Skip to content

Make worflow actually publish releases (set non-draft) #21

Make worflow actually publish releases (set non-draft)

Make worflow actually publish releases (set non-draft) #21

Workflow file for this run

# This is largely adapted from the ripgrep release workflow.
# https://github.com/BurntSushi/ripgrep/blob/master/.github/workflows/release.yml
name: release
on:
workflow_dispatch:
push:
# Enable when testing release infrastructure on a branch.
# branches:
# - fix-releases
tags:
- 'v*'
defaults:
run:
shell: bash
jobs:
# The create-release job runs purely to initialize the GitHub release itself,
# and names the release after the version tag that was pushed. It's separate
# from building the release so that we only create the release once.
create-release:
name: create-release
runs-on: ubuntu-latest
# env:
# # Set to force version number, e.g., when no tag exists.
# VERSION: TEST-0.0.0
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Get the release version from the tag
if: env.VERSION == ''
run: echo "VERSION=$REF_NAME" >> "$GITHUB_ENV"
env:
REF_NAME: ${{ github.ref_name }}
- name: Validate version against Cargo.toml
run: |
manifest_version="$(yq -r .package.version Cargo.toml)"
echo "version to name the release: $VERSION"
echo "version Cargo.toml suggests: v$manifest_version"
case "$VERSION" in
"v$manifest_version" )
echo 'OK: Release name/version agrees with Cargo.toml version.'
;;
TEST-* | *-DO-NOT-USE )
echo 'OK: Release name/version is strange but marked as such.'
;;
"$manifest_version" )
echo 'STOPPING: Release name/version is missing the leading "v".'
exit 1
;;
* )
echo 'STOPPING: Release name/version and Cargo.toml version do not match.'
echo 'STOPPING: Usually this means either a wrong tag name or wrong version in Cargo.toml.'
echo 'STOPPING: If intended, prepend `TEST-` or append `-DO-NOT-USE` to the release name.'
exit 1
;;
esac
- name: Create GitHub release
run: gh release create "$VERSION" --title="$VERSION" --draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
version: ${{ env.VERSION }}
build-release:
name: build-release
needs: [ create-release ]
strategy:
matrix:
target:
- x86_64-unknown-linux-musl
- arm-unknown-linux-gnueabihf
- x86_64-apple-darwin
- aarch64-apple-darwin
- x86_64-pc-windows-msvc
- x86_64-pc-windows-gnu
- i686-pc-windows-msvc
- aarch64-pc-windows-msvc
# When changing these features, make the same change in build-macos-universal2-release.
feature: [ small, lean, max, max-pure ]
include:
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
rust: stable
- target: arm-unknown-linux-gnueabihf
os: ubuntu-latest
rust: nightly
- target: x86_64-apple-darwin
os: macos-latest
rust: stable
- target: aarch64-apple-darwin
os: macos-latest
rust: stable
- target: x86_64-pc-windows-msvc
os: windows-latest
rust: nightly
- target: x86_64-pc-windows-gnu
os: windows-latest
rust: nightly-x86_64-gnu
- target: i686-pc-windows-msvc
os: windows-latest
rust: nightly
- target: aarch64-pc-windows-msvc
os: windows-latest
rust: nightly
# on linux we build with musl which causes trouble with open-ssl. For now, just build max-pure there
# even though we could also build with `--features max-control,http-client-reqwest,gitoxide-core-blocking-client,gix-features/fast-sha1` for fast hashing.
# It's a TODO.
exclude:
- target: x86_64-unknown-linux-musl
feature: small
- target: x86_64-unknown-linux-musl
feature: lean
- target: x86_64-unknown-linux-musl
feature: max
- target: arm-unknown-linux-gnueabihf
feature: small
- target: arm-unknown-linux-gnueabihf
feature: lean
- target: arm-unknown-linux-gnueabihf
feature: max
runs-on: ${{ matrix.os }}
env:
RUST_BACKTRACE: '1' # Emit backtraces on panics.
CARGO_TERM_COLOR: always
CLICOLOR: '1'
CARGO: cargo # On Linux, this will be changed to `cross` in a later step.
FEATURE: ${{ matrix.feature }}
VERSION: ${{ needs.create-release.outputs.version }}
TARGET: ${{ matrix.target }}
TARGET_FLAGS: --target=${{ matrix.target }}
TARGET_DIR: target/${{ matrix.target }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install packages (Ubuntu)
# Because openssl doesn't work on musl by default, we resort to max-pure.
# And that won't need any dependency, so we can skip this or use `continue-on-error`.
# Once we want to support better zlib performance, we might have to re-add it.
if: matrix.os == 'ubuntu-latest-disabled'
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends xz-utils liblz4-tool musl-tools
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
targets: ${{ matrix.target }}
- name: Use Cross
if: matrix.os == 'ubuntu-latest'
run: |
cargo install cross
echo 'CARGO=cross' >> "$GITHUB_ENV"
- name: Show command used for Cargo
run: |
echo "cargo command is: $CARGO"
echo "target flag is: $TARGET_FLAGS"
echo "target dir is: $TARGET_DIR"
- name: Build release binary
run: |
"$CARGO" build --verbose --release "$TARGET_FLAGS" --no-default-features --features "$FEATURE"
- name: Strip release binary (x86-64 Linux, and all macOS)
if: matrix.target == 'x86_64-unknown-linux-musl' || matrix.os == 'macos-latest'
run: strip "$TARGET_DIR"/release/{ein,gix}
- name: Strip release binary (ARM Linux)
if: matrix.target == 'arm-unknown-linux-gnueabihf'
run: |
docker run --rm -v \
"$PWD/target:/target:Z" \
rustembedded/cross:arm-unknown-linux-gnueabihf \
arm-linux-gnueabihf-strip \
/target/arm-unknown-linux-gnueabihf/release/ein \
/target/arm-unknown-linux-gnueabihf/release/gix
- name: Determine archive basename
run: echo "ARCHIVE=gitoxide-$FEATURE-$VERSION-$TARGET" >> "$GITHUB_ENV"
- name: Pre-populate directory for archive
run: |
mkdir -- "$ARCHIVE"
cp {README.md,LICENSE-*,CHANGELOG.md} "$ARCHIVE/"
- name: Build archive (Windows)
if: matrix.os == 'windows-latest'
run: |
file -- "$TARGET_DIR"/release/{ein,gix}.exe
cp -- "$TARGET_DIR"/release/{ein,gix}.exe "$ARCHIVE/"
7z a "$ARCHIVE.zip" "$ARCHIVE"
certutil -hashfile "$ARCHIVE.zip" SHA256 > "$ARCHIVE.zip.sha256"
echo "ASSET=$ARCHIVE.zip" >> "$GITHUB_ENV"
echo "ASSET_SUM=$ARCHIVE.zip.sha256" >> "$GITHUB_ENV"
- name: Build archive (Unix)
if: matrix.os != 'windows-latest'
run: |
file -- "$TARGET_DIR"/release/{ein,gix}
cp -- "$TARGET_DIR"/release/{ein,gix} "$ARCHIVE/"
tar czf "$ARCHIVE.tar.gz" "$ARCHIVE"
shasum --algorithm=256 "$ARCHIVE.tar.gz" > "$ARCHIVE.tar.gz.sha256"
echo "ASSET=$ARCHIVE.tar.gz" >> "$GITHUB_ENV"
echo "ASSET_SUM=$ARCHIVE.tar.gz.sha256" >> "$GITHUB_ENV"
- name: Upload release archive
run: gh release upload "$VERSION" "$ASSET" "$ASSET_SUM"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-macos-universal2-release:
name: build-macos-universal2-release
runs-on: macos-latest
needs: [ create-release, build-release ]
strategy:
matrix:
# These features need to be exactly the same as the features in build-release.
feature: [ small, lean, max, max-pure ]
env:
BASH_ENV: ./helpers.sh
REPOSITORY: ${{ github.repository }}
FEATURE: ${{ matrix.feature }}
VERSION: ${{ needs.create-release.outputs.version }}
steps:
- name: Define helper function
run: |
name() { echo "gitoxide-$FEATURE-$VERSION-$1-apple-darwin"; }
declare -f name >> "$BASH_ENV"
- name: Obtain single-architecture releases
run: |
gh release --repo="$REPOSITORY" download "$VERSION" \
--pattern="$(name aarch64).tar.gz" --pattern="$(name aarch64).tar.gz.sha256" \
--pattern="$(name x86_64).tar.gz" --pattern="$(name x86_64).tar.gz.sha256"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Unpack single-architecture releases
run: |
shasum --check "$(name aarch64).tar.gz.sha256" "$(name x86_64).tar.gz.sha256"
tar xf "$(name aarch64).tar.gz"
tar xf "$(name x86_64).tar.gz"
- name: Determine archive basename
run: echo "ARCHIVE=$(name universal)" >> "$GITHUB_ENV"
- name: Pre-populate directory for archive
run: |
cp -R -- "$(name aarch64)" "$ARCHIVE"
rm -- "$ARCHIVE"/{ein,gix}
- name: Create Universal 2 binaries
run: |
for bin in ein gix; do
lipo -create "$(name aarch64)/$bin" "$(name x86_64)/$bin" -output "$ARCHIVE/$bin"
file -- "$ARCHIVE/$bin"
done
- name: Build archive
run: |
tar czf "$ARCHIVE.tar.gz" "$ARCHIVE"
shasum --algorithm=256 "$ARCHIVE.tar.gz" > "$ARCHIVE.tar.gz.sha256"
echo "ASSET=$ARCHIVE.tar.gz" >> "$GITHUB_ENV"
echo "ASSET_SUM=$ARCHIVE.tar.gz.sha256" >> "$GITHUB_ENV"
- name: Upload release archive
run: gh release --repo="$REPOSITORY" upload "$VERSION" "$ASSET" "$ASSET_SUM"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# This checks the draft release on GitHub and publishes it. It does not upload to crates.io.
publish-release:
name: publish-release
runs-on: ubuntu-latest
needs: [ create-release, build-release, build-macos-universal2-release ]
env:
REPOSITORY: ${{ github.repository }}
VERSION: ${{ needs.create-release.outputs.version }}
steps:
- name: Discover assets
run: |
gh release --repo="$REPOSITORY" view "$VERSION" --json assets --jq '.assets.[].name' > assets.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Show all asset names
run: cat assets.txt
# The `features` array is repeated because GHA doen't support YAML anchors.
# We will check that the macOS `universal` features match the others exactly.
# In the future this and the next step may be removed, or expanded to do more validation.
- name: Extract macOS asset names by architecture
run: |
for arch in aarch64 x86_64 universal; do
grep -Fw "$arch-apple-darwin" assets.txt | sort | tee -- "$arch.txt"
done
- name: Check macOS archive features
run: |
mask() { sed -r 's/\w+-apple-darwin/<arch>-apple-darwin/' -- "$1.txt"; }
diff -- <(mask aarch64) <(mask universal)
diff -- <(mask x86_64) <(mask universal)
- name: Publish the release
run: gh release --repo="$REPOSITORY" edit "$VERSION" --draft=false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}