Make worflow actually publish releases (set non-draft) #21
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is largely adapted from the ripgrep release workflow. | |
# https://github.com/BurntSushi/ripgrep/blob/master/.github/workflows/release.yml | |
name: release | |
on: | |
workflow_dispatch: | |
push: | |
# Enable when testing release infrastructure on a branch. | |
# branches: | |
# - fix-releases | |
tags: | |
- 'v*' | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
# The create-release job runs purely to initialize the GitHub release itself, | |
# and names the release after the version tag that was pushed. It's separate | |
# from building the release so that we only create the release once. | |
create-release: | |
name: create-release | |
runs-on: ubuntu-latest | |
# env: | |
# # Set to force version number, e.g., when no tag exists. | |
# VERSION: TEST-0.0.0 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Get the release version from the tag | |
if: env.VERSION == '' | |
run: echo "VERSION=$REF_NAME" >> "$GITHUB_ENV" | |
env: | |
REF_NAME: ${{ github.ref_name }} | |
- name: Validate version against Cargo.toml | |
run: | | |
manifest_version="$(yq -r .package.version Cargo.toml)" | |
echo "version to name the release: $VERSION" | |
echo "version Cargo.toml suggests: v$manifest_version" | |
case "$VERSION" in | |
"v$manifest_version" ) | |
echo 'OK: Release name/version agrees with Cargo.toml version.' | |
;; | |
TEST-* | *-DO-NOT-USE ) | |
echo 'OK: Release name/version is strange but marked as such.' | |
;; | |
"$manifest_version" ) | |
echo 'STOPPING: Release name/version is missing the leading "v".' | |
exit 1 | |
;; | |
* ) | |
echo 'STOPPING: Release name/version and Cargo.toml version do not match.' | |
echo 'STOPPING: Usually this means either a wrong tag name or wrong version in Cargo.toml.' | |
echo 'STOPPING: If intended, prepend `TEST-` or append `-DO-NOT-USE` to the release name.' | |
exit 1 | |
;; | |
esac | |
- name: Create GitHub release | |
run: gh release create "$VERSION" --title="$VERSION" --draft | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
outputs: | |
version: ${{ env.VERSION }} | |
build-release: | |
name: build-release | |
needs: [ create-release ] | |
strategy: | |
matrix: | |
target: | |
- x86_64-unknown-linux-musl | |
- arm-unknown-linux-gnueabihf | |
- x86_64-apple-darwin | |
- aarch64-apple-darwin | |
- x86_64-pc-windows-msvc | |
- x86_64-pc-windows-gnu | |
- i686-pc-windows-msvc | |
- aarch64-pc-windows-msvc | |
# When changing these features, make the same change in build-macos-universal2-release. | |
feature: [ small, lean, max, max-pure ] | |
include: | |
- target: x86_64-unknown-linux-musl | |
os: ubuntu-latest | |
rust: stable | |
- target: arm-unknown-linux-gnueabihf | |
os: ubuntu-latest | |
rust: nightly | |
- target: x86_64-apple-darwin | |
os: macos-latest | |
rust: stable | |
- target: aarch64-apple-darwin | |
os: macos-latest | |
rust: stable | |
- target: x86_64-pc-windows-msvc | |
os: windows-latest | |
rust: nightly | |
- target: x86_64-pc-windows-gnu | |
os: windows-latest | |
rust: nightly-x86_64-gnu | |
- target: i686-pc-windows-msvc | |
os: windows-latest | |
rust: nightly | |
- target: aarch64-pc-windows-msvc | |
os: windows-latest | |
rust: nightly | |
# on linux we build with musl which causes trouble with open-ssl. For now, just build max-pure there | |
# even though we could also build with `--features max-control,http-client-reqwest,gitoxide-core-blocking-client,gix-features/fast-sha1` for fast hashing. | |
# It's a TODO. | |
exclude: | |
- target: x86_64-unknown-linux-musl | |
feature: small | |
- target: x86_64-unknown-linux-musl | |
feature: lean | |
- target: x86_64-unknown-linux-musl | |
feature: max | |
- target: arm-unknown-linux-gnueabihf | |
feature: small | |
- target: arm-unknown-linux-gnueabihf | |
feature: lean | |
- target: arm-unknown-linux-gnueabihf | |
feature: max | |
runs-on: ${{ matrix.os }} | |
env: | |
RUST_BACKTRACE: '1' # Emit backtraces on panics. | |
CARGO_TERM_COLOR: always | |
CLICOLOR: '1' | |
CARGO: cargo # On Linux, this will be changed to `cross` in a later step. | |
FEATURE: ${{ matrix.feature }} | |
VERSION: ${{ needs.create-release.outputs.version }} | |
TARGET: ${{ matrix.target }} | |
TARGET_FLAGS: --target=${{ matrix.target }} | |
TARGET_DIR: target/${{ matrix.target }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Install packages (Ubuntu) | |
# Because openssl doesn't work on musl by default, we resort to max-pure. | |
# And that won't need any dependency, so we can skip this or use `continue-on-error`. | |
# Once we want to support better zlib performance, we might have to re-add it. | |
if: matrix.os == 'ubuntu-latest-disabled' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y --no-install-recommends xz-utils liblz4-tool musl-tools | |
- name: Install Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.rust }} | |
targets: ${{ matrix.target }} | |
- name: Use Cross | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
cargo install cross | |
echo 'CARGO=cross' >> "$GITHUB_ENV" | |
- name: Show command used for Cargo | |
run: | | |
echo "cargo command is: $CARGO" | |
echo "target flag is: $TARGET_FLAGS" | |
echo "target dir is: $TARGET_DIR" | |
- name: Build release binary | |
run: | | |
"$CARGO" build --verbose --release "$TARGET_FLAGS" --no-default-features --features "$FEATURE" | |
- name: Strip release binary (x86-64 Linux, and all macOS) | |
if: matrix.target == 'x86_64-unknown-linux-musl' || matrix.os == 'macos-latest' | |
run: strip "$TARGET_DIR"/release/{ein,gix} | |
- name: Strip release binary (ARM Linux) | |
if: matrix.target == 'arm-unknown-linux-gnueabihf' | |
run: | | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
rustembedded/cross:arm-unknown-linux-gnueabihf \ | |
arm-linux-gnueabihf-strip \ | |
/target/arm-unknown-linux-gnueabihf/release/ein \ | |
/target/arm-unknown-linux-gnueabihf/release/gix | |
- name: Determine archive basename | |
run: echo "ARCHIVE=gitoxide-$FEATURE-$VERSION-$TARGET" >> "$GITHUB_ENV" | |
- name: Pre-populate directory for archive | |
run: | | |
mkdir -- "$ARCHIVE" | |
cp {README.md,LICENSE-*,CHANGELOG.md} "$ARCHIVE/" | |
- name: Build archive (Windows) | |
if: matrix.os == 'windows-latest' | |
run: | | |
file -- "$TARGET_DIR"/release/{ein,gix}.exe | |
cp -- "$TARGET_DIR"/release/{ein,gix}.exe "$ARCHIVE/" | |
7z a "$ARCHIVE.zip" "$ARCHIVE" | |
certutil -hashfile "$ARCHIVE.zip" SHA256 > "$ARCHIVE.zip.sha256" | |
echo "ASSET=$ARCHIVE.zip" >> "$GITHUB_ENV" | |
echo "ASSET_SUM=$ARCHIVE.zip.sha256" >> "$GITHUB_ENV" | |
- name: Build archive (Unix) | |
if: matrix.os != 'windows-latest' | |
run: | | |
file -- "$TARGET_DIR"/release/{ein,gix} | |
cp -- "$TARGET_DIR"/release/{ein,gix} "$ARCHIVE/" | |
tar czf "$ARCHIVE.tar.gz" "$ARCHIVE" | |
shasum --algorithm=256 "$ARCHIVE.tar.gz" > "$ARCHIVE.tar.gz.sha256" | |
echo "ASSET=$ARCHIVE.tar.gz" >> "$GITHUB_ENV" | |
echo "ASSET_SUM=$ARCHIVE.tar.gz.sha256" >> "$GITHUB_ENV" | |
- name: Upload release archive | |
run: gh release upload "$VERSION" "$ASSET" "$ASSET_SUM" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build-macos-universal2-release: | |
name: build-macos-universal2-release | |
runs-on: macos-latest | |
needs: [ create-release, build-release ] | |
strategy: | |
matrix: | |
# These features need to be exactly the same as the features in build-release. | |
feature: [ small, lean, max, max-pure ] | |
env: | |
BASH_ENV: ./helpers.sh | |
REPOSITORY: ${{ github.repository }} | |
FEATURE: ${{ matrix.feature }} | |
VERSION: ${{ needs.create-release.outputs.version }} | |
steps: | |
- name: Define helper function | |
run: | | |
name() { echo "gitoxide-$FEATURE-$VERSION-$1-apple-darwin"; } | |
declare -f name >> "$BASH_ENV" | |
- name: Obtain single-architecture releases | |
run: | | |
gh release --repo="$REPOSITORY" download "$VERSION" \ | |
--pattern="$(name aarch64).tar.gz" --pattern="$(name aarch64).tar.gz.sha256" \ | |
--pattern="$(name x86_64).tar.gz" --pattern="$(name x86_64).tar.gz.sha256" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Unpack single-architecture releases | |
run: | | |
shasum --check "$(name aarch64).tar.gz.sha256" "$(name x86_64).tar.gz.sha256" | |
tar xf "$(name aarch64).tar.gz" | |
tar xf "$(name x86_64).tar.gz" | |
- name: Determine archive basename | |
run: echo "ARCHIVE=$(name universal)" >> "$GITHUB_ENV" | |
- name: Pre-populate directory for archive | |
run: | | |
cp -R -- "$(name aarch64)" "$ARCHIVE" | |
rm -- "$ARCHIVE"/{ein,gix} | |
- name: Create Universal 2 binaries | |
run: | | |
for bin in ein gix; do | |
lipo -create "$(name aarch64)/$bin" "$(name x86_64)/$bin" -output "$ARCHIVE/$bin" | |
file -- "$ARCHIVE/$bin" | |
done | |
- name: Build archive | |
run: | | |
tar czf "$ARCHIVE.tar.gz" "$ARCHIVE" | |
shasum --algorithm=256 "$ARCHIVE.tar.gz" > "$ARCHIVE.tar.gz.sha256" | |
echo "ASSET=$ARCHIVE.tar.gz" >> "$GITHUB_ENV" | |
echo "ASSET_SUM=$ARCHIVE.tar.gz.sha256" >> "$GITHUB_ENV" | |
- name: Upload release archive | |
run: gh release --repo="$REPOSITORY" upload "$VERSION" "$ASSET" "$ASSET_SUM" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# This checks the draft release on GitHub and publishes it. It does not upload to crates.io. | |
publish-release: | |
name: publish-release | |
runs-on: ubuntu-latest | |
needs: [ create-release, build-release, build-macos-universal2-release ] | |
env: | |
REPOSITORY: ${{ github.repository }} | |
VERSION: ${{ needs.create-release.outputs.version }} | |
steps: | |
- name: Discover assets | |
run: | | |
gh release --repo="$REPOSITORY" view "$VERSION" --json assets --jq '.assets.[].name' > assets.txt | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Show all asset names | |
run: cat assets.txt | |
# The `features` array is repeated because GHA doen't support YAML anchors. | |
# We will check that the macOS `universal` features match the others exactly. | |
# In the future this and the next step may be removed, or expanded to do more validation. | |
- name: Extract macOS asset names by architecture | |
run: | | |
for arch in aarch64 x86_64 universal; do | |
grep -Fw "$arch-apple-darwin" assets.txt | sort | tee -- "$arch.txt" | |
done | |
- name: Check macOS archive features | |
run: | | |
mask() { sed -r 's/\w+-apple-darwin/<arch>-apple-darwin/' -- "$1.txt"; } | |
diff -- <(mask aarch64) <(mask universal) | |
diff -- <(mask x86_64) <(mask universal) | |
- name: Publish the release | |
run: gh release --repo="$REPOSITORY" edit "$VERSION" --draft=false | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |