name: CD
on:
push:
tags:
- "v*.*.*"
env:
APP_NAME: s3sync
jobs:
release-linux:
name: release for linux
runs-on: ubuntu-latest
container: quay.io/pypa/manylinux_2_28_x86_64
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: checkout
uses: actions/checkout@v6
- name: build and packaging final binary
shell: bash
run: |
BINARY_NAME=$APP_NAME
VERSION=${GITHUB_REF_NAME#v}
RELEASE_NAME=$APP_NAME-$VERSION-linux-glibc2.28-x86_64
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs >./rust_install.sh
chmod +x rust_install.sh
./rust_install.sh -y
source "$HOME/.cargo/env"
rustup update
git config --global --add safe.directory "$GITHUB_WORKSPACE"
cargo build --locked --release --target x86_64-unknown-linux-gnu
cd target/x86_64-unknown-linux-gnu/release
tar czvf $RELEASE_NAME.tar.gz $BINARY_NAME
sha256sum $RELEASE_NAME.tar.gz > $RELEASE_NAME.tar.gz.sha256
- name: set version without v
run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
- name: attest build provenance
uses: actions/attest-build-provenance@v4
with:
subject-path: target/x86_64-unknown-linux-gnu/release/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-glibc2.28-x86_64.tar.gz
- name: releasing assets
uses: softprops/action-gh-release@v3
with:
draft: true
files: |
target/x86_64-unknown-linux-gnu/release/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-glibc2.28-x86_64.tar.gz
target/x86_64-unknown-linux-gnu/release/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-glibc2.28-x86_64.tar.gz.sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release-linux-musl:
name: release for linux musl
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: checkout
uses: actions/checkout@v6
- name: build and packaging final binary
shell: bash
run: |
BINARY_NAME=$APP_NAME
VERSION=${GITHUB_REF_NAME#v}
RELEASE_NAME=$APP_NAME-$VERSION-linux-musl-x86_64
sudo apt update && sudo apt install -y git curl musl-dev musl-tools build-essential
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs >./rust_install.sh
chmod +x rust_install.sh
./rust_install.sh -y
source "$HOME/.cargo/env"
rustup target add x86_64-unknown-linux-musl
git config --global --add safe.directory "$GITHUB_WORKSPACE"
cargo build --locked --profile release-min-size --target x86_64-unknown-linux-musl
cd target/x86_64-unknown-linux-musl/release-min-size
tar czvf $RELEASE_NAME.tar.gz $BINARY_NAME
sha256sum $RELEASE_NAME.tar.gz > $RELEASE_NAME.tar.gz.sha256
- name: set version without v
run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
- name: attest build provenance
uses: actions/attest-build-provenance@v4
with:
subject-path: target/x86_64-unknown-linux-musl/release-min-size/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-musl-x86_64.tar.gz
- name: releasing assets
uses: softprops/action-gh-release@v3
with:
draft: true
files: |
target/x86_64-unknown-linux-musl/release-min-size/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-musl-x86_64.tar.gz
target/x86_64-unknown-linux-musl/release-min-size/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-musl-x86_64.tar.gz.sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release-arm-linux:
name: release for arm64 linux
runs-on: ubuntu-24.04-arm
container: quay.io/pypa/manylinux_2_28_aarch64
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: checkout
uses: actions/checkout@v6
- name: build and packaging final binary
shell: bash
run: |
BINARY_NAME=$APP_NAME
VERSION=${GITHUB_REF_NAME#v}
RELEASE_NAME=$APP_NAME-$VERSION-linux-glibc2.28-aarch64
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs >./rust_install.sh
chmod +x rust_install.sh
./rust_install.sh -y
source "$HOME/.cargo/env"
rustup update
git config --global --add safe.directory "$GITHUB_WORKSPACE"
cargo build --locked --release --target aarch64-unknown-linux-gnu
cd target/aarch64-unknown-linux-gnu/release
tar czvf $RELEASE_NAME.tar.gz $BINARY_NAME
sha256sum $RELEASE_NAME.tar.gz > $RELEASE_NAME.tar.gz.sha256
- name: set version without v
run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
- name: attest build provenance
uses: actions/attest-build-provenance@v4
with:
subject-path: target/aarch64-unknown-linux-gnu/release/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-glibc2.28-aarch64.tar.gz
- name: releasing assets
uses: softprops/action-gh-release@v3
with:
draft: true
files: |
target/aarch64-unknown-linux-gnu/release/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-glibc2.28-aarch64.tar.gz
target/aarch64-unknown-linux-gnu/release/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-glibc2.28-aarch64.tar.gz.sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release-arm-linux-musl:
name: release for arm64 linux musl
runs-on: ubuntu-24.04-arm
permissions:
contents: write
id-token: write
attestations: write
steps:
- name: checkout
uses: actions/checkout@v6
- name: build and packaging final binary
shell: bash
run: |
BINARY_NAME=$APP_NAME
VERSION=${GITHUB_REF_NAME#v}
RELEASE_NAME=$APP_NAME-$VERSION-linux-musl-aarch64
sudo apt update && sudo apt install -y git curl musl-dev musl-tools build-essential
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs >./rust_install.sh
chmod +x rust_install.sh
./rust_install.sh -y
source "$HOME/.cargo/env"
rustup target add aarch64-unknown-linux-musl
git config --global --add safe.directory "$GITHUB_WORKSPACE"
cargo build --locked --profile release-min-size --target aarch64-unknown-linux-musl
cd target/aarch64-unknown-linux-musl/release-min-size
tar czvf $RELEASE_NAME.tar.gz $BINARY_NAME
sha256sum $RELEASE_NAME.tar.gz > $RELEASE_NAME.tar.gz.sha256
- name: set version without v
run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
- name: attest build provenance
uses: actions/attest-build-provenance@v4
with:
subject-path: target/aarch64-unknown-linux-musl/release-min-size/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-musl-aarch64.tar.gz
- name: releasing assets
uses: softprops/action-gh-release@v3
with:
draft: true
files: |
target/aarch64-unknown-linux-musl/release-min-size/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-musl-aarch64.tar.gz
target/aarch64-unknown-linux-musl/release-min-size/${{ env.APP_NAME }}-${{ env.VERSION }}-linux-musl-aarch64.tar.gz.sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
release-others:
name: release for ${{ matrix.os }}
runs-on: ${{ matrix.os }}
permissions:
contents: write
id-token: write
attestations: write
strategy:
matrix:
os: [ macos-latest, windows-latest ]
include:
- os: macos-latest
artifact_suffix: macos-aarch64
target: aarch64-apple-darwin
file_extension: ""
- os: windows-latest
artifact_suffix: windows-x86_64
target: x86_64-pc-windows-msvc
file_extension: ".exe"
steps:
- name: install rust toolchain
run: rustup update
- name: checkout
uses: actions/checkout@v6
- name: cargo build
run: cargo build --locked --release --target ${{ matrix.target }}
- name: Packaging final binary
shell: bash
run: |
BINARY_NAME=$APP_NAME${{ matrix.file_extension }}
VERSION=${GITHUB_REF_NAME#v}
RELEASE_NAME=$APP_NAME-$VERSION-${{ matrix.artifact_suffix }}
cd target/${{ matrix.target }}/release
tar czvf $RELEASE_NAME.tar.gz $BINARY_NAME
if [[ ${{ runner.os }} == 'Windows' ]]; then
certutil -hashfile $RELEASE_NAME.tar.gz sha256 | grep -E [A-Fa-f0-9]{64} > $RELEASE_NAME.tar.gz.sha256
else
shasum -a 256 $RELEASE_NAME.tar.gz > $RELEASE_NAME.tar.gz.sha256
fi
- name: set VERSION (bash)
if: runner.os != 'Windows'
shell: bash
run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
- name: set VERSION (pwsh)
if: runner.os == 'Windows'
shell: pwsh
run: |
$version = $env:GITHUB_REF_NAME -replace '^v',''
Add-Content -Path $env:GITHUB_ENV -Value "VERSION=$version"
- name: attest build provenance
uses: actions/attest-build-provenance@v4
with:
subject-path: target/${{ matrix.target }}/release/${{ env.APP_NAME }}-${{ env.VERSION }}-${{ matrix.artifact_suffix }}.tar.gz
- name: releasing assets
uses: softprops/action-gh-release@v3
with:
draft: true
files: |
target/${{ matrix.target }}/release/${{ env.APP_NAME }}-${{ env.VERSION }}-${{ matrix.artifact_suffix }}.tar.gz
target/${{ matrix.target }}/release/${{ env.APP_NAME }}-${{ env.VERSION }}-${{ matrix.artifact_suffix }}.tar.gz.sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-release:
name: publish release
needs: [ release-linux, release-linux-musl, release-arm-linux, release-arm-linux-musl, release-others ]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: publish release
uses: softprops/action-gh-release@v3
with:
draft: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-crates-io:
name: publish to crates.io
needs: [ publish-release ]
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
contents: read
steps:
- name: checkout
uses: actions/checkout@v6
- name: install rust toolchain
run: rustup update
- name: authenticate with crates.io
id: auth
uses: rust-lang/crates-io-auth-action@v1
- name: publish to crates.io
run: cargo publish --locked
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}