cargo-machete 0.9.2

name: Rust

on:
  push:
    branches:
      - main
    tags:
      - "*"
  pull_request:
    branches: [ main ]

jobs:
  ci:
    env:
      RUST_BACKTRACE: 1
    runs-on: ubuntu-latest
    strategy:
      matrix:
        rust:
          - stable
          - nightly

    steps:
      - uses: actions/checkout@v6

      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
          components: clippy, rustfmt

      - uses: Swatinem/rust-cache@v2

      - run: cargo fmt --all --check

      - run: cargo clippy --all --all-features -- -D warnings

      - run: cargo test --workspace --verbose

  # Code from here: https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
  # TODO: Add a step to publish the image to the Docker Hub
  # TODO: Build multiple images for different architectures, see this: https://docs.docker.com/build/ci/github-actions/multi-platform/
  # But follow this documentation would slow down the CI/CD pipeline, so it's better to use a matrix strategy
  image:
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true
    name: Build and push Docker image
    if: |
      github.event_name == 'push' && (
        github.event.ref == 'refs/heads/main' ||
        startsWith(github.event.ref, 'refs/tags/')
      )
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
      attestations: write
    steps:
      - name: Check out the repo
        uses: actions/checkout@v6
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4
      - name: Log in to the Container registry
        uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Get version label
        id: version
        run: |
          # Try to get exact tag (if this commit is tagged)
          TAG=$(git describe --tags --exact-match 2>/dev/null || echo "")
          
          if [ -n "$TAG" ]; then
            VERSION="$TAG"
          else
            # Not tagged — use git describe with abbrev for main branch, i.e. v0.9.1-28-gb062
            VERSION=$(git describe --tags --abbrev=4 2>/dev/null || echo "latest")
          fi
          
          echo "version=$VERSION" >> $GITHUB_OUTPUT
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v6
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=ref,event=tag
            type=raw,value=latest,enable={{is_default_branch}}
          labels: |
            org.opencontainers.image.authors=Benjamin Bouvier <benjamin@bouvier.cc>
            org.opencontainers.image.version=${{ steps.version.outputs.version }}
      - name: Build and push Docker image
        uses: docker/build-push-action@v7
        with:
          context: .
          file: ./Dockerfile
          push: true
          platforms: linux/amd64,linux/arm64
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}


  # Code mutably borrowed from https://github.com/EmbarkStudios/cargo-deny/, thanks Embark!
  release:
    name: Release
    if: startsWith(github.ref, 'refs/tags/')
    strategy:
      matrix:
        include:
          - os: ubuntu-24.04
            rust: stable
            target: x86_64-unknown-linux-musl
            bin: cargo-machete
          - os: ubuntu-24.04-arm
            rust: stable
            target: aarch64-unknown-linux-gnu
            bin: cargo-machete
          - os: windows-2022
            rust: stable
            target: x86_64-pc-windows-msvc
            bin: cargo-machete.exe
          - os: macos-14
            rust: stable
            target: x86_64-apple-darwin
            bin: cargo-machete
          - os: macos-14
            rust: stable
            target: aarch64-apple-darwin
            bin: cargo-machete
    runs-on: ${{ matrix.os }}
    steps:
      - name: Install stable toolchain
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
          target: ${{ matrix.target }}
      - name: Install musl tools
        if: matrix.os == 'ubuntu-24.04'
        run: |
          sudo apt-get install -y musl-tools
      - name: Checkout
        uses: actions/checkout@v6
      - name: cargo fetch
        run: cargo fetch --target ${{ matrix.target }}
      - name: Release build
        run: cargo build --release --target ${{ matrix.target }}
      - name: Package
        shell: bash
        run: |
          name=cargo-machete
          tag=$(git describe --tags --abbrev=0)
          release_name="$name-$tag-${{ matrix.target }}"
          release_tar="${release_name}.tar.gz"
          mkdir "$release_name"
          if [ "${{ matrix.target }}" != "x86_64-pc-windows-msvc" ]; then
              strip "target/${{ matrix.target }}/release/${{ matrix.bin }}"
          fi
          cp "target/${{ matrix.target }}/release/${{ matrix.bin }}" "$release_name/"
          cp README.md LICENSE.md "$release_name/"
          tar czvf "$release_tar" "$release_name"
          rm -r "$release_name"
          # Windows environments in github actions don't have the gnu coreutils installed,
          # which includes the shasum exe, so we just use powershell instead
          if [ "${{ matrix.target }}" == "x86_64-pc-windows-msvc" ]; then
            echo "(Get-FileHash \"${release_tar}\" -Algorithm SHA256).Hash | Out-File -Encoding ASCII -NoNewline \"${release_tar}.sha256\"" | pwsh -c -
          else
            echo -n "$(shasum -ba 256 "${release_tar}" | cut -d " " -f 1)" > "${release_tar}.sha256"
          fi
      - name: Publish
        uses: softprops/action-gh-release@v3
        with:
          draft: true
          files: "cargo-machete*"
        env:
          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}