name: release
permissions:
contents: write
on:
push:
tags:
- v[0-9]+.*
workflow_dispatch:
inputs:
version:
description: "Version (without leading v)"
required: true
type: string
env:
CARGO_TERM_COLOR: always
GITHUB_TOKEN: ${{ secrets.FNOX_GH_TOKEN }}
jobs:
build-binaries:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- target: aarch64-apple-darwin
os: macos-latest
build-tool: cargo
- target: x86_64-apple-darwin
os: macos-latest
build-tool: cargo
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
build-tool: cross
- target: aarch64-unknown-linux-gnu
os: ubuntu-latest
build-tool: cross
- target: x86_64-pc-windows-msvc
os: windows-latest
build-tool: cargo
- target: aarch64-pc-windows-msvc
os: windows-latest
build-tool: cargo
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
token: ${{ secrets.FNOX_GH_TOKEN }}
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 with:
shared-key: rust-${{ matrix.target }}
- if: matrix.os == 'macos-latest'
uses: apple-actions/import-codesign-certs@fe74d46e82474f87e1ba79832ad28a4013d0e33a with:
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASS }}
- uses: taiki-e/upload-rust-binary-action@f0d45ae91ee7b8ee928de7a9d04d893a08bcbec6 with:
bin: fnox
target: ${{ matrix.target }}
build-tool: ${{ matrix.build-tool }}
token: ${{ secrets.FNOX_GH_TOKEN }}
codesign: "Developer ID Application: Jeffrey Dickey (4993Y37DX6)"
codesign_prefix: dev.jdx.
dry-run: true - name: Upload binary artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with:
name: binary-${{ matrix.target }}
path: |
fnox-*.tar.gz
fnox-*.tar.xz
fnox-*.zip
retention-days: 1
create-release:
needs: [build-binaries]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
fetch-depth: 0
token: ${{ secrets.FNOX_GH_TOKEN }}
- name: Extract release notes from CHANGELOG.md
run: |
awk '/^## \[/{if(found) exit; found=1} found{print}' CHANGELOG.md > release-notes.md
- name: Download all artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with:
path: artifacts
- name: Prepare release assets
run: |
mkdir -p release-assets
find artifacts/binary-* -type f \( -name "*.tar.gz" -o -name "*.tar.xz" -o -name "*.zip" \) -exec mv {} release-assets/ \;
ls -la release-assets/
- name: Create release with all assets
run: |
if [[ -n "${{ inputs.version }}" ]]; then
TAG_NAME="v${{ inputs.version }}"
else
TAG_NAME="${{ github.ref_name }}"
fi
gh release create "$TAG_NAME" \
--title "$TAG_NAME" \
--notes-file release-notes.md \
release-assets/*
enhance-release:
needs: [create-release]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
fetch-depth: 0
- uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 with:
experimental: true
- run: mise trust --all
- name: Enhance release notes with communique
run: |
if [[ -n "${{ inputs.version }}" ]]; then
TAG_NAME="v${{ inputs.version }}"
else
TAG_NAME="${{ github.ref_name }}"
fi
communique generate "$TAG_NAME" --github-release
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
- name: Append en.dev sponsor blurb
env:
GH_TOKEN: ${{ secrets.FNOX_GH_TOKEN }}
run: |
if [[ -n "${{ inputs.version }}" ]]; then
TAG_NAME="v${{ inputs.version }}"
else
TAG_NAME="${{ github.ref_name }}"
fi
{
gh release view "$TAG_NAME" --json body --jq .body
cat <<'EOF'
## 💚 Sponsor fnox
fnox is maintained by [@jdx](https://github.com/jdx) under [**en.dev**](https://en.dev) — a small independent studio building developer tooling like [mise](https://mise.jdx.dev/), [aube](https://aube.en.dev/), hk, and more. Keeping fnox secure, maintained, and free is funded by sponsors.
If fnox is handling secrets or config for you or your team, please consider [sponsoring at en.dev](https://en.dev). Sponsorships are what let fnox stay independent and the project keep moving.
EOF
} > /tmp/release-notes.md
gh release edit "$TAG_NAME" --notes-file /tmp/release-notes.md