reflex-search 1.3.4

# This file was autogenerated by dist: https://axodotdev.github.io/cargo-dist
#
# Copyright 2022-2024, axodotdev
# SPDX-License-Identifier: MIT or Apache-2.0
#
# CI that:
#
# * checks for a Git Tag that looks like a release
# * builds artifacts with dist (archives, installers, hashes)
# * uploads those artifacts to temporary workflow zip
# * on success, uploads the artifacts to a GitHub Release
#
# Note that the GitHub Release will be created with a generated
# title/body based on your changelogs.

name: Release
permissions:
  "contents": "write"

# This task will run whenever you push a git tag that looks like a version
# like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc.
# Various formats will be parsed into a VERSION and an optional PACKAGE_NAME, where
# PACKAGE_NAME must be the name of a Cargo package in your workspace, and VERSION
# must be a Cargo-style SemVer Version (must have at least major.minor.patch).
#
# If PACKAGE_NAME is specified, then the announcement will be for that
# package (erroring out if it doesn't have the given version or isn't dist-able).
#
# If PACKAGE_NAME isn't specified, then the announcement will be for all
# (dist-able) packages in the workspace with that version (this mode is
# intended for workspaces with only one dist-able package, or with all dist-able
# packages versioned/released in lockstep).
#
# If you push multiple tags at once, separate instances of this workflow will
# spin up, creating an independent announcement for each one. However, GitHub
# will hard limit this to 3 tags per commit, as it will assume more tags is a
# mistake.
#
# If there's a prerelease-style suffix to the version, then the release(s)
# will be marked as a prerelease.
on:
  pull_request:
  push:
    tags:
      - '**[0-9]+.[0-9]+.[0-9]+*'

jobs:
  # Run 'dist plan' (or host) to determine what tasks we need to do
  plan:
    runs-on: "ubuntu-24.04"
    outputs:
      val: ${{ steps.plan.outputs.manifest }}
      tag: ${{ !github.event.pull_request && github.ref_name || '' }}
      tag-flag: ${{ !github.event.pull_request && format('--tag={0}', github.ref_name) || '' }}
      publishing: ${{ !github.event.pull_request }}
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Install dist
        # we specify bash to get pipefail; it guards against the `curl` command
        # failing. otherwise `sh` won't catch that `curl` returned non-0
        shell: bash
        run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.31.0/cargo-dist-installer.sh | sh"
      - name: Cache dist
        uses: actions/upload-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/dist
      # sure would be cool if github gave us proper conditionals...
      # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible
      # functionality based on whether this is a pull_request, and whether it's from a fork.
      # (PRs run on the *source* but secrets are usually on the *target* -- that's *good*
      # but also really annoying to build CI around when it needs secrets to work right.)
      - id: plan
        run: |
          dist ${{ (!github.event.pull_request && format('plan --tag={0}', github.ref_name)) || 'plan' }} --output-format=json > plan-dist-manifest.json
          echo "dist ran successfully"
          cat plan-dist-manifest.json
          echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
        uses: actions/upload-artifact@v4
        with:
          name: artifacts-plan-dist-manifest
          path: plan-dist-manifest.json

  # Build and packages all the platform-specific things
  build-local-artifacts:
    name: build-local-artifacts (${{ join(matrix.targets, ', ') }})
    # Let the initial task tell us to not run (currently very blunt)
    needs:
      - plan
    if: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix.include != null && (needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload') }}
    strategy:
      fail-fast: false
      # Target platforms/runners are computed by dist in create-release.
      # Each member of the matrix has the following arguments:
      #
      # - runner: the github runner
      # - dist-args: cli flags to pass to dist
      # - install-dist: expression to run to install dist on the runner
      #
      # Typically there will be:
      # - 1 "global" task that builds universal installers
      # - N "local" tasks that build each platform's binaries and platform-specific installers
      matrix: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix }}
    runs-on: ${{ matrix.runner }}
    container: ${{ matrix.container && matrix.container.image || null }}
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      BUILD_MANIFEST_NAME: target/distrib/${{ join(matrix.targets, '-') }}-dist-manifest.json
    steps:
      - name: enable windows longpaths
        run: |
          git config --global core.longpaths true
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Install Rust non-interactively if not already installed
        if: ${{ matrix.container }}
        run: |
          if ! command -v cargo > /dev/null 2>&1; then
            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
            echo "$HOME/.cargo/bin" >> $GITHUB_PATH
          fi
      - name: Install dist
        run: ${{ matrix.install_dist.run }}
      # Get the dist-manifest
      - name: Fetch local artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
          merge-multiple: true
      - name: Install dependencies
        run: |
          ${{ matrix.packages_install }}
      - name: Build artifacts
        run: |
          # Actually do builds and make zips and whatnot
          dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json
          echo "dist ran successfully"
      - id: cargo-dist
        name: Post-build
        # We force bash here just because github makes it really hard to get values up
        # to "real" actions without writing to env-vars, and writing to env-vars has
        # inconsistent syntax between shell and powershell.
        shell: bash
        run: |
          # Parse out what we just built and upload it to scratch storage
          echo "paths<<EOF" >> "$GITHUB_OUTPUT"
          dist print-upload-files-from-manifest --manifest dist-manifest.json >> "$GITHUB_OUTPUT"
          echo "EOF" >> "$GITHUB_OUTPUT"

          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
      - name: "Upload artifacts"
        uses: actions/upload-artifact@v4
        with:
          name: artifacts-build-local-${{ join(matrix.targets, '_') }}
          path: |
            ${{ steps.cargo-dist.outputs.paths }}
            ${{ env.BUILD_MANIFEST_NAME }}

  # Build and package all the platform-agnostic(ish) things
  build-global-artifacts:
    needs:
      - plan
      - build-local-artifacts
    runs-on: "ubuntu-24.04"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
        uses: actions/download-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Get all the local artifacts for the global tasks to use (for e.g. checksums)
      - name: Fetch local artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
          merge-multiple: true
      - id: cargo-dist
        shell: bash
        run: |
          dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json
          echo "dist ran successfully"

          # Parse out what we just built and upload it to scratch storage
          echo "paths<<EOF" >> "$GITHUB_OUTPUT"
          jq --raw-output ".upload_files[]" dist-manifest.json >> "$GITHUB_OUTPUT"
          echo "EOF" >> "$GITHUB_OUTPUT"

          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
      - name: Refresh npm package shrinkwrap against current CVE database
        shell: bash
        run: |
          NPM_PKG_DIR="target/distrib/reflex-search-npm-package"
          if [ -d "$NPM_PKG_DIR" ]; then
            cd "$NPM_PKG_DIR"
            # cargo-dist ships a shrinkwrap baked at its release time; regenerate
            # it against today's registry so transitive CVEs get the fix versions.
            # --ignore-scripts skips the package's postinstall (which downloads the
            # rfx binary from a release tag that doesn't exist yet at this stage).
            npm install --ignore-scripts
            npm audit fix --ignore-scripts
            # Hard gate: fail the release if anything high/critical remains.
            npm audit --audit-level=high
            cd -
            # Repackage with the refreshed shrinkwrap.
            # --dereference: npm install creates symlinks in node_modules/.bin/;
            # the npm registry rejects tarballs containing symlinks, so flatten
            # them into regular files at pack time.
            TARBALL="target/distrib/reflex-search-npm-package.tar.gz"
            tar -czhf "$TARBALL" -C target/distrib --transform 's|^reflex-search-npm-package|package|' reflex-search-npm-package
          fi
      - name: "Upload artifacts"
        uses: actions/upload-artifact@v4
        with:
          name: artifacts-build-global
          path: |
            ${{ steps.cargo-dist.outputs.paths }}
            ${{ env.BUILD_MANIFEST_NAME }}
  # Determines if we should publish/announce
  host:
    needs:
      - plan
      - build-local-artifacts
      - build-global-artifacts
    # Only run if we're "publishing", and only if plan, local and global didn't fail (skipped is fine)
    if: ${{ always() && needs.plan.result == 'success' && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.build-local-artifacts.result == 'skipped' || needs.build-local-artifacts.result == 'success') }}
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    runs-on: "ubuntu-24.04"
    outputs:
      val: ${{ steps.host.outputs.manifest }}
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Install cached dist
        uses: actions/download-artifact@v4
        with:
          name: cargo-dist-cache
          path: ~/.cargo/bin/
      - run: chmod +x ~/.cargo/bin/dist
      # Fetch artifacts from scratch-storage
      - name: Fetch artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: target/distrib/
          merge-multiple: true
      - id: host
        shell: bash
        run: |
          # Generate release metadata without creating the actual release
          # We'll create it manually after extracting binaries
          echo '{"announcement_tag":"${{ needs.plan.outputs.tag }}","announcement_title":"reflex ${{ needs.plan.outputs.tag }}","announcement_is_prerelease":false,"announcement_github_body":"Release ${{ needs.plan.outputs.tag }}"}' > dist-manifest.json
          echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT"
      - name: "Upload dist-manifest.json"
        uses: actions/upload-artifact@v4
        with:
          # Overwrite the previous copy
          name: artifacts-dist-manifest
          path: dist-manifest.json
      # Create a GitHub Release while uploading all files to it
      - name: "Download GitHub Artifacts"
        uses: actions/download-artifact@v4
        with:
          pattern: artifacts-*
          path: artifacts
          merge-multiple: true
      - name: Cleanup
        run: |
          # Remove the granular manifests
          rm -f artifacts/*-dist-manifest.json
      - name: Extract raw binaries from archives
        run: |
          set -e
          cd artifacts

          echo "=== Files in artifacts directory before extraction ==="
          ls -la

          # Process tar.xz archives (Unix/Linux/macOS)
          for archive in *.tar.xz; do
            if [ -f "$archive" ]; then
              echo "=== Processing $archive ==="
              # Extract archive to temporary directory
              temp_dir="temp_${archive%.tar.xz}"
              mkdir -p "$temp_dir"
              tar -xf "$archive" -C "$temp_dir"

              # Find the binary (rfx) - recursively search
              binary=$(find "$temp_dir" -type f -name "rfx" | head -1)
              if [ -n "$binary" ]; then
                # Extract platform from archive filename and transform to friendly name
                platform=$(echo "$archive" | sed 's/^reflex-//' | sed 's/\.tar\.xz$//')

                # Transform to friendly names
                case "$platform" in
                  x86_64-unknown-linux-gnu)
                    friendly_name="rfx-linux-x64"
                    ;;
                  aarch64-unknown-linux-gnu)
                    friendly_name="rfx-linux-arm64"
                    ;;
                  x86_64-apple-darwin)
                    friendly_name="rfx-macos-x64"
                    ;;
                  aarch64-apple-darwin)
                    friendly_name="rfx-macos-arm64"
                    ;;
                  *)
                    friendly_name="rfx-${platform}"
                    ;;
                esac

                echo "Found binary: $binary -> $friendly_name"
                cp "$binary" "$friendly_name"
                chmod +x "$friendly_name"
              else
                echo "WARNING: No rfx binary found in $archive"
              fi

              # Clean up temp directory
              rm -rf "$temp_dir"
            fi
          done

          # Process zip archives (Windows)
          for archive in *.zip; do
            # Skip source code archives
            if [[ "$archive" == *"reflex-"* ]]; then
              echo "=== Processing $archive ==="
              # Extract archive to temporary directory
              temp_dir="temp_${archive%.zip}"
              mkdir -p "$temp_dir"
              unzip -q "$archive" -d "$temp_dir"

              # Find the binary (rfx.exe) - recursively search
              binary=$(find "$temp_dir" -type f -name "rfx.exe" | head -1)
              if [ -n "$binary" ]; then
                # Extract platform from archive filename and transform to friendly name
                platform=$(echo "$archive" | sed 's/^reflex-//' | sed 's/\.zip$//')

                # Transform to friendly name
                case "$platform" in
                  x86_64-pc-windows-msvc)
                    friendly_name="rfx-windows-x64.exe"
                    ;;
                  *)
                    friendly_name="rfx-${platform}.exe"
                    ;;
                esac

                echo "Found binary: $binary -> $friendly_name"
                cp "$binary" "$friendly_name"
              else
                echo "WARNING: No rfx.exe binary found in $archive"
              fi

              # Clean up temp directory
              rm -rf "$temp_dir"
            fi
          done

          echo "=== Files to be uploaded to release ==="
          ls -lh

          echo "=== Binaries found ==="
          ls -lh rfx* 2>/dev/null || echo "No binaries found!"

          echo "=== Installers found ==="
          ls -lh *installer* 2>/dev/null || echo "No installers found!"
      - name: Create GitHub Release
        env:
          PRERELEASE_FLAG: "${{ fromJson(steps.host.outputs.manifest).announcement_is_prerelease && '--prerelease' || '' }}"
          ANNOUNCEMENT_TITLE: "${{ fromJson(steps.host.outputs.manifest).announcement_title }}"
          ANNOUNCEMENT_BODY: "${{ fromJson(steps.host.outputs.manifest).announcement_github_body }}"
          RELEASE_COMMIT: "${{ github.sha }}"
        run: |
          # Write and read notes from a file to avoid quoting breaking things
          echo "$ANNOUNCEMENT_BODY" > $RUNNER_TEMP/notes.txt

          # Upload binaries, installers, and archives (archives needed for npm/homebrew)
          cd artifacts
          gh release create "${{ needs.plan.outputs.tag }}" \
            --target "$RELEASE_COMMIT" \
            $PRERELEASE_FLAG \
            --title "$ANNOUNCEMENT_TITLE" \
            --notes-file "$RUNNER_TEMP/notes.txt" \
            rfx-* \
            *installer* \
            *-npm-package.tar.gz \
            *.tar.xz \
            *.zip

  announce:
    needs:
      - plan
      - host
    # use "always() && ..." to allow us to wait for all publish jobs while
    # still allowing individual publish jobs to skip themselves (for prereleases).
    # "host" however must run to completion, no skipping allowed!
    if: ${{ always() && needs.host.result == 'success' }}
    runs-on: "ubuntu-24.04"
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive