1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
name: Release Binaries
# Builds native binaries for every major platform and publishes them on
# versioned tag pushes (e.g. v1.2.3). Nightly Docker images are published
# on every main-branch commit by ci.yml — no duplication needed here.
on:
push:
tags:
env:
CARGO_TERM_COLOR: always
jobs:
# ── Build ────────────────────────────────────────────────────────────────────
build:
name: Build · ${{ matrix.target }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
# Linux glibc — preferred by binstall on mainstream distros; uses glibc's fast allocator
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
cross: false
# Linux musl — statically linked, runs on Alpine / musl-based distros
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
cross: false
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
cross: true # cross-compiled via the `cross` Docker toolchain
# macOS ARM (macos-14+ runner is ARM64)
- target: aarch64-apple-darwin
os: macos-latest
cross: false
# Windows
- target: x86_64-pc-windows-msvc
os: windows-latest
cross: false
steps:
- uses: actions/checkout@v4
# Toolchain version comes from rust-toolchain.toml; targets are per-matrix.
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
# Belt-and-suspenders: ensure the target stdlib is installed even on a cold
# tool-cache (e.g. after a version bump in rust-toolchain.toml). cross builds
# use their own Docker image so only native builds need this.
- name: Ensure Rust target stdlib is installed
if: "!matrix.cross"
run: rustup target add ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
with:
key: release-${{ matrix.target }}
# musl-tools provides musl-gcc required for the x86_64-musl target.
- name: Install musl toolchain
if: contains(matrix.target, 'musl') && !matrix.cross
run: sudo apt-get install -y musl-tools
# taiki-e/install-action downloads pre-built cross binaries — much faster than
# compiling from source with `cargo install cross`.
- name: Install cross
if: matrix.cross
uses: taiki-e/install-action@v2
with:
tool: cross
- name: Build
shell: bash
env:
# Explicitly reinforce all profile.release optimizations from Cargo.toml so
# they can't be silently overridden by toolchain defaults or stale cache.
CARGO_PROFILE_RELEASE_LTO: fat
CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "1"
CARGO_PROFILE_RELEASE_OPT_LEVEL: "3"
CARGO_PROFILE_RELEASE_PANIC: abort
CARGO_PROFILE_RELEASE_STRIP: symbols
run: |
if [[ "${{ matrix.cross }}" == "true" ]]; then
cross build --release --target ${{ matrix.target }}
else
cargo build --release --target ${{ matrix.target }}
fi
- name: Package (Unix)
if: runner.os != 'Windows'
run: >
tar czf gitprint-${{ matrix.target }}.tar.gz
-C target/${{ matrix.target }}/release gitprint
- name: Package (Windows)
if: runner.os == 'Windows'
shell: pwsh
run: >
Compress-Archive
-Path target/${{ matrix.target }}/release/gitprint.exe
-DestinationPath gitprint-${{ matrix.target }}.zip
- uses: actions/upload-artifact@v4
with:
name: gitprint-${{ matrix.target }}
# Each job uploads exactly one archive; glob picks whichever extension was created.
path: gitprint-${{ matrix.target }}.*
# ── Docker image ─────────────────────────────────────────────────────────────
# Publishes ghcr.io/izelnakri/gitprint:<version>, <major>.<minor>, and latest.
package:
name: Publish Docker image
needs:
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Derives: v0.3.4 → tags 0.3.4, 0.3, and latest.
- uses: docker/metadata-action@v5
id: meta
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest
# Download the already-compiled musl binary from the build job — no recompilation needed.
- uses: actions/download-artifact@v4
with:
name: gitprint-x86_64-unknown-linux-musl
path: dist
- run: tar xzf dist/gitprint-x86_64-unknown-linux-musl.tar.gz -C dist
# Target the prebuilt stage: copies the binary into Alpine, skips all compile stages.
- uses: docker/build-push-action@v6
with:
context: dist
file: Dockerfile
target: prebuilt
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# ── Publish ──────────────────────────────────────────────────────────────────
publish:
name: Publish release
needs:
runs-on: ubuntu-latest
permissions:
contents: write # required to create/delete GitHub releases and tags
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
# Download all platform archives into a single directory.
- uses: actions/download-artifact@v4
with:
merge-multiple: true
path: artifacts
- name: Generate SHA-256 checksums
run: cd artifacts && sha256sum * > checksums.txt
# make release creates the GitHub Release entry locally (with CHANGELOG notes)
# before pushing the tag, so CI only needs to upload the built artifacts.
# The create fallback handles the rare case where CI wins the race.
- name: Upload artifacts to versioned release
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.repository }}
run: |
gh release create "${{ github.ref_name }}" \
--title "${{ github.ref_name }}" \
--generate-notes 2>/dev/null || true
gh release upload "${{ github.ref_name }}" --clobber artifacts/*