --version --verbose | grep host | awk '{print $2}')
echo ::set-output name=target_triple::$TARGET_TRIPLE
TARGET_VERSION=$(./target/release/${{ matrix.target }} --version | awk '{print $2}')
echo ::set-output name=target_version::$TARGET_VERSION
TARGET_BINARY=./target/release/${{ matrix.target }}-${TARGET_TRIPLE}
mv ./target/release/${{ matrix.target }} ${TARGET_BINARY}
echo ::set-output name=target_binary::$TARGET_BINARY
- name: changelog
id: changelog
run: |
nix develop --command git-cliff -c ${{ matrix.target }}/cliff.toml --unreleased --tag ${{ matrix.target }}-v${{steps.targets.outputs.target_version}} --output CHANGELOG.md
CHANGELOG=$(cat CHANGELOG.md)
echo ::set-output name=changelog::$CHANGELOG
- uses: ncipollo/release-action@v1
with:
artifacts: ${{steps.targets.outputs.target_binary}}
body: |
${{steps.changelog.outputs.changelog}}
token: ${{ secrets.GITHUB_TOKEN }}
allowUpdates: true
tag: ${{ matrix.target }}-v${{steps.targets.outputs.target_version}}
name: ${{ matrix.target }} ${{steps.targets.outputs.target_version}}
- uses: ncipollo/release-action@v1
with:
artifacts: ${{steps.targets.outputs.target_binary}}
body: |
${{steps.changelog.outputs.changelog}}
token: ${{ secrets.GITHUB_TOKEN }}
allowUpdates: true
tag: ${{ matrix.target }}-latest
name: ${{ matrix.target }} latest
replacesArtifacts: true