jobs:
build:
runs-on: ${{ matrix.target.runner }}
steps:
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target.rust_target }}
- if: matrix.target.rust_target == 'aarch64-unknown-linux-gnu'
name: Install cross-compilation tools
run: |-
sudo apt-get update
sudo apt-get install -y gcc-aarch64-linux-gnu
- env:
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
name: Build binary
run: cargo build --release --target ${{ matrix.target.rust_target }}
- if: runner.os != 'Windows'
name: Create tarball (unix)
run: |-
cd target/${{ matrix.target.rust_target }}/release
tar czf gaji-${{ matrix.target.platform }}.tar.gz ${{ matrix.target.binary }}
- if: runner.os == 'Windows'
name: Create zip (windows)
run: Compress-Archive -Path target/${{ matrix.target.rust_target }}/release/${{ matrix.target.binary }} -DestinationPath target/${{ matrix.target.rust_target }}/release/gaji-${{ matrix.target.platform }}.zip
shell: pwsh
- uses: actions/upload-artifact@v4
with:
name: binary-${{ matrix.target.platform }}
path: target/${{ matrix.target.rust_target }}/release/gaji-${{ matrix.target.platform }}.*
- if: runner.os != 'Windows'
name: Prepare npm platform package (unix)
run: |-
mkdir -p npm/platform-${{ matrix.target.platform }}/bin
cp target/${{ matrix.target.rust_target }}/release/${{ matrix.target.binary }} npm/platform-${{ matrix.target.platform }}/bin/
- if: runner.os == 'Windows'
name: Prepare npm platform package (windows)
run: |-
New-Item -ItemType Directory -Force -Path npm/platform-${{ matrix.target.platform }}/bin
Copy-Item target/${{ matrix.target.rust_target }}/release/${{ matrix.target.binary }} npm/platform-${{ matrix.target.platform }}/bin/
shell: pwsh
- uses: actions/upload-artifact@v4
with:
name: npm-${{ matrix.target.platform }}
path: npm/platform-${{ matrix.target.platform }}/
strategy:
fail-fast: false
matrix:
target:
- binary: gaji
platform: linux-x64
runner: ubuntu-latest
rust_target: x86_64-unknown-linux-gnu
- binary: gaji
platform: linux-arm64
runner: ubuntu-latest
rust_target: aarch64-unknown-linux-gnu
- binary: gaji
platform: darwin-x64
runner: macos-latest
rust_target: x86_64-apple-darwin
- binary: gaji
platform: darwin-arm64
runner: macos-latest
rust_target: aarch64-apple-darwin
- binary: gaji.exe
platform: win32-x64
runner: windows-latest
rust_target: x86_64-pc-windows-msvc
publish-crates:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
- name: Get OIDC token and publish
run: |-
set -euo pipefail
# Step 1: Get OIDC token from GitHub
echo "::group::Requesting OIDC token"
OIDC_RESPONSE=$(curl -sLS "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=crates.io" -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}")
OIDC_TOKEN=$(echo "$OIDC_RESPONSE" | jq -r ".value")
if [ -z "$OIDC_TOKEN" ] || [ "$OIDC_TOKEN" = "null" ]; then
echo "::error::Failed to get OIDC token from GitHub"
echo "Response: $OIDC_RESPONSE"
exit 1
fi
echo "OIDC token obtained successfully"
echo "::endgroup::"
# Step 2: Exchange OIDC token for crates.io publish token
echo "::group::Exchanging for crates.io token"
CRATES_RESPONSE=$(curl -sLS https://crates.io/api/v1/trusted_publishing/tokens \
-X POST \
-H 'Content-Type: application/json' \
-H 'User-Agent: gaji CI (https://github.com/dodok8/gaji)' \
-d "{\"jwt\": \"$OIDC_TOKEN\"}")
CRATES_TOKEN=$(echo "$CRATES_RESPONSE" | jq -r ".token")
if [ -z "$CRATES_TOKEN" ] || [ "$CRATES_TOKEN" = "null" ]; then
echo "::error::Failed to exchange OIDC token for crates.io token"
echo "Response: $CRATES_RESPONSE"
exit 1
fi
echo "crates.io token obtained successfully"
echo "::endgroup::"
# Step 3: Publish
CARGO_REGISTRY_TOKEN="$CRATES_TOKEN" cargo publish --allow-dirty
publish-npm:
needs:
- build
permissions:
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v4
with:
node-version: '22'
- name: Upgrade npm
run: npm install -g npm@latest
- uses: actions/download-artifact@v4
with:
path: npm-artifacts
pattern: npm-*
- name: Prepare platform packages
run: |-
for dir in npm-artifacts/npm-*/; do
PLATFORM=$(basename "$dir" | sed "s/npm-//")
cp -r "$dir"/* "npm/platform-$PLATFORM/"
chmod +x "npm/platform-$PLATFORM/bin/"* 2>/dev/null || true
done
- name: Sync versions
run: bash scripts/sync.sh
- name: Publish platform packages
run: |-
for dir in npm/platform-*/; do
echo "Publishing $(basename $dir)..."
cd "$dir"
npm publish --provenance --access public
cd ../..
done
- name: Publish main package
run: |-
cd npm/gaji
npm publish --provenance --access public
upload-release-assets:
needs:
- build
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
merge-multiple: true
path: artifacts
pattern: binary-*
- name: Generate checksums
run: |-
cd artifacts
sha256sum * > checksums.txt
- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: softprops/action-gh-release@v2
with:
files: artifacts/*
name: Release
on:
push:
tags:
- v*
permissions:
contents: read