akv-cli 0.9.1 - Docs.rs

name: release

on:
  push:
    tags:
    - "v*"

permissions:
  attestations: write
  contents: write
  id-token: write

defaults:
  run:
    shell: bash

env:
  CARGO_INCREMENTAL: 0
  RUSTFLAGS: -Dwarnings

jobs:
  test:
    uses: ./.github/workflows/ci.yml
    with:
      release: true

  draft:
    runs-on: ubuntu-latest
    needs: test
    steps:
    # Check out with full history to generate release notes.
    - name: Checkout
      uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Set up toolchain
      run: rustup install
    - name: Draft release
      run: gh release create '${{ github.ref_name }}' --draft --generate-notes
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  package:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os:
        - macos-14 # arm64
        - ubuntu-22.04
        - ubuntu-22.04-arm
        - windows-2022
        - windows-11-arm
        include:
        - os: windows-2022
          extension: '.exe'
        - os: windows-11-arm
          extension: '.exe'
    needs: draft
    steps:
    - name: Checkout
      uses: actions/checkout@v6
    - name: Cache
      uses: actions/cache@v5
      with:
        path: |
          ~/.cargo/bin/
          ~/.cargo/registry/index/
          ~/.cargo/registry/cache/
          ~/.cargo/git/db/
          target/
        key: ${{ runner.os }}-${{ runner.arch }}-cargo-${{ hashFiles('**/Cargo.lock') }}
    - name: Set up toolchain
      run: rustup install
    - name: Install openssl (Windows)
      if: runner.os == 'Windows'
      run: |
        echo "OPENSSL_DIR=C:\Program Files\OpenSSL" >> $GITHUB_ENV
        echo "OPENSSL_LIB_DIR=C:\Program Files\OpenSSL\lib\VC\${{ runner.arch }}\MT" >> $GITHUB_ENV
    - name: Build
      id: build
      run: |
        cargo build --release --all-features --workspace
        echo "dir=target/release/" | tee -a "$GITHUB_OUTPUT"
        echo "name=akv${{ matrix.extension }}" | tee -a "$GITHUB_OUTPUT"
        echo "target=target/release/akv${{ matrix.extension }}" | tee -a "$GITHUB_OUTPUT"
    - name: Attest executable
      uses: actions/attest-build-provenance@v2
      with:
        subject-path: ${{ steps.build.outputs.target }}
    - name: Package
      id: package
      shell: pwsh
      run: |
        $name = 'akv-${{ runner.os }}-${{ runner.arch }}'.ToLowerInvariant() -replace 'x64', 'amd64'
        if ('${{ runner.os }}' -eq 'Windows') {
          $name = "$name.zip"
          $target = "target/release/$name"
          Compress-Archive -Path ${{ steps.build.outputs.target }} -DestinationPath $target
        } else {
          $name = "$name.tar.gz"
          $target = "target/release/$name"
          tar czf "$target" -C ${{ steps.build.outputs.dir }} ${{ steps.build.outputs.name }}
        }
        "name=$name" >> $env:GITHUB_OUTPUT
        "target=$target" >> $env:GITHUB_OUTPUT
    - name: Upload
      uses: actions/upload-artifact@v4
      with:
        name: ${{ steps.package.outputs.name }}
        path: ${{ steps.package.outputs.target }}
    - name: Publish
      run: gh release upload '${{ github.ref_name }}' '${{ steps.package.outputs.target }}'
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  attest:
    runs-on: ubuntu-latest
    needs: package
    steps:
    - name: Download
      uses: actions/download-artifact@v4
    - name: Attest
      uses: actions/attest-build-provenance@v2
      with:
        subject-path: ${{ github.workspace }}/*

  # Publish separately to crates.io to allow retries e.g., expired token.
  publish:
    runs-on: ubuntu-latest
    needs: package
    steps:
    - name: Checkout
      uses: actions/checkout@v6
    - name: Set up toolchain
      run: rustup install
    - name: Authenticate with crates.io
      id: auth
      uses: rust-lang/crates-io-auth-action@v1
    - name: Publish
      run: cargo publish
      env:
        CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}

  release:
    runs-on: ubuntu-latest
    needs: attest
    steps:
    - name: Checkout
      uses: actions/checkout@v6
    - name: Release
      run: gh release edit '${{ github.ref_name }}' --draft=false
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  brew:
    needs: release
    uses: ./.github/workflows/brew.yml
    with:
      tag: ${{ github.ref_name }}
    secrets:
      HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}