Revert "release: cargo-binstall v1.4.0" and fix (#1398)

* Revert "release: cargo-binstall v1.4.0 (#1397)" This reverts commit 99e8256018. * --allow-dirty on publish * Remove private key file after generation * Write public key file to bin crate and to package * Upload public key file to release
2025-04-20 20:48:43 +00:00 · 2023-09-26 19:47:25 +13:00 · 2023-09-26 19:47:25 +13:00 · 49b37ff1e2
commit 49b37ff1e2
parent 99e8256018
7 changed files with 44 additions and 4 deletions
--- a/.github/scripts/ephemeral-gen.sh
+++ b/.github/scripts/ephemeral-gen.sh
@ -11,6 +11,12 @@ algorithm = "minisign"
 pubkey = "$(tail -n1 minisign.pub)"
 EOF

+echo "public=$(tail -n1 minisign.pub)" >> "$GITHUB_OUTPUT"
+cp minisign.pub crates/bin/minisign.pub
+
 set +x
 echo "::add-mask::$(tail -n1 minisign.key)"
 echo "private=$(tail -n1 minisign.key)" >> "$GITHUB_OUTPUT"
+set -x
+
+rm minisign.key
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@ -8,6 +8,10 @@ on:
        description: "Set to the release metadata JSON to publish the release"
        required: false
        type: string
+      publickey:
+        description: "Minisign public key. Required when publishing"
+        required: false
+        type: string
      CARGO_PROFILE_RELEASE_LTO:
        description: "Set to override default release profile lto settings"
        required: false
@ -65,6 +69,15 @@ jobs:
      if: inputs.CARGO_PROFILE_RELEASE_CODEGEN_UNITS
      run: echo "CARGO_PROFILE_RELEASE_CODEGEN_UNITS=${{ inputs.CARGO_PROFILE_RELEASE_CODEGEN_UNITS }}" >> "$GITHUB_ENV"

+    - name: Include public key in package
+      if: inputs.publickey
+      env:
+        PUBLIC_KEY: ${{ inputs.publickey }}
+      shell: bash
+      run: |
+        echo "untrusted comment: minisign public key" > minisign.pub
+        cat >> minisign.pub <<< "$PUBLIC_KEY"
+
    - uses: ./.github/actions/just-setup
      with:
        tools: cargo-auditable
@ -94,6 +107,7 @@ jobs:
    - if: inputs.publish
      env:
        SIGNING_KEY: ${{ secrets.signingkey }}
+      shell: bash
      run: .github/scripts/ephemeral-sign.sh packages/cargo-binstall-*

    - if: inputs.publish
@ -131,6 +145,15 @@ jobs:
    steps:
    - uses: actions/checkout@v4

+    - name: Include public key in package
+      if: inputs.publickey
+      env:
+        PUBLIC_KEY: ${{ inputs.publickey }}
+      shell: bash
+      run: |
+        echo "untrusted comment: minisign public key" > minisign.pub
+        cat >> minisign.pub <<< "$PUBLIC_KEY"
+
    - uses: taiki-e/install-action@v2
      with:
        tool: just
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -61,8 +61,17 @@ jobs:
      env:
        crate: ${{ needs.info.outputs.crate }}
        CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
-      run: cargo publish -p "$crate"
+      run: cargo publish -p "$crate" --allow-dirty
+    - name: Upload public key to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_token: ${{ secrets.GITHUB_TOKEN }}
+        release_name: v${{ needs.info.outputs.version }}
+        tag: v${{ needs.info.outputs.version }}
+        body: ${{ needs.info.outputs.notes }}
+        file: minisign.pub
    outputs:
+      publickey: ${{ steps.keypair.outputs.public }}
      signingkey: ${{ steps.keypair.outputs.private }}

  package:
@ -73,5 +82,6 @@ jobs:
    uses: ./.github/workflows/release-build.yml
    with:
      publish: ${{ toJSON(needs.info.outputs) }}
+      publickey: ${{ needs.clitag.publickey }}
    secrets:
      signingkey: ${{ needs.clitag.signingkey }}
--- a/Cargo.lock
+++ b/Cargo.lock
@ -512,7 +512,7 @@ dependencies = [

 [[package]]
 name = "cargo-binstall"
-version = "1.4.0"
+version = "1.3.1"
 dependencies = [
 "binstalk",
 "binstalk-manifests",
--- a/crates/bin/Cargo.toml
+++ b/crates/bin/Cargo.toml
@ -3,7 +3,7 @@ name = "cargo-binstall"
 description = "Rust binary package installer for CI integration"
 repository = "https://github.com/cargo-bins/cargo-binstall"
 documentation = "https://docs.rs/cargo-binstall"
-version = "1.4.0"
+version = "1.3.1"
 rust-version = "1.65.0"
 authors = ["ryan <ryan@kurte.nz>"]
 edition = "2021"
--- a/crates/bin/windows.manifest
+++ b/crates/bin/windows.manifest
@ -3,7 +3,7 @@
 	<assemblyIdentity
 		type="win32"
 		name="Binstall.Cli.binstall"
-		version="1.4.0.0"
+		version="1.3.1.0"
 	/>

 	<trustInfo>
--- a/1
+++ b/1
@ -289,6 +289,7 @@ package-dir:
    mkdir -p packages/prep
    cp crates/bin/LICENSE packages/prep
    cp README.md packages/prep
+    -cp minisign.pub packages/prep

 [macos]
 package-prepare: build package-dir