build: bump version #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: | |
| # Set a tag, then push it to trigger the release workflow: | |
| # git tag v0.0.1-rc.5 | |
| # git push origin v0.0.1-rc.5 | |
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| asset_name: auths-linux-x86_64 | |
| ext: .tar.gz | |
| - os: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| asset_name: auths-linux-aarch64 | |
| ext: .tar.gz | |
| cross: true | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| asset_name: auths-macos-aarch64 | |
| ext: .tar.gz | |
| # No windows support for now | |
| # - os: windows-latest | |
| # target: x86_64-pc-windows-msvc | |
| # asset_name: auths-windows-x86_64 | |
| # ext: .zip | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: "1.93" | |
| targets: ${{ matrix.target }} | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ${{ matrix.target }} | |
| cache-on-failure: true | |
| - name: Install cross (Linux ARM64) | |
| if: matrix.cross | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cross | |
| - name: Build release binaries (cross) | |
| if: matrix.cross | |
| run: cross build --release --package auths-cli --target ${{ matrix.target }} | |
| - name: Build release binaries | |
| if: "!matrix.cross" | |
| run: cargo build --release --package auths-cli --target ${{ matrix.target }} | |
| - name: Package (Unix) | |
| if: matrix.ext == '.tar.gz' | |
| run: | | |
| mkdir -p staging | |
| cp target/${{ matrix.target }}/release/auths staging/ || true | |
| cp target/${{ matrix.target }}/release/auths-sign staging/ || true | |
| cp target/${{ matrix.target }}/release/auths-verify staging/ || true | |
| tar -czf ${{ matrix.asset_name }}${{ matrix.ext }} -C staging . | |
| - name: Package (Windows) | |
| if: matrix.ext == '.zip' | |
| shell: pwsh | |
| run: | | |
| New-Item -ItemType Directory -Force -Path staging | |
| Copy-Item target/${{ matrix.target }}/release/auths.exe staging/ -ErrorAction SilentlyContinue | |
| Copy-Item target/${{ matrix.target }}/release/auths-sign.exe staging/ -ErrorAction SilentlyContinue | |
| Copy-Item target/${{ matrix.target }}/release/auths-verify.exe staging/ -ErrorAction SilentlyContinue | |
| Compress-Archive -Path staging/* -DestinationPath ${{ matrix.asset_name }}${{ matrix.ext }} | |
| - name: Generate SHA256 checksum (Unix) | |
| if: matrix.ext == '.tar.gz' | |
| run: shasum -a 256 ${{ matrix.asset_name }}${{ matrix.ext }} > ${{ matrix.asset_name }}${{ matrix.ext }}.sha256 | |
| - name: Generate SHA256 checksum (Windows) | |
| if: matrix.ext == '.zip' | |
| shell: pwsh | |
| run: | | |
| $hash = (Get-FileHash ${{ matrix.asset_name }}${{ matrix.ext }} -Algorithm SHA256).Hash.ToLower() | |
| "$hash ${{ matrix.asset_name }}${{ matrix.ext }}" | Out-File -Encoding ascii ${{ matrix.asset_name }}${{ matrix.ext }}.sha256 | |
| - name: Install auths for artifact signing (Unix) | |
| if: matrix.ext == '.tar.gz' | |
| run: | | |
| cargo build --release --package auths-cli | |
| sudo cp target/release/auths /usr/local/bin/auths | |
| - name: Sign artifact (Unix) | |
| if: matrix.ext == '.tar.gz' | |
| env: | |
| AUTHS_PASSPHRASE: ${{ secrets.AUTHS_CI_PASSPHRASE }} | |
| AUTHS_CI_KEYCHAIN_B64: ${{ secrets.AUTHS_CI_KEYCHAIN }} | |
| AUTHS_CI_IDENTITY_BUNDLE_B64: ${{ secrets.AUTHS_CI_IDENTITY_BUNDLE }} | |
| AUTHS_KEYCHAIN_BACKEND: file | |
| AUTHS_KEYCHAIN_FILE: /tmp/auths-ci-keychain | |
| run: | | |
| if [ -z "$AUTHS_PASSPHRASE" ] || [ -z "$AUTHS_CI_KEYCHAIN_B64" ] || [ -z "$AUTHS_CI_IDENTITY_BUNDLE_B64" ]; then | |
| echo "Skipping artifact signing: AUTHS_CI_PASSPHRASE, AUTHS_CI_KEYCHAIN, and AUTHS_CI_IDENTITY_BUNDLE must all be set (run 'just ci-setup' to populate them)" | |
| exit 0 | |
| fi | |
| printf '%s' "$AUTHS_CI_KEYCHAIN_B64" | tr -d '[:space:]' | base64 -d > /tmp/auths-ci-keychain | |
| mkdir -p /tmp/auths-identity | |
| printf '%s' "$AUTHS_CI_IDENTITY_BUNDLE_B64" | tr -d '[:space:]' | base64 -d | tar -xz -C /tmp/auths-identity | |
| if ! git -C /tmp/auths-identity rev-parse --git-dir > /dev/null 2>&1; then | |
| echo "Skipping artifact signing: AUTHS_CI_IDENTITY_BUNDLE does not contain a valid git repository." | |
| echo "Re-run 'just ci-setup' to regenerate the secret, then update AUTHS_CI_IDENTITY_BUNDLE in GitHub Secrets." | |
| exit 0 | |
| fi | |
| auths artifact sign ${{ matrix.asset_name }}${{ matrix.ext }} \ | |
| --device-key-alias ci-release-device \ | |
| --note "GitHub Actions release — ${{ github.ref_name }}" \ | |
| --repo /tmp/auths-identity | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.asset_name }} | |
| path: | | |
| ${{ matrix.asset_name }}${{ matrix.ext }} | |
| ${{ matrix.asset_name }}${{ matrix.ext }}.sha256 | |
| ${{ matrix.asset_name }}${{ matrix.ext }}.auths.json | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts/ | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: artifacts/**/* | |
| generate_release_notes: true |