name: Build and Publish quicnet
on:
push:
tags:
- "v*"
workflow_dispatch:
env:
BINARY_NAME: quicnet
jobs:
build-cli:
strategy:
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
name: quicnet-linux-x64
- os: ubuntu-latest
target: aarch64-unknown-linux-gnu
name: quicnet-linux-arm64
- os: macos-latest
target: x86_64-apple-darwin
name: quicnet-macos-x64
- os: macos-latest
target: aarch64-apple-darwin
name: quicnet-macos-arm64
- os: windows-latest
target: x86_64-pc-windows-msvc
name: quicnet-windows-x64.exe
runs-on: ${{ matrix.os }}
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Set up Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install cross (for Linux ARM64)
if: matrix.os == 'ubuntu-latest' && matrix.target == 'aarch64-unknown-linux-gnu'
run: cargo install cross --git https://github.com/cross-rs/cross
- name: Install pkg-config on Linux
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y pkg-config
- name: Install pkg-config on macOS
if: matrix.os == 'macos-latest'
run: brew install pkg-config
shell: bash
- name: Cache Cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock', '**/Cargo.toml') }}
- name: Build CLI binary
run: |
if [ "${{ matrix.os }}" = "ubuntu-latest" ] && [ "${{ matrix.target }}" = "aarch64-unknown-linux-gnu" ]; then
cross build --release --bin quicnet --target ${{ matrix.target }}
else
cargo build --release --bin quicnet --target ${{ matrix.target }}
fi
shell: bash
- name: Prepare binary (Unix)
if: matrix.os != 'windows-latest'
run: |
cp target/${{ matrix.target }}/release/quicnet ${{ matrix.name }}
chmod +x ${{ matrix.name }}
shell: bash
- name: Prepare binary (Windows)
if: matrix.os == 'windows-latest'
run: cp target/${{ matrix.target }}/release/quicnet.exe ${{ matrix.name }}
shell: bash
- name: Generate SHA512 hash
run: |
if [ "${{ runner.os }}" = "macOS" ]; then
shasum -a 512 ${{ matrix.name }} > ${{ matrix.name }}.sha512
else
sha512sum ${{ matrix.name }} > ${{ matrix.name }}.sha512
fi
shell: bash
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.name }}
path: |
${{ matrix.name }}
${{ matrix.name }}.sha512
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo publish --locked
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_TOKEN }}
sign-and-release:
needs: [build-cli]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
merge-multiple: true
- name: Import GPG Key
run: echo "${{ secrets.HQ_ROTKO_GPG }}" | gpg --batch --import
- name: Configure GPG
run: |
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
gpg-connect-agent reloadagent /bye
- name: Sign all binaries and hashes
run: |
for binary in quicnet-*; do
if [[ ! "$binary" =~ \.(sha512|sig)$ ]]; then
gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" \
--detach-sign --armor --default-key hq@rotko.net --output "${binary}.sig" "$binary"
if [[ -f "${binary}.sha512" ]]; then
gpg --batch --yes --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" \
--detach-sign --armor --default-key hq@rotko.net --output "${binary}.sha512.sig" "${binary}.sha512"
fi
fi
done
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Create Release
run: |
FILES=()
for file in quicnet-* *.sig; do
if [[ -f "$file" ]]; then
FILES+=("$file")
fi
done
printf '%s\n' "${FILES[@]}" | sort -u > files_to_upload.txt
gh release create ${{ github.ref_name }} \
--title "quicnet ${{ github.ref_name }}" \
--generate-notes \
$(cat files_to_upload.txt | tr '\n' ' ')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}