name: build-push-release
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+'
permissions:
contents: write
env:
CARGO_TERM_COLOR: always
jobs:
check-release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
components: rustfmt
- name: Run cargo check tool
run: cargo check --verbose
create-release:
runs-on: ubuntu-latest
needs:
- check-release
outputs:
midas_version: ${{ env.MIDAS_VERSION }}
steps:
- uses: actions/checkout@v4
- name: Extract package version from the tag
shell: bash
if: env.MIDAS_VERSION == ''
run: |
echo "MIDAS_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
- name: Show the version
run: |
echo "version is: $MIDAS_VERSION"
- name: Check that tag version and Cargo.toml version are the same
shell: bash
run: |
if ! grep -q "version = \"$MIDAS_VERSION\"" Cargo.toml; then
echo "version does not match Cargo.toml" >&2
exit 1
fi
- name: Create GitHub release
env:
GH_TOKEN: ${{ github.token }}
run: gh release create ${{ env.MIDAS_VERSION }} --verify-tag --title $MIDAS_VERSION
build-release-package:
runs-on: ${{ matrix.os }}
needs:
- create-release
env:
CARGO: cargo
TARGET_FLAGS: ""
TARGET_DIR: ./target
RUST_BACKTRACE: 1
CROSS_VERSION: v0.2.5
strategy:
matrix:
build:
- stable-musl
- stable-x86-gnu
- stable-arm-gnueabihf
- stable-armv7-gnueabihf
- stable-armv7-musleabihf
- stable-armv7-musleabi
- stable-aarch64
- stable-powerpc64
- stable-s390x
- macos
- win-msvc
- win-gnu
- win32-msvc
include:
- build: stable-musl
os: ubuntu-latest
rust: stable
target: x86_64-unknown-linux-musl
strip: x86_64-linux-musl-strip
- build: stable-x86-gnu
os: ubuntu-latest
rust: stable
target: i686-unknown-linux-gnu
strip: x86_64-linux-gnu-strip
- build: stable-arm-gnueabihf
os: ubuntu-latest
rust: stable
target: arm-unknown-linux-gnueabihf
strip: arm-linux-gnueabihf-strip
- build: stable-armv7-gnueabihf
os: ubuntu-latest
rust: stable
target: armv7-unknown-linux-gnueabihf
strip: arm-linux-gnueabihf-strip
- build: stable-armv7-musleabihf
os: ubuntu-latest
rust: stable
target: armv7-unknown-linux-musleabihf
strip: arm-linux-musleabihf-strip
- build: stable-armv7-musleabi
os: ubuntu-latest
rust: stable
target: armv7-unknown-linux-musleabi
strip: arm-linux-musleabi-strip
- build: stable-aarch64
os: ubuntu-latest
rust: stable
target: aarch64-unknown-linux-gnu
strip: aarch64-linux-gnu-strip
- build: stable-powerpc64
os: ubuntu-latest
rust: stable
target: powerpc64-unknown-linux-gnu
strip: powerpc64-linux-gnu-strip
- build: stable-s390x
os: ubuntu-latest
rust: stable
target: s390x-unknown-linux-gnu
strip: s390x-linux-gnu-strip
- build: macos
os: macos-latest
rust: nightly
target: x86_64-apple-darwin
- build: win-msvc
os: windows-latest
rust: nightly
target: x86_64-pc-windows-msvc
- build: win-gnu
os: windows-latest
rust: nightly-x86_64-gnu
target: x86_64-pc-windows-gnu
- build: win32-msvc
os: windows-latest
rust: nightly
target: i686-pc-windows-msvc
steps:
- uses: actions/checkout@v4
- name: Install packages (Ubuntu)
if: matrix.os == 'ubuntu-latest'
run: |
ci/ubuntu-install-packages
- name: Install packages (Windows GNU)
uses: msys2/setup-msys2@v2
if: matrix.os == 'windows-latest' && matrix.target == 'x86_64-pc-windows-gnu'
with:
msystem: UCRT64
update: true
install: git perl pkg-config mingw-w64-x86_64-toolchain mingw-w64-ucrt-x86_64-gcc openssl
path-type: inherit
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
target: ${{ matrix.target }}
- name: Use cross compiler
if: matrix.os == 'ubuntu-latest' && matrix.target != ''
shell: bash
run: |
dir="$RUNNER_TEMP/cross-download"
mkdir "$dir"
echo "$dir" >> $GITHUB_PATH
cd "$dir"
curl -LO "https://github.com/cross-rs/cross/releases/download/$CROSS_VERSION/cross-x86_64-unknown-linux-musl.tar.gz"
tar xf cross-x86_64-unknown-linux-musl.tar.gz
echo "CARGO=cross" >> $GITHUB_ENV
- name: Set target variables
shell: bash
run: |
echo "TARGET_FLAGS=--target ${{ matrix.target }}" >> $GITHUB_ENV
echo "TARGET_DIR=./target/${{ matrix.target }}" >> $GITHUB_ENV
- name: Show command used for Cargo
run: |
echo "cargo command is: ${{ env.CARGO }}"
echo "target flag is: ${{ env.TARGET_FLAGS }}"
echo "target dir is: ${{ env.TARGET_DIR }}"
- name: Build release binary and dependency crates (native)
if: matrix.target == ''
run: ${{ env.CARGO }} build --verbose --release ${{ env.TARGET_FLAGS }}
- name: Build release binary and dependency crates (cross)
if: matrix.target != 'x86_64-pc-windows-gnu'
run: ${{ env.CARGO }} build --verbose --release ${{ env.TARGET_FLAGS }}
- name: Build release binary and dependency crates (win-gnu)
if: matrix.target == 'x86_64-pc-windows-gnu'
shell: msys2 {0}
run: ${{ env.CARGO }} build --verbose --release ${{ env.TARGET_FLAGS }}
- name: Strip release binary (linux, macos and macos-arm)
if: matrix.os == 'macos'
run: |
strip "target/${{ matrix.target }}/release/midas"
strip "target/${{ matrix.target }}/release/cargo-migrate"
- name: Strip release binary (arm)
if: matrix.build == 'linux-arm'
run: |
docker run --rm -v \
"$PWD/target:/target:Z" \
ghcr.io/cross-rs/${{ matrix.target }}:main \
${{ matrix.strip }} \
/target/${{ matrix.target }}/release/midas
docker run --rm -v \
"$PWD/target:/target:Z" \
ghcr.io/cross-rs/${{ matrix.target }}:main \
${{ matrix.strip }} \
/target/${{ matrix.target }}/release/cargo-migrate
- name: Build archive
shell: bash
run: |
archive_target="midas-${{ needs.create-release.outputs.midas_version }}-${{ matrix.target }}"
mkdir -p $archive_target
cp {README.md,LICENSE-APACHE,LICENSE-MIT,COPYRIGHT} "$archive_target/"
if [ "${{ matrix.os }}" = "windows-latest" ]; then
cp "target/${{ matrix.target }}/release/midas.exe" "$archive_target/"
cp "target/${{ matrix.target }}/release/cargo-migrate.exe" "$archive_target/"
7z a "$archive_target.zip" "$archive_target"
certutil -hashfile "$archive_target.zip" SHA256 > "$archive_target.zip.sha256"
echo "ASSET=$archive_target.zip" >> $GITHUB_ENV
echo "ASSET_SUM=$archive_target.zip.sha256" >> $GITHUB_ENV
else
cp "target/${{ matrix.target }}/release/midas" "$archive_target/"
cp "target/${{ matrix.target }}/release/cargo-migrate" "$archive_target/"
tar czf "$archive_target.tar.gz" "$archive_target"
shasum -a 256 "$archive_target.tar.gz" > "$archive_target.tar.gz.sha256"
echo "ASSET=$archive_target.tar.gz" >> $GITHUB_ENV
echo "ASSET_SUM=$archive_target.tar.gz.sha256" >> $GITHUB_ENV
fi
- name: Upload release archive
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: gh release upload ${{ needs.create-release.outputs.midas_version }} ${{ env.ASSET }} ${{ env.ASSET_SUM }}
build-release-deb:
runs-on: ubuntu-latest
needs:
- create-release
env:
CARGO: cargo
TARGET: x86_64-unknown-linux-musl
TARGET_FLAGS: ""
TARGET_DIR: ./target
RUST_BACKTRACE: 1
steps:
- uses: actions/checkout@v4
- name: Install packages (Ubuntu)
run: |
ci/ubuntu-install-packages
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
target: ${{ env.TARGET }}
- name: Install cargo-deb
shell: bash
run: cargo install cargo-deb
- name: Show command used for Cargo
run: |
echo "cargo command is: ${{ env.CARGO }}"
echo "target flag is: ${{ env.TARGET_FLAGS }}"
echo "target dir is: ${{ env.TARGET_DIR }}"
- name: Build release binary
run: ${{ env.CARGO }} build --verbose --release --target ${{ env.TARGET }} ${{ env.TARGET_FLAGS }}
- name: Build deb package
run: ${{ env.CARGO }} deb --target ${{ env.TARGET }}
- name: Build archive
shell: bash
run: |
deb_target="midas_${{ needs.create-release.outputs.midas_version }}-1_amd64.deb"
mv "target/${{ env.TARGET }}/debian/$deb_target" .
shasum -a 256 "$deb_target" > "$deb_target.sha256"
echo "ASSET=$deb_target" >> $GITHUB_ENV
echo "ASSET_SUM=$deb_target.sha256" >> $GITHUB_ENV
- name: Upload release archive
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: gh release upload ${{ needs.create-release.outputs.midas_version }} ${{ env.ASSET }} ${{ env.ASSET_SUM }}
build-release-image:
runs-on: ubuntu-latest
needs:
- create-release
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
permissions:
contents: read
packages: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@v3.6.0
with:
cosign-release: 'v2.4.0'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest
type=semver,pattern={{version}},value=${{ env.MIDAS_VERSION }}
type=semver,pattern={{major}}.{{minor}},value=${{ env.MIDAS_VERSION }}
type=semver,pattern={{major}},value=${{ env.MIDAS_VERSION }}
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v6
with:
context: .
file: ./Containerfile
platforms: linux/amd64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}