clauth 0.8.0

Manage multiple Claude Code accounts, monitor 5h/7d usage with configurable auto-switch and delegation with an MCP plugin. CLI + TUI.
name: release

on:
  push:
    tags: ["v*"]

permissions:
  contents: write  # softprops/action-gh-release creates the release

# Force HTTP/1.1 for registry downloads: curl's HTTP/2 multiplexing against the
# crates.io CDN intermittently dies with "[16] Error in the HTTP2 framing layer"
# on the hosted runners. Extra retries cover the remaining transient blips.
env:
  CARGO_NET_RETRY: "10"
  CARGO_HTTP_MULTIPLEXING: "false"

jobs:
  create-release:
    name: Create release
    runs-on: ubuntu-latest
    steps:
      - uses: softprops/action-gh-release@v3
        with:
          generate_release_notes: false

  build:
    name: Build ${{ matrix.asset_name }}
    needs: create-release
    runs-on: ${{ matrix.os }}
    defaults:
      run:
        shell: bash  # windows-latest ships Git Bash; keeps cp + forward-slash paths uniform across OSes
    strategy:
      fail-fast: false
      matrix:
        include:
          - target: x86_64-unknown-linux-gnu
            os: ubuntu-latest
            asset_name: clauth-linux-x86_64
            ext: ""
          - target: aarch64-apple-darwin
            os: macos-latest
            asset_name: clauth-macos-aarch64
            ext: ""
          - target: x86_64-apple-darwin
            os: macos-latest
            asset_name: clauth-macos-x86_64
            ext: ""
          - target: x86_64-pc-windows-msvc
            os: windows-latest
            asset_name: clauth-windows-x86_64
            ext: .exe
    steps:
      - uses: actions/checkout@v7
      - uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.target }}
      - uses: Swatinem/rust-cache@v2
      - name: Build
        run: cargo build --release --target ${{ matrix.target }}
      - name: Prepare asset
        run: cp "target/${{ matrix.target }}/release/clauth${{ matrix.ext }}" "${{ matrix.asset_name }}${{ matrix.ext }}"
      - name: Upload to release
        uses: softprops/action-gh-release@v3
        with:
          files: ${{ matrix.asset_name }}${{ matrix.ext }}
      - name: Upload artifact for checksum job
        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.asset_name }}${{ matrix.ext }}
          path: ${{ matrix.asset_name }}${{ matrix.ext }}
          if-no-files-found: error

  checksums:
    name: Checksums + signature
    needs: [build]
    # Run even when a build leg fails so the binaries that DID ship always have
    # a matching sums file covering exactly what was published.
    if: always()
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v8
        with:
          path: artifacts
          merge-multiple: true
      - name: Generate sha256sums.txt
        # Glob whatever was actually built so a partial release still produces
        # a sums file matching exactly what shipped.
        run: |
          cd artifacts
          sha256sum clauth-* > ../sha256sums.txt
      - name: Upload sha256sums.txt to release
        uses: softprops/action-gh-release@v3
        with:
          files: sha256sums.txt
      - name: Sign sha256sums.txt with minisign
        env:
          MINISIGN_SECRET_KEY: ${{ secrets.MINISIGN_SECRET_KEY }}
        # Signing the sums file transitively authenticates every asset hash it
        # lists. Gated on the secret so forks / pre-key releases still ship a
        # valid sha256-only release; update.rs verifies this signature when (and
        # only when) MINISIGN_PUBLIC_KEY is pinned. A passwordless key signs
        # non-interactively in the default (prehashed) format.
        run: |
          if [ -z "${MINISIGN_SECRET_KEY:-}" ]; then
            echo "MINISIGN_SECRET_KEY not set — shipping sha256-only (no signature)."
            exit 0
          fi
          sudo apt-get update
          sudo apt-get install -y minisign
          # Remove the key file on ANY exit (incl. a signing failure under `set -e`).
          trap 'rm -f minisign.key' EXIT
          printf '%s\n' "${MINISIGN_SECRET_KEY}" > minisign.key
          minisign -S -s minisign.key -m sha256sums.txt -t "clauth ${GITHUB_REF_NAME} checksums"
          echo "Signed → sha256sums.txt.minisig"
      - name: Upload signature to release
        if: hashFiles('sha256sums.txt.minisig') != ''
        uses: softprops/action-gh-release@v3
        with:
          files: sha256sums.txt.minisig