release #20
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+*" | |
permissions: | |
contents: write | |
jobs: | |
init: | |
runs-on: ubuntu-22.04 | |
outputs: | |
version: ${{steps.version.outputs.version}} | |
prerelease: ${{steps.state.outputs.prerelease}} | |
steps: | |
- name: Evaluate pre-release state | |
id: state | |
env: | |
HEAD_REF: ${{github.head_ref}} | |
run: | | |
test -z "${HEAD_REF}" && (echo 'do-publish=true' >> $GITHUB_OUTPUT) | |
if [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo release=true >> $GITHUB_OUTPUT | |
echo release=true >> $GITHUB_ENV | |
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v.*$ ]]; then | |
echo prerelease=true >> $GITHUB_OUTPUT | |
echo prerelease=true >> $GITHUB_ENV | |
fi | |
- name: Set version | |
id: version | |
run: | | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
[ "$VERSION" == "main" ] && VERSION=latest | |
echo "version=$VERSION" >> $GITHUB_OUTPUT | |
echo "version=$VERSION" >> $GITHUB_ENV | |
- name: Show result | |
run: | | |
echo "Version: $version" | |
echo "Release: $release" | |
echo "Pre-release: $prerelease" | |
# ensure that the version of the tag is the version of the crates | |
ensure-version: | |
runs-on: ubuntu-22.04 | |
needs: | |
- init | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup cargo-binstall | |
run: | | |
curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash | |
- name: Setup cargo-workspaces | |
run: | | |
cargo binstall -y cargo-workspaces | |
- name: Set version | |
run: | | |
cargo ws version custom ${{ needs.init.outputs.version }} --all --no-git-commit --force "*" --yes | |
- name: Ensure this did not change anything | |
run: | | |
git diff --exit-code | |
if [ $? -gt 0 ]; then | |
echo "::error::Uncommitted changes after setting the version. This indicates that the version of the tag does not align with the version of the crates." | |
exit 1 | |
fi | |
build: | |
name: Build | |
runs-on: ${{ matrix.os }} | |
needs: | |
- init | |
- ensure-version | |
strategy: | |
fail-fast: false | |
matrix: | |
edition: [ "", "-pm" ] | |
target: | |
- x86_64-unknown-linux-gnu | |
- aarch64-unknown-linux-gnu | |
- x86_64-unknown-linux-musl | |
- aarch64-unknown-linux-musl | |
- x86_64-apple-darwin | |
- aarch64-apple-darwin | |
- x86_64-pc-windows-msvc | |
include: | |
- target: x86_64-unknown-linux-gnu | |
os: ubuntu-22.04 | |
install: | | |
sudo apt install -y libssl-dev | |
- target: aarch64-unknown-linux-gnu | |
os: ubuntu-22.04 | |
cross: "true" | |
# Cross' Ubuntu container is based on 20.04. Its OpenSSL version is too old for us. | |
args: --features vendored | |
- target: x86_64-unknown-linux-musl | |
os: ubuntu-22.04 | |
args: --features vendored | |
install: | | |
sudo apt install -y musl-tools | |
- target: aarch64-unknown-linux-musl | |
os: ubuntu-22.04 | |
cross: "true" | |
args: --features vendored | |
- target: x86_64-apple-darwin | |
os: macos-12 | |
- target: aarch64-apple-darwin | |
os: macos-14 | |
- target: x86_64-pc-windows-msvc | |
os: windows-2022 | |
ext: ".exe" | |
archive: zip | |
install: | | |
git config --system core.longpaths true | |
echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append | |
vcpkg install openssl:x64-windows-static-md | |
env: | |
# name of the binary output by the build | |
output_binary_name: "trustd" | |
# name of the binary available for download | |
download_binary_name: "trustd${{ matrix.edition }}" | |
dirname: "trustd${{ matrix.edition }}-${{ needs.init.outputs.version }}-${{ matrix.target }}" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup | Cache Cargo | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: "${{ matrix.target }}-release${{ matrix.edition }}-${{ hashFiles('**/Cargo.lock') }}" | |
- name: Export GitHub Actions cache environment variables for vcpkg | |
uses: actions/github-script@v7 | |
if: runner.os == 'Windows' | |
with: | |
script: | | |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | |
core.exportVariable('VCPKG_BINARY_SOURCES', 'clear;x-gha,readwrite'); | |
- name: Install dependencies | |
if: matrix.install != '' | |
run: ${{ matrix.install }} | |
- name: Disable rustup self-update | |
# workaround for: https://github.com/rust-lang/rustup/issues/3709 | |
run: | | |
rustup set auto-self-update disable | |
- name: Setup Rust target | |
run: | | |
rustup target add ${{ matrix.target }} | |
- name: Setup cargo-binstall (Linux) | |
if: runner.os != 'Windows' | |
run: | | |
curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash | |
- name: Setup cargo-binstall (Windows) | |
if: runner.os == 'Windows' | |
run: | | |
Set-ExecutionPolicy Unrestricted -Scope Process; iex (iwr "https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.ps1").Content | |
- name: Setup Cross | |
if: matrix.cross == 'true' | |
run: | | |
cargo binstall cross -y | |
- name: Build | Build | |
shell: bash | |
env: | |
POSTGRESQL_VERSION: 16 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for retrieving postgres | |
run: | | |
set -x | |
if [[ "${{ matrix.xcode }}" == "true" ]]; then | |
export SDKROOT=$(xcrun -sdk macosx --show-sdk-path) | |
export MACOSX_DEPLOYMENT_TARGET=$(xcrun -sdk macosx --show-sdk-platform-version) | |
fi | |
CMD="cargo" | |
if [[ -n "${{ matrix.cross }}" ]]; then | |
CMD="cross" | |
fi | |
# build options | |
OPTS="--no-default-features --release" | |
if [[ "${{ matrix.edition }}" == "-pm" ]]; then | |
OPTS="$OPTS --features pm" | |
fi | |
OPTS="$OPTS ${{ matrix.args }}" | |
if [[ -n "${{ matrix.target }}" ]]; then | |
OPTS="$OPTS --target=${{ matrix.target }}" | |
fi | |
${CMD} build ${OPTS} | |
- name: Move binary | |
shell: bash | |
run: | | |
mkdir -p "pack/$dirname" | |
# if we have an alternate target, there is a sub-directory | |
if [[ -f "target/release/${output_binary_name}${{ matrix.ext }}" ]]; then | |
SRC="target/release/${output_binary_name}${{ matrix.ext }}" | |
elif [[ -f "target/${{ matrix.target }}/release/${output_binary_name}${{ matrix.ext }}" ]]; then | |
SRC="target/${{ matrix.target }}/release/${output_binary_name}${{ matrix.ext }}" | |
else | |
echo "Unable to find output" | |
find target | |
false # stop build | |
fi | |
# stage for upload | |
mv -v "${SRC}" "pack/${dirname}/${download_binary_name}${{ matrix.ext }}" | |
cp LICENSE "pack/${dirname}/" | |
- run: mkdir -p upload | |
- name: Archive (zip) | |
if: matrix.archive == 'zip' | |
working-directory: pack | |
run: | | |
7z a ../upload/${{ env.dirname }}.zip . | |
- name: Archive (tar.gz) | |
if: matrix.archive != 'zip' | |
working-directory: pack | |
run: | | |
tar czvf ../upload/${{ env.dirname }}.tar.gz . | |
- name: Upload binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: trustd${{ matrix.edition }}-${{ matrix.target }} | |
path: upload/* | |
if-no-files-found: error | |
publish: | |
needs: [ init, build ] | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
attestations: write | |
env: | |
IMAGE_NAME: trustd | |
IMAGE_TAG: ${{ needs.init.outputs.version }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install convco | |
run: | | |
curl -sLO https://github.com/convco/convco/releases/download/v0.5.1/convco-ubuntu.zip | |
unzip convco-ubuntu.zip | |
sudo install convco /usr/local/bin | |
- name: Generate changelog | |
run: | | |
convco changelog -s --max-majors=1 --max-minors=1 --max-patches=1 -n > /tmp/changelog.md | |
- uses: actions/download-artifact@v4 | |
with: | |
path: ${{ github.workspace }}/download | |
- name: Display downloaded content | |
run: ls -R ${{ github.workspace }}/download | |
- name: Stage release | |
run: | | |
mkdir -p staging | |
cp -pv ${{ github.workspace }}/download/*/* staging/ | |
- name: Display staging area | |
run: ls -R staging | |
- uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: 'staging/*' | |
# Build the container | |
- name: Install qemu dependency | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y qemu-user-static | |
- name: Build Image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ env.IMAGE_TAG }} | |
envs: | | |
TAG=${{ env.IMAGE_TAG }} | |
build-args: | | |
tag=${{ env.IMAGE_TAG }} | |
platforms: linux/amd64, linux/arm64 | |
containerfiles: | | |
.github/scripts/Containerfile | |
- name: Check images created | |
run: buildah images | grep '${{ env.IMAGE_NAME }}' | |
# We save the container image here. But when loading it, the multi-arch aspect of it will be gone. | |
- name: Save image | |
run: podman save --multi-image-archive ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} > image.tar | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: container | |
path: image.tar | |
if-no-files-found: error | |
# From here on, we start pushing artifacts | |
# Push to ghcr.io | |
- name: Push to ghcr.io | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ needs.init.outputs.version }} | |
registry: ghcr.io/${{ github.repository_owner }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Final step, create the GitHub release, attaching the files | |
- name: Create Release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG: v${{ needs.init.outputs.version }} | |
run: | | |
OPTS="" | |
if [[ "${{ needs.init.outputs.prerelease }}" == "true" ]]; then | |
OPTS="${OPTS} -p" | |
fi | |
gh release create ${OPTS} --title "${{ needs.init.outputs.version }}" -F /tmp/changelog.md ${TAG} \ | |
$(find staging -type f) |