name: release
on:
push:
tags:
- "v*"
jobs:
publish:
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: write
env:
RUSTFLAGS: "-C debuginfo=0"
CARGO_TARGET_DIR: target/ci
steps:
- name: checkout
uses: actions/checkout@v4
- name: set up rust
uses: dtolnay/rust-toolchain@stable
- name: cache cargo
uses: Swatinem/rust-cache@v2
with:
prefix-key: v0-rust-release
cache-targets: true
- name: doc build
env:
RUSTDOCFLAGS: "--cfg docsrs"
CARGO_PROFILE_DEV_DEBUG: 0
run: cargo doc --workspace --all-features --no-deps
- name: run tests
run: cargo test
- name: install sbom tool
uses: taiki-e/install-action@v2
with:
tool: cargo-cyclonedx
- name: generate sbom
run: |
cargo cyclonedx --format json --override-filename "sbom-${{ github.ref_name }}.cdx" --all-features
- name: collect sbom files
run: |
set -euo pipefail
mkdir -p /tmp/infrahub-sbom
find /tmp -maxdepth 1 -type f -name "sbom-${{ github.ref_name }}.cdx.json" \
-exec mv {} /tmp/infrahub-sbom/ \;
find "$GITHUB_WORKSPACE" -type f -name "sbom-${{ github.ref_name }}.cdx.json" \
-exec mv {} /tmp/infrahub-sbom/ \;
- name: upload sbom
uses: actions/upload-artifact@v4
with:
name: sbom-${{ github.ref_name }}
path: "/tmp/infrahub-sbom/sbom-${{ github.ref_name }}.cdx.json"
if-no-files-found: error
- name: attach sbom to release
uses: softprops/action-gh-release@v2
with:
files: /tmp/infrahub-sbom/sbom-${{ github.ref_name }}.cdx.json
- name: publish infrahub
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
run: cargo publish -p infrahub --no-verify