actions/cargo-binstall
1
0
Fork 0
mirror of https://github.com/cargo-bins/cargo-binstall.git synced 2025-04-24 22:30:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix release build again (#1400)

Browse source 
* Fix build again

* Recommend (r)age over minisign password

* Dry-run the entire release process

* Reorg a bit so dry-run works

* Fix secret name

* Add check on age key

* Pass secrets down

* Use a cross-platform "date"

* Delete signing key artifact to be extra safe

* Last little bits
This commit is contained in:
Félix Saparelli 2023-09-27 00:17:17 +13:00 committed by GitHub
parent 3f29e13e42
commit 5d4333d5c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 189 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

185
.github/workflows/release-packages.yml vendored Normal file
View file

@ -0,0 +1,185 @@
name: Build packages for release
on:
workflow_call:
inputs:
publish:
description: "The release metadata JSON"
required: true
type: string
CARGO_PROFILE_RELEASE_LTO:
description: "Used to speed up CI"
required: false
type: string
CARGO_PROFILE_RELEASE_CODEGEN_UNITS:
description: "Used to speed up CI"
required: false
type: string
env:
CARGO_TERM_COLOR: always
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
JUST_TIMINGS: true
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- { o: macos-latest, t: x86_64-apple-darwin, r: true }
- { o: macos-latest, t: x86_64h-apple-darwin, }
- { o: macos-latest, t: aarch64-apple-darwin }
- { o: ubuntu-latest, t: x86_64-unknown-linux-gnu, g: 2.17, r: true, c: true }
- { o: ubuntu-latest, t: armv7-unknown-linux-gnueabihf, g: 2.17, c: true }
- { o: ubuntu-latest, t: aarch64-unknown-linux-gnu, g: 2.17, c: true }
- { o: ubuntu-latest, t: x86_64-unknown-linux-musl, r: true, c: true }
- { o: ubuntu-latest, t: armv7-unknown-linux-musleabihf, c: true }
- { o: ubuntu-latest, t: aarch64-unknown-linux-musl, c: true }
- { o: windows-latest, t: x86_64-pc-windows-msvc, r: true }
- { o: windows-latest, t: aarch64-pc-windows-msvc }
name: ${{ matrix.t }}
runs-on: ${{ matrix.o }}
env:
CARGO_BUILD_TARGET: ${{ matrix.t }}
GLIBC_VERSION: ${{ matrix.g }}
JUST_USE_CARGO_ZIGBUILD: ${{ matrix.c }}
JUST_FOR_RELEASE: true
JUST_USE_AUDITABLE: true
JUST_ENABLE_H3: true
steps:
- uses: actions/checkout@v4
- name: Override release profile lto settings
if: inputs.CARGO_PROFILE_RELEASE_LTO
run: echo "CARGO_PROFILE_RELEASE_LTO=${{ inputs.CARGO_PROFILE_RELEASE_LTO }}" >> "$GITHUB_ENV"
- name: Override release profile codegen-units settings
if: inputs.CARGO_PROFILE_RELEASE_CODEGEN_UNITS
run: echo "CARGO_PROFILE_RELEASE_CODEGEN_UNITS=${{ inputs.CARGO_PROFILE_RELEASE_CODEGEN_UNITS }}" >> "$GITHUB_ENV"
- uses: cargo-bins/cargo-binstall@main
- uses: ./.github/actions/just-setup
with:
tools: cargo-auditable
env:
# just-setup use binstall to install sccache and cargo-auditable,
# which works better when we provide it with GITHUB_TOKEN.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: just toolchain rust-src
- run: just ci-install-deps
- uses: actions/download-artifact@v3
with:
name: minisign.pub
- run: just package
- if: runner.os == 'Windows'
run: Get-ChildItem packages/
- if: runner.os != 'Windows'
run: ls -shal packages/
- name: Ensure release binary is runnable
if: "matrix.r"
run: just e2e-tests
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/download-artifact@v3
with:
name: minisign.key.age
- name: Sign package
env:
AGE_KEY_SECRET: ${{ secrets.AGE_KEY_SECRET }}
shell: bash
run: .github/scripts/ephemeral-sign.sh packages/cargo-binstall-*
- if: fromJSON(inputs.publish).is-release == 'true'
name: Upload to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
release_name: v${{ fromJSON(inputs.publish).version }}
tag: v${{ fromJSON(inputs.publish).version }}
body: ${{ fromJSON(inputs.publish).notes }}
file: packages/cargo-binstall-*
file_glob: true
prerelease: true
- if: "fromJSON(inputs.publish).is-release != 'true' || runner.os == 'macOS'"
name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.t }}
path: packages/cargo-binstall-*
retention-days: 1
- name: Upload timings
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.t }}-cargo-timings
path: target/cargo-timings
retention-days: 1
lipo:
needs: build
name: universal-apple-darwin
runs-on: macos-latest
env:
JUST_FOR_RELEASE: true
steps:
- uses: actions/checkout@v4
- uses: cargo-bins/cargo-binstall@main
- uses: taiki-e/install-action@v2
with:
tool: just
- uses: actions/download-artifact@v3
with:
name: x86_64h-apple-darwin
path: packages/
- uses: actions/download-artifact@v3
with:
name: x86_64-apple-darwin
path: packages/
- uses: actions/download-artifact@v3
with:
name: aarch64-apple-darwin
path: packages/
- uses: actions/download-artifact@v3
with:
name: minisign.pub
- run: ls -shalr packages/
- run: just repackage-lipo
- run: ls -shal packages/
- uses: actions/download-artifact@v3
with:
name: minisign.key.age
- env:
AGE_KEY_SECRET: ${{ secrets.AGE_KEY_SECRET }}
shell: bash
run: .github/scripts/ephemeral-sign.sh packages/cargo-binstall-universal-*
- if: fromJSON(inputs.publish).is-release == 'true'
name: Upload to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: v${{ fromJSON(inputs.publish).version }}
release_name: v${{ fromJSON(inputs.publish).version }}
body: ${{ fromJSON(inputs.publish).notes }}
file: packages/cargo-binstall-universal-*
file_glob: true
overwrite: true
prerelease: true
- if: fromJSON(inputs.publish).is-release != 'true'
name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: universal-apple-darwin
path: packages/cargo-binstall-universal-*
retention-days: 1