-
-
Notifications
You must be signed in to change notification settings - Fork 4
220 lines (217 loc) · 9.6 KB
/
build_and_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
name: Build, test and release
on: push
jobs:
build:
name: Build and test
strategy:
fail-fast: false
matrix:
job:
- {
target: x86_64-unknown-linux-gnu,
binary_name: linux-amd64,
runs_on: ubuntu-latest,
}
- {
target: aarch64-unknown-linux-gnu,
binary_name: linux-aarch64,
runs_on: self-hosted,
}
- {
target: x86_64-apple-darwin,
binary_name: darwin-amd64,
runs_on: macos-latest,
}
- {
target: aarch64-apple-darwin,
binary_name: darwin-aarch64,
runs_on: macos-latest,
}
- {
target: x86_64-pc-windows-msvc,
binary_name: windows-amd64.exe,
runs_on: windows-latest,
}
runs-on: ${{ matrix.job.runs_on }}
steps:
- name: Install rustup (self-hosted runners only)
run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
if: matrix.job.runs_on == 'self-hosted'
- name: Add $HOME/.cargo/bin to PATH (self-hosted runners only)
run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
if: matrix.job.runs_on == 'self-hosted'
- name: Install libudev-dev
run: sudo apt-get update && sudo apt-get install libudev-dev
if: runner.os == 'Linux'
- uses: actions/checkout@v4
- name: Poke rustup to install the toolchain (self-hosted runners only)
run: rustup show
if: matrix.job.runs_on == 'self-hosted'
- uses: Swatinem/rust-cache@v2
- name: Build in release mode
run: cargo build --release --target=${{ matrix.job.target }}
- name: Sanitise Git ref for use in filenames
id: sanitise_ref
run: echo "::set-output name=value::$(echo "${{ github.ref_name }}" | tr '/' '_')"
- name: Rename Windows binary to use structured filename
run: |
cp target/${{ matrix.job.target }}/release/litra.exe litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}
if: runner.os == 'Windows'
- name: Rename Unix binary to use structured filename
run: |
rm target/${{ matrix.job.target }}/release/litra.d
cp target/${{ matrix.job.target }}/release/litra* litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}
if: runner.os != 'Windows'
- name: Write Apple signing key to a file (macOS only)
env:
APPLE_SIGNING_KEY_P12: ${{ secrets.APPLE_SIGNING_KEY_P12 }}
run: echo "$APPLE_SIGNING_KEY_P12" | base64 -d -o key.p12
if: runner.os == 'macOS'
- name: Write App Store Connect API key to a file (macOS only)
env:
APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
run: echo "$APP_STORE_CONNECT_API_KEY" > app_store_connect_api_key.json
if: runner.os == 'macOS'
- name: Sign macOS binary (macOS only)
uses: indygreg/apple-code-sign-action@v1
with:
input_path: litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}
p12_file: key.p12
p12_password: ${{ secrets.APPLE_SIGNING_KEY_PASSWORD }}
sign: true
sign_args: "--code-signature-flags=runtime"
if: runner.os == 'macOS'
- name: Upload binary as artifact
uses: actions/upload-artifact@v4
with:
path: litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}
name: litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}
- name: Archive macOS binary for notarisation (macOS only)
run: zip litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}.zip litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}
if: runner.os == 'macOS'
- name: Notarise signed macOS binary (macOS only)
uses: indygreg/apple-code-sign-action@v1
with:
input_path: litra_${{ steps.sanitise_ref.outputs.value }}_${{ matrix.job.binary_name }}.zip
sign: false
notarize: true
app_store_connect_api_key_json_file: app_store_connect_api_key.json
if: runner.os == 'macOS'
create_and_sign_macos_universal_binary:
name: Create and sign macOS universal binary (macOS only)
runs-on: macos-latest
needs: build
steps:
- name: Sanitise Git ref for use in filenames
id: sanitise_ref
run: echo "::set-output name=value::$(echo "${{ github.ref_name }}" | tr '/' '_')"
- name: Download macOS amd64 binary
uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64
- name: Download macOS arm64 binary
uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-aarch64
- name: Create universal macOS binary
run: lipo -create -output litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64 litra_${{ steps.sanitise_ref.outputs.value }}_darwin-aarch64
- name: Write Apple signing key to a file (macOS only)
env:
APPLE_SIGNING_KEY_P12: ${{ secrets.APPLE_SIGNING_KEY_P12 }}
run: echo "$APPLE_SIGNING_KEY_P12" | base64 -d -o key.p12
- name: Write App Store Connect API key to a file (macOS only)
env:
APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
run: echo "$APP_STORE_CONNECT_API_KEY" > app_store_connect_api_key.json
- name: Sign macOS binary (macOS only)
uses: indygreg/apple-code-sign-action@v1
with:
input_path: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
p12_file: key.p12
p12_password: ${{ secrets.APPLE_SIGNING_KEY_PASSWORD }}
sign: true
sign_args: "--code-signature-flags=runtime"
- name: Upload binary as artifact
uses: actions/upload-artifact@v4
with:
path: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
- name: Archive macOS binary for notarisation (macOS only)
run: zip litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal.zip litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
- name: Notarise signed macOS binary (macOS only)
uses: indygreg/apple-code-sign-action@v1
with:
input_path: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal.zip
sign: false
notarize: true
app_store_connect_api_key_json_file: app_store_connect_api_key.json
cargo_publish_dry_run:
name: Publish with Cargo in dry-run mode
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
- name: Install libudev-dev
run: sudo apt-get update && sudo apt-get install libudev-dev
- uses: Swatinem/rust-cache@v2
- name: Install cargo-edit
run: cargo install cargo-edit
- name: Set the version to a dummy version to allow publishing
run: cargo set-version 9.9.9
- name: Publish to Crates.io
run: cargo publish --dry-run --allow-dirty
create_github_release:
name: Create release with binary assets
runs-on: ubuntu-latest
needs:
- build
- create_and_sign_macos_universal_binary
if: startsWith(github.event.ref, 'refs/tags/v')
steps:
- name: Sanitise Git ref for use in filenames
id: sanitise_ref
run: echo "::set-output name=value::$(echo "${{ github.ref_name }}" | tr '/' '_')"
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_linux-amd64
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_linux-aarch64
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-aarch64
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
- uses: actions/download-artifact@v4
with:
name: litra_${{ steps.sanitise_ref.outputs.value }}_windows-amd64.exe
- name: Create release
uses: softprops/action-gh-release@v2
with:
files: |
litra_${{ steps.sanitise_ref.outputs.value }}_windows-amd64.exe
litra_${{ steps.sanitise_ref.outputs.value }}_darwin-amd64
litra_${{ steps.sanitise_ref.outputs.value }}_darwin-aarch64
litra_${{ steps.sanitise_ref.outputs.value }}_linux-amd64
litra_${{ steps.sanitise_ref.outputs.value }}_linux-aarch64
litra_${{ steps.sanitise_ref.outputs.value }}_darwin-universal
cargo_publish:
name: Publish with Cargo to Crates.io
runs-on: ubuntu-latest
needs:
- create_github_release
- cargo_publish_dry_run
if: startsWith(github.event.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v4
- name: Install libudev-dev
run: sudo apt-get update && sudo apt-get install libudev-dev
- uses: Swatinem/rust-cache@v2
- name: Build in release mode
run: cargo build --release --target=${{ matrix.job.target }}
- name: Publish to Crates.io
run: cargo publish --token ${{ secrets.CRATES_IO_API_TOKEN }}