name: Release
on:
release:
types: [published]
workflow_dispatch:
inputs:
update_homebrew:
description: 'Update Homebrew formula after build'
required: false
default: 'false'
type: choice
options: ['true','false']
release_tag:
description: 'Release tag to upload artifacts to (e.g. v1.2.3)'
required: false
permissions:
contents: write
jobs:
build:
name: Build ${{ matrix.target }}
runs-on: ${{ matrix.os }}
environment: packaging
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-22.04
artifact_name: bssh
asset_name: bssh-linux-x86_64
archive_ext: ".tar.gz"
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
artifact_name: bssh
asset_name: bssh-linux-x86_64-musl
archive_ext: ".tar.gz"
- target: aarch64-unknown-linux-gnu
os: ubuntu-22.04-arm
artifact_name: bssh
asset_name: bssh-linux-aarch64
archive_ext: ".tar.gz"
- target: aarch64-unknown-linux-musl
os: ubuntu-24.04-arm
artifact_name: bssh
asset_name: bssh-linux-aarch64-musl
archive_ext: ".tar.gz"
- target: aarch64-apple-darwin
os: macos-14
artifact_name: bssh
asset_name: bssh-macos-aarch64
archive_ext: ".zip"
env:
BIN_NAME: bssh
BUNDLE_ID: ${{ vars.BUNDLE_ID }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ matrix.target }}-
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install musl tools (Linux musl only)
if: contains(matrix.target, 'musl')
run: |
sudo apt update
sudo apt install -y musl-tools
- name: Build release binary
run: cargo build --release --target ${{ matrix.target }} --locked
- name: Import Distribution certificate
if: runner.os == 'macOS'
uses: apple-actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ secrets.DEV_ID_CERT_P12 }}
p12-password: ${{ secrets.DEV_ID_CERT_PASSWORD }}
- name: Code sign macOS binary
if: runner.os == 'macOS'
run: |
BIN=target/${{ matrix.target }}/release/${{ matrix.artifact_name }}
codesign --force --timestamp --options runtime \
--sign "Distribution" "$BIN"
- name: Package Linux binary (tar.gz)
if: runner.os == 'Linux'
run: |
BIN_DIR=target/${{ matrix.target }}/release
mkdir -p package
cp "$BIN_DIR/${{ matrix.artifact_name }}" package/
cp docs/man/bssh.1 package/
tar -C package -czf ${{ matrix.asset_name }}.tar.gz .
- name: Package macOS binary (zip)
if: runner.os == 'macOS'
run: |
BIN="target/${{ matrix.target }}/release/${{ matrix.artifact_name }}"
ASSET="${{ matrix.asset_name }}.zip"
mkdir -p package
cp "$BIN" package/
cp docs/man/bssh.1 package/
ditto -c -k --sequesterRsrc package "$ASSET"
- name: Generate checksum
run: |
FILE="${{ matrix.asset_name }}${{ matrix.archive_ext }}"
if [[ "$RUNNER_OS" == "Linux" ]]; then
sha256sum "$FILE" > "$FILE.sha256"
else
shasum -a 256 "$FILE" > "$FILE.sha256"
fi
- name: Upload release artifacts
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.event.release.tag_name || github.event.inputs.release_tag }}
files: |
${{ matrix.asset_name }}${{ matrix.archive_ext }}
${{ matrix.asset_name }}${{ matrix.archive_ext }}.sha256