v0.4.2 #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish Githem | |
| on: | |
| push: | |
| branches: [master] | |
| paths: | |
| - 'Cargo.toml' | |
| - 'Cargo.lock' | |
| - '**/*.rs' | |
| workflow_dispatch: | |
| jobs: | |
| check-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_release: ${{ steps.check.outputs.should_release }} | |
| version: ${{ steps.check.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if version needs release | |
| id: check | |
| run: | | |
| # extract version from Cargo.toml | |
| VERSION=$(grep '^version = ' Cargo.toml | head -1 | cut -d'"' -f2) | |
| echo "version=v${VERSION}" >> $GITHUB_OUTPUT | |
| # check if tag exists | |
| if git rev-parse "v${VERSION}" >/dev/null 2>&1; then | |
| echo "Tag v${VERSION} already exists" | |
| echo "should_release=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Tag v${VERSION} does not exist, will create release" | |
| echo "should_release=true" >> $GITHUB_OUTPUT | |
| fi | |
| create-tag: | |
| needs: check-version | |
| if: needs.check-version.outputs.should_release == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create and push tag | |
| run: | | |
| VERSION="${{ needs.check-version.outputs.version }}" | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| git tag -a "${VERSION}" -m "Release ${VERSION}" | |
| git push origin "${VERSION}" | |
| build-cli: | |
| needs: [check-version, create-tag] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| name: githem-linux-x64 | |
| - os: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| name: githem-linux-arm64 | |
| - os: macos-latest | |
| target: x86_64-apple-darwin | |
| name: githem-macos-x64 | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| name: githem-macos-arm64 | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| name: githem-windows-x64.exe | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install cross for ARM64 builds | |
| if: matrix.target == 'aarch64-unknown-linux-gnu' | |
| run: | | |
| curl -L https://github.com/cross-rs/cross/releases/latest/download/cross-x86_64-unknown-linux-gnu.tar.gz | tar xz | |
| sudo mv cross /usr/local/bin/ | |
| - name: Install dependencies (Linux) | |
| if: matrix.os == 'ubuntu-latest' && matrix.target == 'x86_64-unknown-linux-gnu' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y pkg-config libssl-dev | |
| - name: Install dependencies (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| brew install pkg-config | |
| shell: bash | |
| - name: Install dependencies (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: echo "No additional dependencies needed" | |
| shell: bash | |
| - name: Cache Cargo | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build CLI binary | |
| run: | | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ] && [ "${{ matrix.os }}" = "ubuntu-latest" ]; then | |
| cross build --release --bin githem --target ${{ matrix.target }} | |
| else | |
| cargo build --release --bin githem --target ${{ matrix.target }} | |
| fi | |
| shell: bash | |
| - name: Prepare binary (Unix) | |
| if: matrix.os != 'windows-latest' | |
| run: | | |
| cp target/${{ matrix.target }}/release/githem ${{ matrix.name }} | |
| chmod +x ${{ matrix.name }} | |
| shell: bash | |
| - name: Prepare binary (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: cp target/${{ matrix.target }}/release/githem.exe ${{ matrix.name }} | |
| shell: bash | |
| - name: Generate SHA512 hash | |
| run: | | |
| if [ "${{ runner.os }}" = "macOS" ]; then | |
| shasum -a 512 ${{ matrix.name }} > ${{ matrix.name }}.sha512 | |
| else | |
| sha512sum ${{ matrix.name }} > ${{ matrix.name }}.sha512 | |
| fi | |
| shell: bash | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.name }} | |
| path: | | |
| ${{ matrix.name }} | |
| ${{ matrix.name }}.sha512 | |
| build-server: | |
| needs: [check-version, create-tag] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| name: githem-api-linux-x64 | |
| - target: aarch64-unknown-linux-gnu | |
| name: githem-api-linux-arm64 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y pkg-config | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then | |
| curl -L https://github.com/cross-rs/cross/releases/latest/download/cross-x86_64-unknown-linux-gnu.tar.gz | tar xz | |
| sudo mv cross /usr/local/bin/ | |
| fi | |
| - name: Cache Cargo | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-server-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build API binary | |
| run: | | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then | |
| cross build --release --bin githem-api --target ${{ matrix.target }} | |
| else | |
| cargo build --release --bin githem-api --target ${{ matrix.target }} | |
| fi | |
| - name: Prepare binary | |
| run: | | |
| cp target/${{ matrix.target }}/release/githem-api ${{ matrix.name }} | |
| chmod +x ${{ matrix.name }} | |
| - name: Generate SHA512 hash | |
| run: sha512sum ${{ matrix.name }} > ${{ matrix.name }}.sha512 | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.name }} | |
| path: | | |
| ${{ matrix.name }} | |
| ${{ matrix.name }}.sha512 | |
| sign-and-release: | |
| needs: [check-version, build-cli, build-server] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| - name: Import GPG Key | |
| run: echo "${{ secrets.HQ_ROTKO_GPG }}" | gpg --batch --import | |
| - name: Configure GPG | |
| run: | | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| gpg-connect-agent reloadagent /bye | |
| - name: Sign all binaries and hashes | |
| run: | | |
| for binary in githem-*; do | |
| if [[ ! "$binary" =~ \.(sha512|sig)$ ]]; then | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" \ | |
| --detach-sign --armor --default-key hq@rotko.net --output "${binary}.sig" "$binary" | |
| if [[ -f "${binary}.sha512" ]]; then | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" \ | |
| --detach-sign --armor --default-key hq@rotko.net --output "${binary}.sha512.sig" "${binary}.sha512" | |
| fi | |
| fi | |
| done | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Create Release | |
| run: | | |
| # Collect all unique files to upload | |
| FILES=() | |
| for file in githem-* *.sig; do | |
| if [[ -f "$file" ]]; then | |
| FILES+=("$file") | |
| fi | |
| done | |
| # Remove duplicates and create release | |
| printf '%s\n' "${FILES[@]}" | sort -u > files_to_upload.txt | |
| gh release create ${{ needs.check-version.outputs.version }} \ | |
| --title "Githem ${{ needs.check-version.outputs.version }}" \ | |
| --generate-notes \ | |
| $(cat files_to_upload.txt | tr '\n' ' ') | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| publish-crates: | |
| needs: [check-version, sign-and-release] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Check crates.io version | |
| id: check_crates | |
| run: | | |
| # get local version | |
| LOCAL_VERSION=$(grep '^version = ' Cargo.toml | head -1 | cut -d'"' -f2) | |
| # check if already published | |
| if cargo search githem --limit 1 | grep -q "githem = \"${LOCAL_VERSION}\""; then | |
| echo "Version ${LOCAL_VERSION} already published to crates.io" | |
| echo "skip=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Publishing version ${LOCAL_VERSION} to crates.io" | |
| echo "skip=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Publish to crates.io | |
| if: steps.check_crates.outputs.skip != 'true' | |
| run: | | |
| # publish in dependency order | |
| cargo publish -p githem-core --locked || true | |
| sleep 30 | |
| cargo publish -p githem-api --locked || true | |
| sleep 30 | |
| cargo publish -p githem --locked || true | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_TOKEN }} |