1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Publish crate
on:
push:
branches:
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
jobs:
ci:
uses: ./.github/workflows/ci.yml
publish:
name: Publish crate
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
needs: ci
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@1.91.0
- uses: Swatinem/rust-cache@v2
- name: Publish to crates.io
uses: katyo/publish-crates@v2
with:
path: .
args: --allow-dirty
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}
ignore-unpublished-changes: true
check-repo: true
dry-run: false
release:
name: Build binaries + Release
if: needs.publish.result == 'success'
needs: publish
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
strategy:
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
bin_suffix: ""
- os: ubuntu-24.04-arm
target: aarch64-unknown-linux-gnu
bin_suffix: ""
- os: macos-15
target: x86_64-apple-darwin
bin_suffix: ""
- os: macos-15
target: aarch64-apple-darwin
bin_suffix: ""
- os: windows-latest
target: x86_64-pc-windows-msvc
bin_suffix: ".exe"
- os: windows-latest
target: aarch64-pc-windows-msvc
bin_suffix: ".exe"
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@1.91.0
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
- name: Ensure target installed
run: rustup target add ${{ matrix.target }}
- name: Derive release tag from version
id: version
run: |
set -euo pipefail
version=$(grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/')
echo "version=${version}" >> "$GITHUB_OUTPUT"
echo "RELEASE_TAG=v${version}" >> "$GITHUB_ENV"
echo "RELEASE_TITLE=v${version}" >> "$GITHUB_ENV"
- name: Build release binary
run: cargo build --locked --release --target ${{ matrix.target }} --bin greentic-setup
- name: Package release archive
id: package
run: |
set -euo pipefail
version="${{ steps.version.outputs.version }}"
target="${{ matrix.target }}"
bin_suffix="${{ matrix.bin_suffix }}"
out_dir="target/${target}/release"
archive_dir="dist/greentic-setup-v${version}-${target}"
archive="dist/greentic-setup-v${version}-${target}.tgz"
checksum="${archive}.sha256"
mkdir -p "${archive_dir}"
cp "${out_dir}/greentic-setup${bin_suffix}" "${archive_dir}/greentic-setup${bin_suffix}"
tar -C dist -czf "${archive}" "greentic-setup-v${version}-${target}"
ARCHIVE="${archive}" python3 - <<'PY'
import hashlib
import os
import pathlib
path = pathlib.Path(os.environ["ARCHIVE"])
digest = hashlib.sha256(path.read_bytes()).hexdigest()
path.with_suffix(path.suffix + ".sha256").write_text(f"{digest} {path.name}\n")
PY
echo "archive=${archive}" >> "$GITHUB_OUTPUT"
echo "checksum=${checksum}" >> "$GITHUB_OUTPUT"
- name: Upload release artifacts
uses: softprops/action-gh-release@v2
with:
files: |
${{ steps.package.outputs.archive }}
${{ steps.package.outputs.checksum }}
tag_name: ${{ env.RELEASE_TAG }}
name: ${{ env.RELEASE_TITLE }}
target_commitish: ${{ github.sha }}
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}