Merge pull request #5 from xscriptor/update/app #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| release_tag: | |
| description: "Existing tag to publish (for example: v1.2.3)" | |
| required: true | |
| type: string | |
| permissions: | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.release_tag || github.ref_name }} | |
| jobs: | |
| build-linux-ubuntu: | |
| name: Build Linux (Ubuntu) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: cargo build --release --locked | |
| - name: Package | |
| run: | | |
| asset="gitnapse-${RELEASE_TAG}-linux-ubuntu-x86_64.tar.gz" | |
| tar -C target/release -czf "${asset}" gitnapse | |
| echo "ASSET=${asset}" >> "$GITHUB_ENV" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: asset-linux-ubuntu | |
| path: ${{ env.ASSET }} | |
| if-no-files-found: error | |
| retention-days: 7 | |
| build-linux-arch: | |
| name: Build Linux (Arch) | |
| runs-on: ubuntu-latest | |
| container: | |
| image: archlinux:latest | |
| steps: | |
| - name: Install build dependencies | |
| run: pacman -Syu --noconfirm --needed base-devel curl ca-certificates git openssl pkgconf | |
| - name: Install Rust | |
| run: | | |
| curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal | |
| echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: cargo build --release --locked | |
| - name: Package | |
| run: | | |
| asset="gitnapse-${RELEASE_TAG}-linux-arch-x86_64.tar.gz" | |
| tar -C target/release -czf "${asset}" gitnapse | |
| echo "ASSET=${asset}" >> "$GITHUB_ENV" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: asset-linux-arch | |
| path: ${{ env.ASSET }} | |
| if-no-files-found: error | |
| retention-days: 7 | |
| build-linux-fedora: | |
| name: Build Linux (Fedora) | |
| runs-on: ubuntu-latest | |
| container: | |
| image: fedora:latest | |
| steps: | |
| - name: Install build dependencies | |
| run: dnf -y install curl gcc gcc-c++ make pkgconf-pkg-config openssl-devel ca-certificates git tar gzip | |
| - name: Install Rust | |
| run: | | |
| curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal | |
| echo "$HOME/.cargo/bin" >> "$GITHUB_PATH" | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: cargo build --release --locked | |
| - name: Package | |
| run: | | |
| asset="gitnapse-${RELEASE_TAG}-linux-fedora-x86_64.tar.gz" | |
| tar -C target/release -czf "${asset}" gitnapse | |
| echo "ASSET=${asset}" >> "$GITHUB_ENV" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: asset-linux-fedora | |
| path: ${{ env.ASSET }} | |
| if-no-files-found: error | |
| retention-days: 7 | |
| build-windows: | |
| name: Build Windows | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: cargo build --release --locked | |
| - name: Package | |
| shell: pwsh | |
| run: | | |
| $asset = "gitnapse-$env:RELEASE_TAG-windows-x86_64.zip" | |
| Compress-Archive -Path "target/release/gitnapse.exe" -DestinationPath $asset -Force | |
| "ASSET=$asset" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: asset-windows | |
| path: ${{ env.ASSET }} | |
| if-no-files-found: error | |
| retention-days: 7 | |
| build-macos: | |
| name: Build macOS | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: cargo build --release --locked | |
| - name: Package | |
| run: | | |
| arch="$(uname -m)" | |
| asset="gitnapse-${RELEASE_TAG}-macos-${arch}.tar.gz" | |
| tar -C target/release -czf "${asset}" gitnapse | |
| echo "ASSET=${asset}" >> "$GITHUB_ENV" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: asset-macos | |
| path: ${{ env.ASSET }} | |
| if-no-files-found: error | |
| retention-days: 7 | |
| publish-release: | |
| name: Publish GitHub Release | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-linux-ubuntu | |
| - build-linux-arch | |
| - build-linux-fedora | |
| - build-windows | |
| - build-macos | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| pattern: asset-* | |
| path: dist | |
| merge-multiple: true | |
| - name: Generate GitHub App token | |
| id: app_token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.RELEASE_GH_APP_ID }} | |
| private-key: ${{ secrets.RELEASE_GH_APP_PRIVATE_KEY }} | |
| owner: ${{ github.repository_owner }} | |
| - name: Show assets | |
| run: ls -lah dist | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Sign assets (keyless) | |
| run: | | |
| for file in dist/*; do | |
| cosign sign-blob --yes "$file" \ | |
| --output-signature "${file}.sig" \ | |
| --output-certificate "${file}.pem" | |
| done | |
| - name: Create or update release | |
| env: | |
| GH_TOKEN: ${{ steps.app_token.outputs.token }} | |
| run: | | |
| gh release view "${RELEASE_TAG}" >/dev/null 2>&1 || \ | |
| gh release create "${RELEASE_TAG}" --title "${RELEASE_TAG}" --generate-notes | |
| gh release upload "${RELEASE_TAG}" dist/* --clobber |