name: CLI Release on: workflow_dispatch: push: tags: - "cli-v*.*.*" jobs: build: strategy: matrix: name: - linux-amd64-gnu - linux-amd64-musl - linux-i686-musl - linux-armhf-gnu - linux-arm64-gnu - mac-x86-64 - mac-arm64 - windows-x86-64 include: - name: linux-amd64-gnu os: ubuntu-latest target: x86_64-unknown-linux-gnu cross: false experimental: false - name: linux-amd64-musl os: ubuntu-latest target: x86_64-unknown-linux-musl cross: true experimental: false - name: linux-i686-musl os: ubuntu-latest target: i686-unknown-linux-musl cross: true experimental: true - name: linux-armhf-gnu os: ubuntu-latest target: armv7-unknown-linux-gnueabihf cross: true experimental: false - name: linux-arm64-gnu os: ubuntu-latest target: aarch64-unknown-linux-gnu cross: true experimental: false - name: mac-x86-64 os: macos-latest target: x86_64-apple-darwin cross: false experimental: false - name: mac-arm64 os: macos-11.0 target: aarch64-apple-darwin cross: true experimental: true - name: windows-x86-64 os: windows-latest target: x86_64-pc-windows-msvc cross: false experimental: false - name: windows-arm64 os: windows-latest target: aarch64-pc-windows-msvc cross: true experimental: true name: Binaries for ${{ matrix.name }} runs-on: ${{ matrix.os }} continue-on-error: ${{ matrix.experimental }} steps: - uses: actions/checkout@v2 - uses: actions/cache@v2 with: path: ~/.cargo/registry key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }} - name: Install cargo-deb run: cargo install cargo-deb --version 1.30.0 - name: Install cargo-generate-rpm run: cargo install cargo-generate-rpm --version 0.4.0 - uses: actions-rs/toolchain@v1 with: target: ${{ matrix.target }} toolchain: stable profile: minimal override: true - uses: actions-rs/cargo@v1 name: Build with: use-cross: ${{ matrix.cross }} command: build args: --package watchexec-cli --release --locked --target ${{ matrix.target }} - name: Extract version shell: bash run: | set -euxo pipefail version=$(grep -m1 -F 'version =' cli/Cargo.toml | cut -d\" -f2) if [[ -z "$version" ]]; then echo "Error: no version :(" exit 1 fi echo "$version" > VERSION - name: Package shell: bash run: | set -euxo pipefail ext="" [[ "${{ matrix.name }}" == windows-* ]] && ext=".exe" bin="target/${{ matrix.target }}/release/watchexec${ext}" version=$(cat VERSION) dst="watchexec-${version}-${{ matrix.target }}" mkdir "$dst" strip "$bin" || true cp "$bin" "$dst/" cp cli/README.md LICENSE completions doc/{logo.svg,watchexec.1{,.html}} "$dst/" - name: Archive (tar) if: '! startsWith(matrix.name, ''windows-'')' shell: bash run: | set -euxo pipefail version=$(cat VERSION) dst="watchexec-${version}-${{ matrix.target }}" tar cavf "$dst.tar.xz" "$dst" - name: Archive (deb) if: startsWith(matrix.name, 'linux-') shell: bash run: | set -euxo pipefail version=$(cat VERSION) dst="watchexec-${version}-${{ matrix.target }}" cargo deb -p watchexec-cli --target ${{ matrix.target }} --output "$dst.deb" - name: Archive (rpm) if: startsWith(matrix.name, 'linux-') shell: bash run: | set -euxo pipefail shopt -s globstar version=$(cat VERSION) dst="watchexec-${version}-${{ matrix.target }}" cargo generate-rpm -p cli --target "${{ matrix.target }}" --target "target/${{ matrix.target }}" mv target/**/*.rpm "$dst.rpm" - name: Archive (zip) if: startsWith(matrix.name, 'windows-') shell: bash run: | set -euxo pipefail version=$(cat VERSION) dst="watchexec-${version}-${{ matrix.target }}" 7z a "$dst.zip" "$dst" - uses: actions/upload-artifact@v2 with: name: builds retention-days: 1 path: | watchexec-*.tar.xz watchexec-*.tar.zst watchexec-*.deb watchexec-*.rpm watchexec-*.zip sign: needs: build name: Checksum and sign runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/cache@v2 with: path: ~/.cargo/bin key: sign-tools-${{ hashFiles('.github/workflows/release.yml') }} - name: Install rsign2 run: cargo install rsign2 --version 0.5.7 - name: Install b3sum run: cargo install b3sum --version 0.3.7 - uses: actions/download-artifact@v2 with: name: builds - name: Checksums with BLAKE3 run: b3sum watchexec-* | tee B3SUMS - name: Checksums with SHA512 run: sha512sum watchexec-* | tee SHA512SUMS - name: Sign checksums shell: bash env: RELEASE_KEY: ${{ secrets.RELEASE_KEY }} run: | set -u echo "$RELEASE_KEY" > release.key set -x version=$(grep -m1 -F 'version =' cli/Cargo.toml | cut -d\" -f2) for algo in B3 SHA512; do echo | rsign sign \ -p .github/workflows/release.pub \ -s release.key \ -t "watchexec v$version signed with automated key" \ -c 'see website for signing information' \ -x "${algo}SUMS.auto.minisig" \ "${algo}SUMS" done rm release.key cat {B3,SHA512}SUMS.auto.minisig - uses: softprops/action-gh-release@v1 with: files: | watchexec-*.tar.xz watchexec-*.tar.zst watchexec-*.deb watchexec-*.rpm watchexec-*.zip *SUMS* env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}