name: Release
on:
push:
tags: ["v*"]
env:
CARGO_TERM_COLOR: always
permissions:
contents: write
jobs:
package:
name: package (${{ matrix.target }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-22.04
target: x86_64-unknown-linux-gnu
- os: macos-14
target: x86_64-apple-darwin
- os: macos-14
target: aarch64-apple-darwin
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
with:
shared-key: release-${{ matrix.target }}
- name: Derive release version
id: version
shell: bash
run: |
version="${GITHUB_REF_NAME#v}"
if [ -z "$version" ] || [ "$version" = "$GITHUB_REF_NAME" ]; then
echo "expected tag in v{version} format, got ${GITHUB_REF_NAME}" >&2
exit 1
fi
cargo_version="$(grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/')"
if [ "$cargo_version" != "$version" ]; then
echo "Cargo.toml version ${cargo_version} does not match tag ${version}" >&2
exit 1
fi
echo "value=$version" >> "$GITHUB_OUTPUT"
- name: cargo build --release --locked --target ${{ matrix.target }}
run: cargo build --release --locked --target ${{ matrix.target }}
- name: Package release archive
shell: bash
run: |
scripts/package-release.sh \
"${{ steps.version.outputs.value }}" \
"${{ matrix.target }}" \
"target/${{ matrix.target }}/release/keyclaw" \
dist
- uses: actions/upload-artifact@v4
with:
name: release-${{ matrix.target }}
path: dist/keyclaw-v${{ steps.version.outputs.value }}-${{ matrix.target }}.tar.gz
if-no-files-found: error
publish-release:
name: publish release
runs-on: ubuntu-22.04
needs: package
outputs:
version: ${{ steps.version.outputs.value }}
steps:
- uses: actions/checkout@v4
- name: Derive release version
id: version
shell: bash
run: |
version="${GITHUB_REF_NAME#v}"
if [ -z "$version" ] || [ "$version" = "$GITHUB_REF_NAME" ]; then
echo "expected tag in v{version} format, got ${GITHUB_REF_NAME}" >&2
exit 1
fi
echo "value=$version" >> "$GITHUB_OUTPUT"
- uses: actions/download-artifact@v4
with:
path: dist
pattern: release-*
merge-multiple: true
- name: Generate SHA256SUMS
shell: bash
run: |
cd dist
sha256sum keyclaw-v${{ steps.version.outputs.value }}-*.tar.gz > SHA256SUMS
- name: Verify release artifact contract
shell: bash
run: scripts/verify-release-contract.sh "${{ steps.version.outputs.value }}" dist
- uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
files: |
dist/*.tar.gz
dist/SHA256SUMS
fail_on_unmatched_files: true
publish-homebrew:
name: publish homebrew formula
runs-on: ubuntu-22.04
needs: publish-release
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: dist
pattern: release-*
merge-multiple: true
- name: Generate SHA256SUMS
shell: bash
run: |
cd dist
sha256sum keyclaw-v${{ needs.publish-release.outputs.version }}-*.tar.gz > SHA256SUMS
- name: Verify release artifact contract
shell: bash
run: scripts/verify-release-contract.sh "${{ needs.publish-release.outputs.version }}" dist
- name: Render Homebrew formula
shell: bash
run: |
scripts/render-homebrew-formula.sh \
"${{ needs.publish-release.outputs.version }}" \
dist \
Formula/keyclaw.rb
ruby -c Formula/keyclaw.rb
- uses: actions/checkout@v4
with:
repository: GuthL/homebrew-tap
ref: main
token: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
path: homebrew-tap
- name: Update tap formula
shell: bash
run: |
install -D -m 644 Formula/keyclaw.rb homebrew-tap/Formula/keyclaw.rb
cd homebrew-tap
if git diff --quiet -- Formula/keyclaw.rb; then
echo "formula already up to date"
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add Formula/keyclaw.rb
git commit -m "keyclaw ${{ needs.publish-release.outputs.version }}"
git push origin HEAD:main