-
Notifications
You must be signed in to change notification settings - Fork 28
121 lines (104 loc) · 3.81 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Release
on:
push:
tags: ["v*.*.*"]
env:
# Cross-compilation for aarch64 requires a different linker
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
permissions:
contents: read
jobs:
Release-Build:
runs-on: ${{ matrix.os }}
permissions:
contents: read
attestations: write
id-token: write
strategy:
matrix:
target:
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu
- x86_64-pc-windows-msvc
- x86_64-apple-darwin
- aarch64-apple-darwin
rustup_toolchain: [stable]
include:
- os: windows-2022
target: x86_64-pc-windows-msvc
- os: ubuntu-20.04
target: x86_64-unknown-linux-gnu
- os: ubuntu-20.04
target: aarch64-unknown-linux-gnu
- os: macos-13
target: x86_64-apple-darwin
- os: macos-14
target: aarch64-apple-darwin
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ matrix.rustup_toolchain }}
- name: Install Rust crosscompile tools
if: ${{ contains(matrix.target, 'aarch64-unknown-linux-gnu') }}
run: |
sudo apt-get update -y
sudo apt-get install -y make g++ libssl-dev gcc-aarch64-linux-gnu
rustup target add aarch64-unknown-linux-gnu
- name: Cargo build
run: cargo build --features=cli --release --target ${{ matrix.target }}
- name: Archive (UNIX)
run: |
mkdir -p artifacts
cp -av target/${{ matrix.target }}/release/kickstart .
tar -czf ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz kickstart
if: ${{ ! startsWith(matrix.os, 'windows') }}
- name: Archive (Windows)
run: |
mkdir -p artifacts
cp target/${{ matrix.target }}/release/kickstart.exe .
Compress-Archive kickstart.exe ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.zip
if: ${{ startsWith(matrix.os, 'windows') }}
- name: Attest Build Provenance
uses: actions/attest-build-provenance@v1
continue-on-error: true
with:
subject-path: ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.*
- uses: actions/upload-artifact@v4
with:
name: ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}
path: ${{ github.event.repository.name }}-${{ github.ref_name }}-${{ matrix.target }}.*
if-no-files-found: error
retention-days: 7
Release:
needs: [Release-Build]
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
- name: Ensure artifacts dir exists
run: mkdir -p artifacts
- name: Download Artifact
uses: actions/download-artifact@v4
with:
path: artifacts
merge-multiple: true
- name: Release
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191
with:
name: ${{ github.ref_name }}
tag_name: ${{ github.ref_name }}
generate_release_notes: true
fail_on_unmatched_files: true
body: |
Welcome to this new release of kickstart ${{ github.ref_name }}!
All artifacts are signed with this repos identity using Sigstore.
You can verify the signatures using the `GitHub` CLI.
```shell
gh attestation verify --owner ${{ github.repository_owner }} <my-artifact>
```
token: ${{ secrets.GITHUB_TOKEN }}
prerelease: ${{ contains(github.ref, '-pre') }}
files: artifacts/*