Fix release build again (#1400)

* Fix build again * Recommend (r)age over minisign password * Dry-run the entire release process * Reorg a bit so dry-run works * Fix secret name * Add check on age key * Pass secrets down * Use a cross-platform "date" * Delete signing key artifact to be extra safe * Last little bits
2025-04-24 14:28:42 +00:00 · 2023-09-27 00:17:17 +13:00 · 2023-09-27 00:17:17 +13:00 · 5d4333d5c8
commit 5d4333d5c8
parent 3f29e13e42
8 changed files with 189 additions and 140 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -22,7 +22,7 @@ jobs:
        event-data: ${{ toJSON(github.event) }}
        extract-notes-under: '### Release notes'

-  libtag:
+  release-lib:
    if: needs.info.outputs.is-release == 'true' && needs.info.outputs.crate != 'cargo-binstall'
    needs: info
    runs-on: ubuntu-latest
@ -41,47 +41,11 @@ jobs:
      env:
        CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

-  clitag:
-    if: needs.info.outputs.is-release == 'true' && needs.info.outputs.crate == 'cargo-binstall'
+  release-cli:
+    if: needs.info.outputs.crate == 'cargo-binstall'
    needs: info
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Push cli release tag
-      uses: mathieudutour/github-tag-action@v6.1
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        custom_tag: ${{ needs.info.outputs.version }}
-        tag_prefix: v
-    - uses: cargo-bins/cargo-binstall@main
-    - name: Create ephemeral keypair
-      id: keypair
-      run: .github/scripts/ephemeral-gen.sh
-    - name: Publish to crates.io
-      env:
-        crate: ${{ needs.info.outputs.crate }}
-        CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
-      run: cargo publish -p "$crate" --allow-dirty
-    - name: Upload public key to release
-      uses: svenstaro/upload-release-action@v2
-      with:
-        repo_token: ${{ secrets.GITHUB_TOKEN }}
-        release_name: v${{ needs.info.outputs.version }}
-        tag: v${{ needs.info.outputs.version }}
-        body: ${{ needs.info.outputs.notes }}
-        file: minisign.pub
-    outputs:
-      publickey: ${{ steps.keypair.outputs.public }}
-      signingkey: ${{ steps.keypair.outputs.private }}
-
-  package:
-    if: needs.info.outputs.is-release == 'true' && needs.info.outputs.crate == 'cargo-binstall'
-    needs:
-    - info
-    - clitag
-    uses: ./.github/workflows/release-build.yml
+    uses: ./.github/workflows/release-cli.yml
+    secrets: inherit
    with:
-      publish: ${{ toJSON(needs.info.outputs) }}
-      publickey: ${{ needs.clitag.publickey }}
-    secrets:
-      signingkey: ${{ needs.clitag.signingkey }}
+      info: ${{ toJSON(needs.info.outputs) }}
+