name: Release
on:
push:
tags:
- "v*"
permissions:
contents: write
env:
BINARY_NAME: hni
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-musl
builder: zigbuild
extension: tar.gz
- os: ubuntu-latest
target: aarch64-unknown-linux-musl
builder: zigbuild
extension: tar.gz
- os: macos-14
target: x86_64-apple-darwin
builder: cargo
extension: tar.gz
- os: macos-14
target: aarch64-apple-darwin
builder: cargo
extension: tar.gz
- os: windows-latest
target: x86_64-pc-windows-msvc
builder: cargo
extension: zip
- os: windows-latest
target: aarch64-pc-windows-msvc
builder: cargo
extension: zip
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v6.0.2
- name: Install Rust
uses: dtolnay/rust-toolchain@v1
with:
toolchain: stable
targets: ${{ matrix.target }}
- name: Cache cargo
uses: Swatinem/rust-cache@v2.8.2
- name: Install Zig
if: matrix.builder == 'zigbuild'
uses: goto-bus-stop/setup-zig@v2.2.1
- name: Install cargo-zigbuild
if: matrix.builder == 'zigbuild'
uses: taiki-e/install-action@v2.68.23
with:
tool: cargo-zigbuild
- name: Build (non-Windows)
if: runner.os != 'Windows'
shell: bash
run: |
if [[ "${{ matrix.builder }}" == "zigbuild" ]]; then
cargo zigbuild --release --locked --target "${{ matrix.target }}"
else
cargo build --release --locked --target "${{ matrix.target }}"
fi
- name: Build (Windows)
if: runner.os == 'Windows'
shell: pwsh
run: cargo build --release --locked --target "${{ matrix.target }}"
- name: Package (non-Windows)
if: runner.os != 'Windows'
shell: bash
run: |
set -euo pipefail
tag="${GITHUB_REF_NAME}"
name="${BINARY_NAME}-${tag}-${{ matrix.target }}"
mkdir -p dist
stage="$(mktemp -d)"
cp "target/${{ matrix.target }}/release/${BINARY_NAME}" "${stage}/hni"
cp "${stage}/hni" "dist/${name}"
chmod 0755 "dist/${name}"
tar -C "${stage}" -czf "dist/${name}.tar.gz" "hni"
- name: Package (Windows)
if: runner.os == 'Windows'
shell: pwsh
run: |
$tag = $env:GITHUB_REF_NAME
$name = "$env:BINARY_NAME-$tag-${{ matrix.target }}"
New-Item -ItemType Directory -Path dist -Force | Out-Null
$stage = Join-Path $env:TEMP ("hni-stage-" + [Guid]::NewGuid().ToString("N"))
New-Item -ItemType Directory -Path $stage -Force | Out-Null
Copy-Item "target/${{ matrix.target }}/release/$env:BINARY_NAME.exe" (Join-Path $stage "hni.exe")
Copy-Item (Join-Path $stage "hni.exe") "dist/$name.exe"
Compress-Archive -Path (Join-Path $stage "hni.exe") -DestinationPath "dist/$name.zip" -Force
- name: Upload artifact
uses: actions/upload-artifact@v7.0.0
with:
name: ${{ env.BINARY_NAME }}-${{ github.ref_name }}-${{ matrix.target }}.${{ matrix.extension }}
path: dist/*
if-no-files-found: error
release:
needs: build
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@v8.0.0
with:
path: dist
merge-multiple: true
- name: Generate checksums
run: |
cd dist
shasum -a 256 * > SHA256SUMS
- name: Publish GitHub Release
uses: softprops/action-gh-release@v2.5.0
with:
files: |
dist/*
fail_on_unmatched_files: true
homebrew:
needs: release
runs-on: ubuntu-latest
env:
TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
steps:
- name: Check Homebrew token
id: check_token
run: |
if [[ -z "${TAP_TOKEN}" ]]; then
echo "has_token=false" >> "$GITHUB_OUTPUT"
echo "HOMEBREW_TAP_GITHUB_TOKEN is not set; skipping tap publish"
else
echo "has_token=true" >> "$GITHUB_OUTPUT"
fi
- name: Checkout source repository
if: steps.check_token.outputs.has_token == 'true'
uses: actions/checkout@v6.0.2
- name: Download artifacts
if: steps.check_token.outputs.has_token == 'true'
uses: actions/download-artifact@v8.0.0
with:
path: dist
merge-multiple: true
- name: Clone Homebrew tap
if: steps.check_token.outputs.has_token == 'true'
run: |
git clone "https://x-access-token:${TAP_TOKEN}@github.com/happytoolin/homebrew-happytap.git" tap
- name: Update formula
if: steps.check_token.outputs.has_token == 'true'
env:
TAG: ${{ github.ref_name }}
run: |
set -euo pipefail
version="${TAG#v}"
macos_arm_file="dist/${BINARY_NAME}-${TAG}-aarch64-apple-darwin.tar.gz"
macos_x64_file="dist/${BINARY_NAME}-${TAG}-x86_64-apple-darwin.tar.gz"
linux_arm_file="dist/${BINARY_NAME}-${TAG}-aarch64-unknown-linux-musl.tar.gz"
linux_x64_file="dist/${BINARY_NAME}-${TAG}-x86_64-unknown-linux-musl.tar.gz"
export MACOS_ARM64_SHA256
export MACOS_X64_SHA256
export LINUX_ARM64_SHA256
export LINUX_X64_SHA256
MACOS_ARM64_SHA256="$(shasum -a 256 "$macos_arm_file" | awk '{print $1}')"
MACOS_X64_SHA256="$(shasum -a 256 "$macos_x64_file" | awk '{print $1}')"
LINUX_ARM64_SHA256="$(shasum -a 256 "$linux_arm_file" | awk '{print $1}')"
LINUX_X64_SHA256="$(shasum -a 256 "$linux_x64_file" | awk '{print $1}')"
bash scripts/update_homebrew_formula.sh "$version" tap
- name: Commit and push tap update
if: steps.check_token.outputs.has_token == 'true'
working-directory: tap
run: |
set -euo pipefail
if [[ -z "$(git status --porcelain)" ]]; then
echo "No Homebrew changes to publish"
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add Formula/hni.rb
git commit -m "hni v${GITHUB_REF_NAME#v}"
git push origin HEAD:main
npm:
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout source repository
uses: actions/checkout@v6.0.2
- name: Install Node.js
uses: actions/setup-node@v6.3.0
with:
node-version: 24
registry-url: https://registry.npmjs.org
- name: Ensure npm supports trusted publishing
run: |
set -euo pipefail
npm install -g npm@latest
npm --version
- name: Download build artifacts
uses: actions/download-artifact@v8.0.0
with:
path: dist
merge-multiple: true
- name: Validate npm package version
run: |
set -euo pipefail
tag_version="${GITHUB_REF_NAME#v}"
pkg_version="$(node -p "require('./package.json').version")"
if [[ "$pkg_version" != "$tag_version" ]]; then
echo "package.json version ($pkg_version) does not match tag ($tag_version)"
exit 1
fi
- name: Resolve npm dist-tag
id: npm_tag
run: |
set -euo pipefail
version="${GITHUB_REF_NAME#v}"
if [[ "$version" == *-* ]]; then
echo "tag=alpha" >> "$GITHUB_OUTPUT"
else
echo "tag=latest" >> "$GITHUB_OUTPUT"
fi
- name: Prepare npm platform packages
run: node scripts/prepare-npm-platform-packages.mjs
- name: Publish npm platform packages
run: |
set -euo pipefail
npm publish ./npm/platforms/hni-darwin-arm64 --access public --tag "${{ steps.npm_tag.outputs.tag }}"
npm publish ./npm/platforms/hni-darwin-x64 --access public --tag "${{ steps.npm_tag.outputs.tag }}"
npm publish ./npm/platforms/hni-linux-arm64-musl --access public --tag "${{ steps.npm_tag.outputs.tag }}"
npm publish ./npm/platforms/hni-linux-x64-musl --access public --tag "${{ steps.npm_tag.outputs.tag }}"
npm publish ./npm/platforms/hni-win32-arm64-msvc --access public --tag "${{ steps.npm_tag.outputs.tag }}"
npm publish ./npm/platforms/hni-win32-x64-msvc --access public --tag "${{ steps.npm_tag.outputs.tag }}"
- name: Publish npm package
run: npm publish --access public --tag "${{ steps.npm_tag.outputs.tag }}"
crates-io:
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout source repository
uses: actions/checkout@v6.0.2
- name: Install Rust
uses: dtolnay/rust-toolchain@v1
with:
toolchain: stable
- name: Validate crate version
run: |
set -euo pipefail
tag_version="${GITHUB_REF_NAME#v}"
crate_version="$(sed -nE 's/^version = "([^"]+)"/\1/p' Cargo.toml | head -n1)"
if [[ -z "$crate_version" ]]; then
echo "failed to determine crate version from Cargo.toml"
exit 1
fi
if [[ "$crate_version" != "$tag_version" ]]; then
echo "Cargo.toml version ($crate_version) does not match tag ($tag_version)"
exit 1
fi
- name: Publish crate
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: |
set -euo pipefail
if [[ -z "${CARGO_REGISTRY_TOKEN:-}" ]]; then
echo "CARGO_REGISTRY_TOKEN is not set"
exit 1
fi
cargo publish --locked
jsr:
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout source repository
uses: actions/checkout@v6.0.2
- name: Setup Deno
uses: denoland/setup-deno@v2.0.3
with:
deno-version: v2.x
- name: Validate JSR package version
run: |
set -euo pipefail
tag_version="${GITHUB_REF_NAME#v}"
jsr_version="$(deno eval "console.log(JSON.parse(Deno.readTextFileSync('jsr.json')).version)")"
runtime_version="$(sed -nE 's/^const VERSION = \"([^\"]+)\";$/\1/p' jsr/shared.ts | head -n1)"
if [[ "$jsr_version" != "$tag_version" ]]; then
echo "jsr.json version ($jsr_version) does not match tag ($tag_version)"
exit 1
fi
if [[ -z "$runtime_version" || "$runtime_version" != "$tag_version" ]]; then
echo "jsr/shared.ts VERSION ($runtime_version) does not match tag ($tag_version)"
exit 1
fi
- name: Publish JSR package
run: deno publish