keycli 0.1.3

An environment manager which stores your secrets in your OS keyring
---
name: Publish release files

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  create-release:
    runs-on: ubuntu-latest
    env:
      tag: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v6
      - name: Publish release
        run: gh release create "$tag" --draft -t "$tag"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  vendor:
    needs: create-release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - name: Setup cargo
        run: rustup update stable && rustup default stable
      - name: Cache Cargo vendored dependencies
        id: cache-cargo-vendor
        uses: actions/cache@v5
        with:
          path: |
            vendor/
            .cargo/config.toml
          key: cargo-vendor-${{ hashFiles('Cargo.lock', '.cargo/config.toml') }}
          enableCrossOsArchive: true

      - if: ${{ steps.cache-cargo-vendor.outputs.cache-hit != 'true' }}
        name: Fetch and vendor Cargo dependencies
        run: cargo vendor --verbose --locked >> .cargo/config.toml

  build:
    needs: vendor
    permissions:
      contents: write
      attestations: write
      id-token: write
    strategy:
      matrix:
        include:
          - os: ubuntu-latest
            name: linux
          - os: windows-latest
            name: windows
          - os: macos-latest
            name: macos
    runs-on: ${{ matrix.os }}
    env:
      tag: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v6
      - name: Restore Cargo vendored dependencies cache
        uses: actions/cache@v5
        with:
          path: |
            vendor/
            .cargo/config.toml
          key: cargo-vendor-${{ hashFiles('Cargo.lock', '.cargo/config.toml') }}
          enableCrossOsArchive: true
          fail-on-cache-miss: true
      - name: Install mise
        uses: jdx/mise-action@v4
      - name: Setup cargo
        run: rustup update stable && rustup default stable
      - name: Install dependencies
        if: runner.os == 'Linux'
        run: |
          sudo apt-get update
          sudo apt-get install -y libdbus-1-dev pkg-config

      - name: Build the release
        run: mise build-release --offline --locked
        shell: bash

      - name: Rename Release (Unix)
        run: |
          mkdir -p assets
          FILENAME=keycli-${tag}-${{matrix.name}}
          mv target/release/keycli assets
          cd assets
          tar --format=ustar -czf "$FILENAME.tar.gz" keycli
          rm keycli
        if: ${{ matrix.os != 'windows-latest' }}

      - name: Rename Release (Windows)
        run: |
          mkdir assets
          FILENAME=keycli-${tag}-${{matrix.name}}
          mv target/release/keycli.exe assets/keycli.exe
          cd assets
          powershell Compress-Archive -Path * -Destination ${FILENAME}.zip
          rm keycli.exe
        if: ${{ matrix.os == 'windows-latest' }}
        shell: bash

      - name: Upload assets
        run: gh release upload "${tag}" assets/*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash

      - name: Generate artifact attestations
        uses: actions/attest@v4
        with:
          subject-path: assets/*

  publish:
    needs: build
    runs-on: ubuntu-latest
    env:
      tag: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v6
      - name: Publish release
        run: gh release edit "$tag" --draft=false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}