-
Notifications
You must be signed in to change notification settings - Fork 103
359 lines (309 loc) · 10.5 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
name: Publish release binaries
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
test:
description: 'Testing the release workflow'
required: true
default: 'true'
permissions:
attestations: write
contents: write
id-token: write
jobs:
build:
name: Publish for ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
name:
- linux
- armv7
- arm64
- windows
- macos-arm64
- macos-x86_64
include:
- name: linux
os: ubuntu-20.04
build_deps: >
libfuse-dev
build_flags: --features mount
archive_name: rage.tar.gz
asset_suffix: x86_64-linux.tar.gz
- name: armv7
os: ubuntu-20.04
target: armv7-unknown-linux-gnueabihf
build_deps: >
gcc-arm-linux-gnueabihf
cargo_config: |
[target.armv7-unknown-linux-gnueabihf]
linker = "arm-linux-gnueabihf-gcc"
build_flags: --target armv7-unknown-linux-gnueabihf
archive_name: rage.tar.gz
asset_suffix: armv7-linux.tar.gz
- name: arm64
os: ubuntu-20.04
target: aarch64-unknown-linux-gnu
build_deps: >
gcc-aarch64-linux-gnu
cargo_config: |
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"
build_flags: --target aarch64-unknown-linux-gnu
archive_name: rage.tar.gz
asset_suffix: arm64-linux.tar.gz
- name: windows
os: windows-latest
archive_name: rage.zip
asset_suffix: x86_64-windows.zip
- name: macos-arm64
os: macos-latest
archive_name: rage.tar.gz
asset_suffix: arm64-darwin.tar.gz
- name: macos-x86_64
os: macos-13
archive_name: rage.tar.gz
asset_suffix: x86_64-darwin.tar.gz
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
id: toolchain
with:
targets: ${{ matrix.target }}
- run: rustup override set ${{steps.toolchain.outputs.name}}
- name: Install linux build dependencies
run: sudo apt update && sudo apt install ${{ matrix.build_deps }}
if: matrix.build_deps != ''
- name: Set up .cargo/config
run: |
mkdir .cargo
echo '${{ matrix.cargo_config }}' >.cargo/config
if: matrix.cargo_config != ''
- name: cargo build
run: cargo build --release --locked ${{ matrix.build_flags }}
working-directory: ./rage
- name: Create archive
run: |
mkdir -p release/rage
mv target/${{ matrix.target }}/release/rage* release/rage/
rm release/rage/*.d
tar czf ${{ matrix.archive_name }} -C release/ rage/
if: matrix.name != 'windows'
- name: Create archive [Windows]
run: |
mkdir -p release/rage
mv target/release/rage.exe release/rage/
mv target/release/rage-keygen.exe release/rage/
cd release/
7z.exe a ../${{ matrix.archive_name }} rage/
shell: bash
if: matrix.name == 'windows'
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: 'release/rage/*'
- name: Upload archive as artifact
uses: actions/upload-artifact@v4
with:
name: rage-${{ matrix.asset_suffix }}
path: ${{ matrix.archive_name }}
if: github.event.inputs.test == 'true'
- name: Upload archive to release
uses: svenstaro/[email protected]
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ matrix.archive_name }}
asset_name: rage-$tag-${{ matrix.asset_suffix }}
tag: ${{ github.ref }}
prerelease: true
if: github.event.inputs.test != 'true'
test:
name: Test rage-${{ matrix.asset_suffix }} on ${{ matrix.os }}
needs: build
if: github.event.inputs.test == 'true'
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-20.04
- ubuntu-22.04
- ubuntu-24.04
- windows-2019
- windows-2022
- macos-12
- macos-13
- macos-14
include:
- os: ubuntu-20.04
name: linux
archive_name: rage.tar.gz
asset_suffix: x86_64-linux.tar.gz
- os: ubuntu-22.04
name: linux
archive_name: rage.tar.gz
asset_suffix: x86_64-linux.tar.gz
- os: ubuntu-24.04
name: linux
archive_name: rage.tar.gz
asset_suffix: x86_64-linux.tar.gz
- os: windows-2019
name: windows
archive_name: rage.zip
asset_suffix: x86_64-windows.zip
- os: windows-2022
name: windows
archive_name: rage.zip
asset_suffix: x86_64-windows.zip
- os: macos-12
name: macos
archive_name: rage.tar.gz
asset_suffix: x86_64-darwin.tar.gz
- os: macos-13
name: macos
archive_name: rage.tar.gz
asset_suffix: x86_64-darwin.tar.gz
- os: macos-14
name: macos
archive_name: rage.tar.gz
asset_suffix: arm64-darwin.tar.gz
steps:
- name: Download archive
uses: actions/download-artifact@v4
with:
name: rage-${{ matrix.asset_suffix }}
- name: Extract archive
run: tar xzf ${{ matrix.archive_name }}
if: matrix.name != 'windows'
- name: Extract archive [Windows]
run: 7z.exe x ${{ matrix.archive_name }}
shell: bash
if: matrix.name == 'windows'
- name: Test key generation
run: ./rage/rage-keygen -o key.txt
- name: Test encryption
run: |
echo "Hello World!" > test.txt
./rage/rage -e -i key.txt -o test.txt.age test.txt
- name: Test decryption
run: ./rage/rage -d -i key.txt test.txt.age
deb:
name: Debian ${{ matrix.name }}
runs-on: ubuntu-20.04
strategy:
matrix:
name: [linux, linux-musl, armv7, armv7-musl, arm64, arm64-musl]
include:
- name: linux
target: x86_64-unknown-linux-gnu
build_deps: >
libfuse-dev
build_flags: --features mount
- name: linux-musl
target: x86_64-unknown-linux-musl
build_deps: >
musl-tools
deb_flags: --variant=musl
- name: armv7
target: armv7-unknown-linux-gnueabihf
build_deps: >
gcc-arm-linux-gnueabihf
cargo_config: |
[target.armv7-unknown-linux-gnueabihf]
linker = "arm-linux-gnueabihf-gcc"
- name: armv7-musl
target: armv7-unknown-linux-musleabihf
build_deps: >
gcc-arm-linux-gnueabihf
musl-tools
cargo_config: |
[target.armv7-unknown-linux-musleabihf]
linker = "arm-linux-gnueabihf-gcc"
deb_flags: --variant=musl
- name: arm64
target: aarch64-unknown-linux-gnu
build_deps: >
gcc-aarch64-linux-gnu
cargo_config: |
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"
- name: arm64-musl
target: aarch64-unknown-linux-musl
build_deps: >
gcc-aarch64-linux-gnu
musl-tools
cargo_config: |
[target.aarch64-unknown-linux-musl]
linker = "aarch64-linux-gnu-gcc"
deb_flags: --variant=musl
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
id: toolchain
with:
targets: ${{ matrix.target }}
- run: rustup override set ${{steps.toolchain.outputs.name}}
- name: cargo install cargo-deb
run: cargo install cargo-deb
- name: Install build dependencies
run: sudo apt update && sudo apt install ${{ matrix.build_deps }}
if: matrix.build_deps != ''
- name: Set up .cargo/config
run: |
mkdir .cargo
echo '${{ matrix.cargo_config }}' >.cargo/config
if: matrix.cargo_config != ''
- name: cargo build
run: cargo build --release --locked --target ${{ matrix.target }} ${{ matrix.build_flags }}
working-directory: ./rage
- name: Update Debian package config for cross-compile
run: sed -i '/\/_\?rage-mount/d' rage/Cargo.toml
if: matrix.name != 'linux'
- name: cargo deb
run: cargo deb --package rage --no-build --target ${{ matrix.target }} ${{ matrix.deb_flags }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-path: 'target/${{ matrix.target }}/debian/*.deb'
- name: Upload Debian package as artifact
uses: actions/upload-artifact@v4
with:
name: rage-${{ matrix.name }}.deb
path: target/${{ matrix.target }}/debian/*.deb
if: github.event.inputs.test == 'true'
- name: Upload Debian package to release
uses: svenstaro/[email protected]
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: target/${{ matrix.target }}/debian/*.deb
tag: ${{ github.ref }}
file_glob: true
prerelease: true
if: github.event.inputs.test != 'true'
test-deb:
name: Test rage-${{ matrix.variant }}.deb on ${{ matrix.os }}
needs: deb
if: github.event.inputs.test == 'true'
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-22.04]
variant: [linux, linux-musl]
steps:
- name: Download Debian package artifact
uses: actions/download-artifact@v4
with:
name: rage-${{ matrix.variant }}.deb
- name: Install Debian package
run: sudo apt install ./rage*.deb
- name: Test key generation
run: rage-keygen -o key.txt
- name: Test encryption
run: |
echo "Hello World!" > test.txt
rage -e -i key.txt -o test.txt.age test.txt
- name: Test decryption
run: rage -d -i key.txt test.txt.age