keycli 0.1.3

An environment manager which stores your secrets in your OS keyring
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

---
name: Publish release files

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  create-release:
    runs-on: ubuntu-latest
    env:
      tag: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v6
      - name: Publish release
        run: gh release create "$tag" --draft -t "$tag"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  vendor:
    needs: create-release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - name: Setup cargo
        run: rustup update stable && rustup default stable
      - name: Cache Cargo vendored dependencies
        id: cache-cargo-vendor
        uses: actions/cache@v5
        with:
          path: |
            vendor/
            .cargo/config.toml
          key: cargo-vendor-${{ hashFiles('Cargo.lock', '.cargo/config.toml') }}
          enableCrossOsArchive: true

      - if: ${{ steps.cache-cargo-vendor.outputs.cache-hit != 'true' }}
        name: Fetch and vendor Cargo dependencies
        run: cargo vendor --verbose --locked >> .cargo/config.toml

  build:
    needs: vendor
    permissions:
      contents: write
      attestations: write
      id-token: write
    strategy:
      matrix:
        include:
          - os: ubuntu-latest
            name: linux
          - os: windows-latest
            name: windows
          - os: macos-latest
            name: macos
    runs-on: ${{ matrix.os }}
    env:
      tag: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v6
      - name: Restore Cargo vendored dependencies cache
        uses: actions/cache@v5
        with:
          path: |
            vendor/
            .cargo/config.toml
          key: cargo-vendor-${{ hashFiles('Cargo.lock', '.cargo/config.toml') }}
          enableCrossOsArchive: true
          fail-on-cache-miss: true
      - name: Install mise
        uses: jdx/mise-action@v4
      - name: Setup cargo
        run: rustup update stable && rustup default stable
      - name: Install dependencies
        if: runner.os == 'Linux'
        run: |
          sudo apt-get update
          sudo apt-get install -y libdbus-1-dev pkg-config

      - name: Build the release
        run: mise build-release --offline --locked
        shell: bash

      - name: Rename Release (Unix)
        run: |
          mkdir -p assets
          FILENAME=keycli-${tag}-${{matrix.name}}
          mv target/release/keycli assets
          cd assets
          tar --format=ustar -czf "$FILENAME.tar.gz" keycli
          rm keycli
        if: ${{ matrix.os != 'windows-latest' }}

      - name: Rename Release (Windows)
        run: |
          mkdir assets
          FILENAME=keycli-${tag}-${{matrix.name}}
          mv target/release/keycli.exe assets/keycli.exe
          cd assets
          powershell Compress-Archive -Path * -Destination ${FILENAME}.zip
          rm keycli.exe
        if: ${{ matrix.os == 'windows-latest' }}
        shell: bash

      - name: Upload assets
        run: gh release upload "${tag}" assets/*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash

      - name: Generate artifact attestations
        uses: actions/attest@v4
        with:
          subject-path: assets/*

  publish:
    needs: build
    runs-on: ubuntu-latest
    env:
      tag: ${{ github.ref_name }}
    steps:
      - uses: actions/checkout@v6
      - name: Publish release
        run: gh release edit "$tag" --draft=false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}