chore: bump version to 0.5.0 #55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish Githem | |
| on: | |
| push: | |
| branches: [master] | |
| paths: | |
| - 'Cargo.toml' | |
| workflow_dispatch: | |
| jobs: | |
| check-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_release: ${{ steps.check.outputs.should_release }} | |
| version: ${{ steps.check.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if version needs release | |
| id: check | |
| run: | | |
| VERSION="v$(grep '^version = ' Cargo.toml | head -1 | cut -d'"' -f2)" | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| # check if release exists | |
| if gh release view "${VERSION}" >/dev/null 2>&1; then | |
| echo "Release ${VERSION} already exists" | |
| echo "should_release=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Release ${VERSION} does not exist, will create" | |
| echo "should_release=true" >> $GITHUB_OUTPUT | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| create-tag: | |
| needs: check-version | |
| if: needs.check-version.outputs.should_release == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create and push tag | |
| run: | | |
| VERSION="${{ needs.check-version.outputs.version }}" | |
| if ! git rev-parse "${VERSION}" >/dev/null 2>&1; then | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| git tag -a "${VERSION}" -m "Release ${VERSION}" | |
| git push origin "${VERSION}" || echo "tag already exists remotely" | |
| fi | |
| build-cli: | |
| needs: [check-version] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| name: githem-linux-x64 | |
| - os: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| name: githem-linux-arm64 | |
| - os: macos-latest | |
| target: x86_64-apple-darwin | |
| name: githem-macos-x64 | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| name: githem-macos-arm64 | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| name: githem-windows-x64.exe | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install cross for ARM64 builds | |
| if: matrix.target == 'aarch64-unknown-linux-gnu' | |
| run: | | |
| curl -L https://github.com/cross-rs/cross/releases/latest/download/cross-x86_64-unknown-linux-gnu.tar.gz | tar xz | |
| sudo mv cross /usr/local/bin/ | |
| - name: Install dependencies (Linux) | |
| if: matrix.os == 'ubuntu-latest' && matrix.target == 'x86_64-unknown-linux-gnu' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y pkg-config libssl-dev | |
| - name: Install dependencies (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| brew install pkg-config | |
| shell: bash | |
| - name: Install dependencies (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: echo "No additional dependencies needed" | |
| shell: bash | |
| - name: Cache Cargo | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build CLI binary | |
| run: | | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ] && [ "${{ matrix.os }}" = "ubuntu-latest" ]; then | |
| cross build --release --bin githem --target ${{ matrix.target }} | |
| else | |
| cargo build --release --bin githem --target ${{ matrix.target }} | |
| fi | |
| shell: bash | |
| - name: Prepare binary (Unix) | |
| if: matrix.os != 'windows-latest' | |
| run: | | |
| cp target/${{ matrix.target }}/release/githem ${{ matrix.name }} | |
| chmod +x ${{ matrix.name }} | |
| shell: bash | |
| - name: Prepare binary (Windows) | |
| if: matrix.os == 'windows-latest' | |
| run: cp target/${{ matrix.target }}/release/githem.exe ${{ matrix.name }} | |
| shell: bash | |
| - name: Generate SHA512 hash | |
| run: | | |
| if [ "${{ runner.os }}" = "macOS" ]; then | |
| shasum -a 512 ${{ matrix.name }} > ${{ matrix.name }}.sha512 | |
| else | |
| sha512sum ${{ matrix.name }} > ${{ matrix.name }}.sha512 | |
| fi | |
| shell: bash | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.name }} | |
| path: | | |
| ${{ matrix.name }} | |
| ${{ matrix.name }}.sha512 | |
| build-server: | |
| needs: [check-version] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| name: githem-api-linux-x64 | |
| - target: aarch64-unknown-linux-gnu | |
| name: githem-api-linux-arm64 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Set up Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y pkg-config | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then | |
| curl -L https://github.com/cross-rs/cross/releases/latest/download/cross-x86_64-unknown-linux-gnu.tar.gz | tar xz | |
| sudo mv cross /usr/local/bin/ | |
| fi | |
| - name: Cache Cargo | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-server-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build API binary | |
| run: | | |
| if [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then | |
| cross build --release --bin githem-api --target ${{ matrix.target }} | |
| else | |
| cargo build --release --bin githem-api --target ${{ matrix.target }} | |
| fi | |
| - name: Prepare binary | |
| run: | | |
| cp target/${{ matrix.target }}/release/githem-api ${{ matrix.name }} | |
| chmod +x ${{ matrix.name }} | |
| - name: Generate SHA512 hash | |
| run: sha512sum ${{ matrix.name }} > ${{ matrix.name }}.sha512 | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.name }} | |
| path: | | |
| ${{ matrix.name }} | |
| ${{ matrix.name }}.sha512 | |
| sign-and-release: | |
| needs: [check-version, build-cli, build-server] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| - name: Import GPG Key | |
| run: echo "${{ secrets.HQ_ROTKO_GPG }}" | gpg --batch --import | |
| - name: Configure GPG | |
| run: | | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| gpg-connect-agent reloadagent /bye | |
| - name: Sign all binaries and hashes | |
| run: | | |
| for binary in githem-*; do | |
| if [[ ! "$binary" =~ \.(sha512|sig)$ ]]; then | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" \ | |
| --detach-sign --armor --default-key hq@rotko.net --output "${binary}.sig" "$binary" | |
| if [[ -f "${binary}.sha512" ]]; then | |
| gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" \ | |
| --detach-sign --armor --default-key hq@rotko.net --output "${binary}.sha512.sig" "${binary}.sha512" | |
| fi | |
| fi | |
| done | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Create or update release | |
| run: | | |
| # collect all unique files to upload | |
| FILES=() | |
| for file in githem-* *.sig; do | |
| if [[ -f "$file" ]]; then | |
| FILES+=("$file") | |
| fi | |
| done | |
| printf '%s\n' "${FILES[@]}" | sort -u > files_to_upload.txt | |
| # idempotent release creation | |
| if gh release view ${{ needs.check-version.outputs.version }} >/dev/null 2>&1; then | |
| echo "release exists, uploading/replacing artifacts" | |
| gh release upload ${{ needs.check-version.outputs.version }} \ | |
| --clobber \ | |
| $(cat files_to_upload.txt | tr '\n' ' ') | |
| else | |
| echo "creating new release" | |
| gh release create ${{ needs.check-version.outputs.version }} \ | |
| --title "Githem ${{ needs.check-version.outputs.version }}" \ | |
| --generate-notes \ | |
| $(cat files_to_upload.txt | tr '\n' ' ') || \ | |
| gh release upload ${{ needs.check-version.outputs.version }} \ | |
| --clobber \ | |
| $(cat files_to_upload.txt | tr '\n' ' ') | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| publish-crates: | |
| needs: [check-version, sign-and-release] | |
| if: needs.check-version.outputs.should_release == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Check crates.io version | |
| id: check_crates | |
| run: | | |
| LOCAL_VERSION=$(grep '^version = ' Cargo.toml | head -1 | cut -d'"' -f2) | |
| if cargo search githem --limit 1 | grep -q "githem = \"${LOCAL_VERSION}\""; then | |
| echo "Version ${LOCAL_VERSION} already published to crates.io" | |
| echo "skip=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Publishing version ${LOCAL_VERSION} to crates.io" | |
| echo "skip=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Publish to crates.io | |
| if: steps.check_crates.outputs.skip != 'true' | |
| run: | | |
| cargo publish -p githem-core --locked || true | |
| sleep 30 | |
| cargo publish -p githem-api --locked || true | |
| sleep 30 | |
| cargo publish -p githem --locked || true | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_TOKEN }} |