watchexec/.github/workflows/release.yml
2021-07-31 06:36:57 +12:00

252 lines
7.2 KiB
YAML

name: CLI Release
on:
workflow_dispatch:
push:
tags:
- "cli-v*.*.*"
jobs:
build:
strategy:
matrix:
name:
- linux-amd64-gnu
- linux-amd64-musl
- linux-i686-musl
- linux-armhf-gnu
- linux-arm64-gnu
- mac-x86-64
- mac-arm64
- windows-x86-64
include:
- name: linux-amd64-gnu
os: ubuntu-latest
target: x86_64-unknown-linux-gnu
cross: false
experimental: false
- name: linux-amd64-musl
os: ubuntu-latest
target: x86_64-unknown-linux-musl
cross: true
experimental: false
- name: linux-i686-musl
os: ubuntu-latest
target: i686-unknown-linux-musl
cross: true
experimental: true
- name: linux-armhf-gnu
os: ubuntu-latest
target: armv7-unknown-linux-gnueabihf
cross: true
experimental: false
- name: linux-arm64-gnu
os: ubuntu-latest
target: aarch64-unknown-linux-gnu
cross: true
experimental: false
- name: mac-x86-64
os: macos-latest
target: x86_64-apple-darwin
cross: false
experimental: false
- name: mac-arm64
os: macos-11.0
target: aarch64-apple-darwin
cross: true
experimental: true
- name: windows-x86-64
os: windows-latest
target: x86_64-pc-windows-msvc
cross: false
experimental: false
- name: windows-arm64
os: windows-latest
target: aarch64-pc-windows-msvc
cross: true
experimental: true
name: Binaries for ${{ matrix.name }}
runs-on: ${{ matrix.os }}
continue-on-error: ${{ matrix.experimental }}
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }}
- uses: actions/cache@v2
if: startsWith(matrix.name, 'linux-')
with:
path: ~/.cargo/bin
key: ${{ runner.os }}-cargo-bin-${{ hashFiles('.github/workflows/release.yml') }}
- name: Install cargo-deb
if: startsWith(matrix.name, 'linux-')
run: which cargo-deb || cargo install cargo-deb --version 1.30.0 --locked
# - name: Install cargo-generate-rpm
# if: startsWith(matrix.name, 'linux-')
# run: which cargo-generate-rpm || cargo install cargo-generate-rpm --version 0.4.0 --locked
- uses: actions-rs/toolchain@v1
with:
target: ${{ matrix.target }}
toolchain: stable
profile: minimal
override: true
- uses: actions-rs/cargo@v1
name: Build
with:
use-cross: ${{ matrix.cross }}
command: build
args: --package watchexec-cli --release --locked --target ${{ matrix.target }}
- name: Extract version
shell: bash
run: |
set -euxo pipefail
version=$(grep -m1 -F 'version =' cli/Cargo.toml | cut -d\" -f2)
if [[ -z "$version" ]]; then
echo "Error: no version :("
exit 1
fi
echo "$version" > VERSION
- name: Package
shell: bash
run: |
set -euxo pipefail
ext=""
[[ "${{ matrix.name }}" == windows-* ]] && ext=".exe"
bin="target/${{ matrix.target }}/release/watchexec${ext}"
strip "$bin" || true
version=$(cat VERSION)
dst="watchexec-${version}-${{ matrix.target }}"
mkdir "$dst"
mkdir -p "target/release"
cp "$bin" "target/release/" # workaround for cargo-deb silliness with targets
cp "$bin" "$dst/"
cp -r cli/README.md LICENSE completions doc/{logo.svg,watchexec.1{,.html}} "$dst/"
- name: Archive (tar)
if: '! startsWith(matrix.name, ''windows-'')'
shell: bash
run: |
set -euxo pipefail
version=$(cat VERSION)
dst="watchexec-${version}-${{ matrix.target }}"
tar cavf "$dst.tar.xz" "$dst"
- name: Archive (deb)
if: startsWith(matrix.name, 'linux-')
shell: bash
run: |
set -euxo pipefail
version=$(cat VERSION)
dst="watchexec-${version}-${{ matrix.target }}"
cargo deb -p watchexec-cli --no-build --no-strip --target ${{ matrix.target }} --output "$dst.deb"
# - name: Archive (rpm)
# if: startsWith(matrix.name, 'linux-')
# shell: bash
# run: |
# set -euxo pipefail
# shopt -s globstar
# version=$(cat VERSION)
# dst="watchexec-${version}-${{ matrix.target }}"
# cargo generate-rpm -p cli --target "${{ matrix.target }}" --target-dir "target/${{ matrix.target }}"
# mv target/**/*.rpm "$dst.rpm"
- name: Archive (zip)
if: startsWith(matrix.name, 'windows-')
shell: bash
run: |
set -euxo pipefail
version=$(cat VERSION)
dst="watchexec-${version}-${{ matrix.target }}"
7z a "$dst.zip" "$dst"
- uses: actions/upload-artifact@v2
with:
name: builds
retention-days: 1
path: |
watchexec-*.tar.xz
watchexec-*.tar.zst
watchexec-*.deb
watchexec-*.rpm
watchexec-*.zip
sign:
needs: build
name: Checksum and sign
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.cargo/bin
key: sign-tools-${{ hashFiles('.github/workflows/release.yml') }}
- name: Install rsign2
run: cargo install rsign2 --version 0.5.7
- name: Install b3sum
run: cargo install b3sum --version 0.3.7
- uses: actions/download-artifact@v2
with:
name: builds
- name: Checksums with BLAKE3
run: b3sum watchexec-* | tee B3SUMS
- name: Checksums with SHA512
run: sha512sum watchexec-* | tee SHA512SUMS
- name: Sign checksums
shell: bash
env:
RELEASE_KEY: ${{ secrets.RELEASE_KEY }}
run: |
set -u
echo "$RELEASE_KEY" > release.key
set -x
version=$(grep -m1 -F 'version =' cli/Cargo.toml | cut -d\" -f2)
for algo in B3 SHA512; do
echo | rsign sign \
-p .github/workflows/release.pub \
-s release.key \
-t "watchexec v$version signed with automated key" \
-c 'see website for signing information' \
-x "${algo}SUMS.auto.minisig" \
"${algo}SUMS"
done
rm release.key
cat {B3,SHA512}SUMS.auto.minisig
- uses: softprops/action-gh-release@v1
with:
files: |
watchexec-*.tar.xz
watchexec-*.tar.zst
watchexec-*.deb
watchexec-*.rpm
watchexec-*.zip
*SUMS*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}