watchexec/.github/workflows/release-cli.yml
dependabot[bot] b25cf1586c
Bump softprops/action-gh-release from cd28b0f5ee8571b76cfdaa62a30d51d752317477 to 1 (#447)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-24 12:35:27 +13:00

349 lines
10 KiB
YAML

name: CLI Release
on:
workflow_call:
workflow_dispatch:
push:
tags:
- "v*.*.*"
env:
CARGO_TERM_COLOR: always
CARGO_UNSTABLE_SPARSE_REGISTRY: "true"
jobs:
info:
name: Gather info
runs-on: ubuntu-latest
outputs:
cli_version: ${{ steps.version.outputs.cli_version }}
release_notes: ${{ fromJSON(steps.notes.outputs.notes_json) }}
announce: ${{ steps.announce.outputs.announce }}
steps:
- uses: actions/checkout@v3
- name: Extract version
id: version
shell: bash
run: |
set -euxo pipefail
version=$(grep -m1 -F 'version =' crates/cli/Cargo.toml | cut -d\" -f2)
if [[ -z "$version" ]]; then
echo "Error: no version :("
exit 1
fi
echo "::set-output name=cli_version::$version"
- name: Extract release notes
id: notes
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPO: ${{ github.repository }}
release_commit: ${{ github.event.head_commit.message }}
run: |
set -euxo pipefail
release_pr=$(head -n1 <<< "${release_commit:-}" | grep -oP '(?<=[(]#)\d+(?=[)])')
if [[ -z "$release_pr" ]]; then
echo "::set-output name=notes_json::null"
exit
fi
gh \
pr --repo "$GITHUB_REPO" \
view "$release_pr" \
--json body \
--jq '"::set-output name=notes_json::\((.body | split("### Release notes")[1] // "") | tojson)"'
- name: Make a new announcement post
id: announce
if: endsWith(steps.version.outputs.cli_version, '.0')
run: echo "::set-output name=announce::Announcements"
# TODO: append patch release notes as comments on minor version announce discussion
# TODO: add link to discussion from patch release notes
# TODO: rename minor version announce discussion to be just CLI vX.Y (remove .0)
build:
strategy:
matrix:
name:
- linux-amd64-gnu
- linux-amd64-musl
- linux-i686-musl
- linux-armhf-gnu
- linux-arm64-gnu
- linux-arm64-musl
- linux-s390x-gnu
- linux-ppc64le-gnu
- mac-x86-64
- mac-arm64
- windows-x86-64
include:
- name: linux-amd64-gnu
os: ubuntu-latest
target: x86_64-unknown-linux-gnu
cross: false
experimental: false
- name: linux-amd64-musl
os: ubuntu-latest
target: x86_64-unknown-linux-musl
cross: true
experimental: false
- name: linux-i686-musl
os: ubuntu-latest
target: i686-unknown-linux-musl
cross: true
experimental: true
- name: linux-armhf-gnu
os: ubuntu-latest
target: armv7-unknown-linux-gnueabihf
cross: true
experimental: false
- name: linux-arm64-gnu
os: ubuntu-latest
target: aarch64-unknown-linux-gnu
cross: true
experimental: false
- name: linux-arm64-musl
os: ubuntu-latest
target: aarch64-unknown-linux-musl
cross: true
experimental: true
- name: linux-s390x-gnu
os: ubuntu-latest
target: s390x-unknown-linux-gnu
cross: true
experimental: false
- name: linux-ppc64le-gnu
os: ubuntu-latest
target: powerpc64le-unknown-linux-gnu
cross: true
experimental: false
- name: mac-x86-64
os: macos-latest
target: x86_64-apple-darwin
cross: false
experimental: false
- name: mac-arm64
os: macos-11.0
target: aarch64-apple-darwin
cross: true
experimental: true
- name: windows-x86-64
os: windows-latest
target: x86_64-pc-windows-msvc
cross: false
experimental: false
#- name: windows-arm64
# os: windows-latest
# target: aarch64-pc-windows-msvc
# cross: true
# experimental: true
name: Binaries for ${{ matrix.name }}
needs: info
runs-on: ${{ matrix.os }}
continue-on-error: ${{ matrix.experimental }}
env:
version: ${{ needs.info.outputs.cli_version }}
dst: watchexec-${{ needs.info.outputs.cli_version }}-${{ matrix.target }}
steps:
- uses: actions/checkout@v3
# https://github.com/actions/cache/issues/752
- if: ${{ runner.os == 'Windows' }}
name: Use GNU tar
shell: cmd
run: |
echo "Adding GNU tar to PATH"
echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%"
- name: Configure caching
uses: actions/cache@v3
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ matrix.target }}-
${{ runner.os }}-cargo-
- name: Add musl tools
run: sudo apt install -y musl musl-dev musl-tools
if: endsWith(matrix.target, '-musl')
- name: Add aarch-gnu tools
run: sudo apt install -y gcc-aarch64-linux-gnu
if: startsWith(matrix.target, 'aarch64-unknown-linux')
- name: Add arm7hf-gnu tools
run: sudo apt install -y gcc-arm-linux-gnueabihf
if: startsWith(matrix.target, 'armv7-unknown-linux-gnueabihf')
- name: Add s390x-gnu tools
run: sudo apt install -y gcc-s390x-linux-gnu
if: startsWith(matrix.target, 's390x-unknown-linux-gnu')
- name: Add ppc64le-gnu tools
run: sudo apt install -y gcc-powerpc64le-linux-gnu
if: startsWith(matrix.target, 'powerpc64le-unknown-linux-gnu')
- name: Install cargo-deb
if: startsWith(matrix.name, 'linux-')
uses: taiki-e/install-action@v1
with:
tool: cargo-deb
- name: Install cargo-generate-rpm
if: startsWith(matrix.name, 'linux-')
uses: taiki-e/install-action@v1
with:
tool: cargo-generate-rpm
- name: Configure toolchain
run: |
rustup toolchain install --profile minimal --no-self-update stable
rustup default stable
rustup target add ${{ matrix.target }}
- name: Install cross
if: matrix.cross
uses: taiki-e/install-action@v1
with:
tool: cross
- name: Build (cargo)
if: "!matrix.cross"
run: cargo build --package watchexec-cli --release --locked --target ${{ matrix.target }}
- name: Build (cross)
if: matrix.cross
run: cross build --package watchexec-cli --release --locked --target ${{ matrix.target }}
- name: Package
shell: bash
run: |
set -euxo pipefail
ext=""
[[ "${{ matrix.name }}" == windows-* ]] && ext=".exe"
bin="target/${{ matrix.target }}/release/watchexec${ext}"
objcopy --compress-debug-sections "$bin" || true
mkdir "$dst"
mkdir -p "target/release"
cp "$bin" "target/release/" # workaround for cargo-deb silliness with targets
cp "$bin" "$dst/"
cp -r crates/cli/README.md LICENSE completions doc/{logo.svg,watchexec.1{,.html}} "$dst/"
- name: Archive (tar)
if: '! startsWith(matrix.name, ''windows-'')'
run: tar cavf "$dst.tar.xz" "$dst"
- name: Archive (deb)
if: startsWith(matrix.name, 'linux-')
run: cargo deb -p watchexec-cli --no-build --no-strip --target ${{ matrix.target }} --output "$dst.deb"
- name: Archive (rpm)
if: startsWith(matrix.name, 'linux-')
shell: bash
run: |
set -euxo pipefail
shopt -s globstar
cargo generate-rpm -p crates/cli --target "${{ matrix.target }}" --target-dir "target/${{ matrix.target }}"
mv target/**/*.rpm "$dst.rpm"
- name: Archive (zip)
if: startsWith(matrix.name, 'windows-')
shell: bash
run: 7z a "$dst.zip" "$dst"
- uses: actions/upload-artifact@v3
with:
name: builds
retention-days: 1
path: |
watchexec-*.tar.xz
watchexec-*.tar.zst
watchexec-*.deb
watchexec-*.rpm
watchexec-*.zip
sign:
needs: [build, info]
name: Checksum and sign
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install rsign2
uses: taiki-e/install-action@v1
with:
tool: rsign2
- name: Install b3sum
uses: taiki-e/install-action@v1
with:
tool: b3sum
- uses: actions/download-artifact@v3
with:
name: builds
- name: Checksums with BLAKE3
run: b3sum watchexec-* | tee B3SUMS
- name: Checksums with SHA512
run: sha512sum watchexec-* | tee SHA512SUMS
- name: Sign checksums
shell: bash
env:
RELEASE_KEY: ${{ secrets.RELEASE_KEY }}
version: ${{ needs.info.outputs.cli_version }}
run: |
set -u
echo "$RELEASE_KEY" > release.key
set -x
for algo in B3 SHA512; do
echo | rsign sign \
-p .github/workflows/release.pub \
-s release.key \
-t "watchexec v$version signed with automated key" \
-c 'see website for signing information' \
-x "${algo}SUMS.auto.minisig" \
"${algo}SUMS"
done
rm release.key
cat {B3,SHA512}SUMS.auto.minisig
- uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
with:
tag_name: v${{ needs.info.outputs.cli_version }}
name: CLI v${{ needs.info.outputs.cli_version }}
body: ${{ needs.info.outputs.release_notes }}
append_body: true
discussion_category_name: ${{ needs.info.outputs.announce }}
files: |
watchexec-*.tar.xz
watchexec-*.tar.zst
watchexec-*.deb
watchexec-*.rpm
watchexec-*.zip
*SUMS*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}