name: Release
on:
push:
tags: ["v*"]
permissions:
contents: read
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
env:
CARGO_TERM_COLOR: always
jobs:
version-check:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
persist-credentials: false
- name: Verify versions match tag
run: |
set -euo pipefail
TAG="${GITHUB_REF#refs/tags/v}"
CARGO_VER=$(grep '^version' Cargo.toml | head -1 | sed 's/.*"\(.*\)"/\1/')
NPM_VER=$(node -p "require('./npm/package.json').version")
echo "Tag: $TAG Cargo: $CARGO_VER npm: $NPM_VER"
if [ "$CARGO_VER" != "$TAG" ]; then
echo "::error::Cargo.toml version ($CARGO_VER) does not match tag ($TAG)"
exit 1
fi
if [ "$NPM_VER" != "$TAG" ]; then
echo "::error::npm/package.json version ($NPM_VER) does not match tag ($TAG)"
exit 1
fi
build:
needs: version-check
permissions:
contents: read
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
cross: true
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
cross: true
- target: x86_64-apple-darwin
os: macos-latest
cross: false
- target: aarch64-apple-darwin
os: macos-latest
cross: false
- target: x86_64-pc-windows-msvc
os: windows-latest
cross: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 with:
key: ${{ matrix.target }}
- name: Install cross
if: matrix.cross
run: cargo install cross --version 0.2.5 --locked
- name: Build
shell: bash
run: |
set -euo pipefail
if [ "${{ matrix.cross }}" = "true" ]; then
cross build --release --locked --target ${{ matrix.target }} --bin srcwalk
else
cargo build --release --locked --target ${{ matrix.target }} --bin srcwalk
fi
- name: Package (unix)
if: matrix.os != 'windows-latest'
shell: bash
run: |
set -euo pipefail
cd target/${{ matrix.target }}/release
tar czf ../../../srcwalk-${{ matrix.target }}.tar.gz srcwalk
cd ../../..
shasum -a 256 srcwalk-${{ matrix.target }}.tar.gz > srcwalk-${{ matrix.target }}.tar.gz.sha256
- name: Package (windows)
if: matrix.os == 'windows-latest'
shell: bash
run: |
set -euo pipefail
cd target/${{ matrix.target }}/release
7z a ../../../srcwalk-${{ matrix.target }}.zip srcwalk.exe
cd ../../..
sha256sum srcwalk-${{ matrix.target }}.zip > srcwalk-${{ matrix.target }}.zip.sha256
- name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with:
name: srcwalk-${{ matrix.target }}
path: |
srcwalk-${{ matrix.target }}.tar.gz
srcwalk-${{ matrix.target }}.tar.gz.sha256
srcwalk-${{ matrix.target }}.zip
srcwalk-${{ matrix.target }}.zip.sha256
if-no-files-found: ignore
retention-days: 7
release:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write id-token: write attestations: write steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with:
persist-credentials: false
- name: Download all artifacts
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 with:
path: dist
merge-multiple: true
- name: List artifacts
run: ls -la dist/
- name: Attest build provenance
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with:
subject-path: |
dist/srcwalk-*.tar.gz
dist/srcwalk-*.zip
- name: Create release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with:
files: |
dist/srcwalk-*.tar.gz
dist/srcwalk-*.tar.gz.sha256
dist/srcwalk-*.zip
dist/srcwalk-*.zip.sha256
generate_release_notes: true
fail_on_unmatched_files: true