cd #697
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cd | |
| # creates a draft release with srcs and binary products attached | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: version *w/out* the v prefix | |
| required: true | |
| concurrency: | |
| group: cd/${{ github.event.inputs.version }} | |
| cancel-in-progress: true | |
| jobs: | |
| qa: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - run: cargo test --all-features | |
| env: | |
| RUSTFLAGS: "-D warnings" | |
| attach-srcs: | |
| runs-on: ubuntu-latest | |
| needs: qa | |
| env: | |
| FILENAME: pkgx-${{ github.event.inputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: ${{ env.FILENAME }} | |
| - name: clean | |
| run: rm -rf ${{ env.FILENAME }}/.github .gitbook.yml | |
| - name: include GPG pubkey | |
| run: echo "${{ secrets.GPG_PUBLIC_KEY }}" | base64 -d > $FILENAME/pkgx.dev.pub.asc | |
| - run: | | |
| tar cJf $FILENAME.tar.xz $FILENAME | |
| tar czf $FILENAME.tar.gz $FILENAME | |
| - name: attach srcs to release | |
| run: gh release upload --clobber | |
| v${{ github.event.inputs.version }} | |
| ../$FILENAME.tar.xz | |
| working-directory: | |
| ${{ env.FILENAME }} | |
| env: | |
| # using this token rather than github.token due to `release not found` bug | |
| # https://github.com/pkgxdev/cli/issues/5252 | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: srcs | |
| path: ${{ env.FILENAME }}.tar.gz | |
| if-no-files-found: error | |
| attach-binary-products: | |
| needs: attach-srcs | |
| permissions: | |
| actions: write | |
| strategy: | |
| matrix: | |
| platform: | |
| - os: ["self-hosted", "macOS", "X64"] | |
| build-id: darwin+x86-64 | |
| pkgs: gh | |
| - os: ubuntu-latest | |
| container: debian:buster-slim | |
| build-id: linux+x86-64 | |
| pkgs: gh | |
| - os: macos-latest | |
| build-id: darwin+aarch64 | |
| - os: [self-hosted, linux, ARM64] | |
| build-id: linux+aarch64 | |
| pkgs: llvm.org perl gnu.org/make xz gh | |
| - os: windows-latest | |
| build-id: windows+x86-64 | |
| fail-fast: false | |
| runs-on: ${{ matrix.platform.os }} | |
| name: ${{ matrix.platform.build-id }} | |
| container: ${{ matrix.platform.container }} | |
| env: | |
| BASENAME: pkgx-${{ github.event.inputs.version }}+${{ matrix.platform.build-id }} | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: srcs | |
| - uses: pkgxdev/setup@v3 | |
| with: | |
| +: ${{ matrix.platform.pkgs }} | |
| - name: Prep | |
| run: | | |
| case ${{ matrix.platform.build-id }} in | |
| linux+aarch64) | |
| echo AR=llvm-ar >> $GITHUB_ENV;; | |
| linux+x86-64) | |
| apt-get update | |
| apt-get install curl gcc perl-modules openssl make xz-utils --yes;; | |
| darwin+aarch64) | |
| # https://github.com/pkgxdev/pkgx/issues/1158 | |
| brew uninstall --ignore-dependencies xz | |
| echo "MACOSX_DEPLOYMENT_TARGET=11.0" >> $GITHUB_ENV;; | |
| esac | |
| if: ${{ runner.os != 'Windows' }} | |
| - name: Prep | |
| if: ${{ runner.os == 'Windows' }} | |
| run: Add-Content -Path $env:GITHUB_ENV -Value "EXT=.exe" | |
| - run: tar xzf pkgx-${{ github.event.inputs.version }}.tar.gz --strip-components=1 | |
| - uses: dtolnay/rust-toolchain@stable | |
| # hack to statically link libgcc | |
| - run: | | |
| echo '#!/bin/bash' > linkerdriver.wrap | |
| echo 'exec "${CC:-cc}" "${@/-lgcc_s/-lgcc_eh}"' >> linkerdriver.wrap | |
| chmod +x ./linkerdriver.wrap | |
| echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=$PWD/linkerdriver.wrap" >> $GITHUB_ENV | |
| if: ${{ runner.os == 'Linux' }} | |
| - run: | | |
| cargo build --release | |
| mv target/release/pkgx${{ env.EXT }} . | |
| - run: strip ./pkgx | |
| if: ${{ runner.os != 'Windows' }} | |
| - uses: pkgxdev/pantry/.github/actions/setup@main | |
| if: startsWith(matrix.platform.build-id, 'darwin+') | |
| with: | |
| p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} | |
| p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} | |
| APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }} | |
| - run: codesign | |
| --sign "$APPLE_IDENTITY" --force | |
| --preserve-metadata=entitlements,requirements,flags,runtime ./pkgx | |
| env: | |
| APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }} | |
| if: startsWith(matrix.platform.build-id, 'darwin+') | |
| - name: sanity check | |
| run: test "$(./pkgx --version)" = "pkgx ${{ github.event.inputs.version }}" | |
| - run: | | |
| tar cJf $BASENAME.tar.xz pkgx | |
| tar czf $BASENAME.tar.gz pkgx | |
| if: ${{ runner.os != 'Windows' }} | |
| - run: Compress-Archive -Path pkgx.exe -DestinationPath ${{env.BASENAME}}.zip | |
| if: ${{ runner.os == 'Windows' }} | |
| - name: GPG sign archives | |
| run: | | |
| ./pkgx gpg-agent --daemon || true | |
| echo $GPG_PRIVATE_KEY | \ | |
| base64 -d | \ | |
| ./pkgx gpg --import --batch --yes | |
| ./pkgx gpg \ | |
| --detach-sign --armor \ | |
| --local-user $GPG_KEY_ID \ | |
| $BASENAME.tar.xz | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| if: ${{ runner.os != 'Windows' }} | |
| - name: attach product to release | |
| run: gh release upload --clobber | |
| v${{ github.event.inputs.version }} | |
| ${{env.BASENAME}}.* | |
| env: | |
| # using this token rather than github.token due to `release not found` bug | |
| # https://github.com/pkgxdev/cli/issues/5252 | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GH_REPO: pkgxdev/pkgx | |
| shell: bash |