name: Release Binaries
on:
release:
types: [published]
workflow_dispatch:
inputs:
tag:
description: 'Tag to build (e.g. v0.1.0)'
required: true
permissions:
contents: write
id-token: write
env:
CARGO_TERM_COLOR: always
jobs:
build:
name: Build ${{ matrix.target }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
use_cross: false
- target: aarch64-unknown-linux-gnu
os: ubuntu-latest
use_cross: true
- target: aarch64-apple-darwin
os: macos-latest
use_cross: false
- target: x86_64-pc-windows-msvc
os: windows-latest
use_cross: false
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install OpenSSL (Windows only)
if: runner.os == 'Windows'
run: |
vcpkg install openssl:x64-windows-static
echo "OPENSSL_DIR=C:\vcpkg\installed\x64-windows-static" >> $GITHUB_ENV
echo "OPENSSL_STATIC=1" >> $GITHUB_ENV
shell: bash
- name: Install cross (Linux aarch64 only)
if: matrix.use_cross
run: cargo install cross --locked
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-${{ matrix.target }}-cargo-release-${{ hashFiles('**/Cargo.lock') }}
- name: Install OpenSSL dev (Linux native only)
if: runner.os == 'Linux' && !matrix.use_cross
run: sudo apt-get update && sudo apt-get install -y pkg-config libssl-dev
- name: Build binary
shell: bash
run: |
if [ "${{ matrix.use_cross }}" = "true" ]; then
export CARGO_PROFILE_RELEASE_LTO=thin
export CARGO_PROFILE_RELEASE_CODEGEN_UNITS=4
cross build --release --target ${{ matrix.target }} --features vendored-openssl -j2
elif [ "${{ runner.os }}" = "macOS" ]; then
cargo build --release --target ${{ matrix.target }} --features vendored-openssl -j2
else
cargo build --release --target ${{ matrix.target }} -j2
fi
- name: Determine version
id: version
shell: bash
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "version=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
else
echo "version=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
fi
- name: Package (Unix)
if: runner.os != 'Windows'
shell: bash
run: |
VERSION="${{ steps.version.outputs.version }}"
ARCHIVE="phalus-${VERSION}-${{ matrix.target }}.tar.gz"
mkdir -p staging
cp target/${{ matrix.target }}/release/phalus staging/
cp LICENSE staging/ 2>/dev/null || true
cd staging
tar czf "../${ARCHIVE}" *
cd ..
echo "ARCHIVE=${ARCHIVE}" >> $GITHUB_ENV
- name: Package (Windows)
if: runner.os == 'Windows'
shell: bash
run: |
VERSION="${{ steps.version.outputs.version }}"
ARCHIVE="phalus-${VERSION}-${{ matrix.target }}.zip"
mkdir -p staging
cp target/${{ matrix.target }}/release/phalus.exe staging/
cp LICENSE staging/ 2>/dev/null || true
cd staging
7z a "../${ARCHIVE}" *
cd ..
echo "ARCHIVE=${ARCHIVE}" >> $GITHUB_ENV
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: binary-${{ matrix.target }}
path: ${{ env.ARCHIVE }}
checksums:
name: Create checksums and upload
needs: build
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
pattern: binary-*
merge-multiple: true
- name: Generate checksums
run: |
cd artifacts
sha256sum * > checksums.txt
cat checksums.txt
- name: Determine tag
id: tag
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
else
echo "tag=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
fi
- name: Upload to GitHub Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ steps.tag.outputs.tag }}
files: artifacts/*
append_body: true