---
name: New version build, release and update repositories
on:
push:
tags:
- "v*.*.*"
permissions:
contents: write jobs:
build-macos:
name: Build macOS Binaries
runs-on: macos-latest
strategy:
matrix:
target: [aarch64-apple-darwin, x86_64-apple-darwin]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Add target
run: rustup target add ${{ matrix.target }}
- name: Build binary
run: cargo build --release --target ${{ matrix.target }}
- name: Rename and compress binary
run: |
mkdir -p bin
cp target/${{ matrix.target }}/release/tempesta bin/tempesta
tar -czvf bin/tempesta-${{ matrix.target }}.tar.gz -C bin tempesta
- name: Upload binary as artifact
uses: actions/upload-artifact@v4
with:
name: tempesta-${{ matrix.target }}
path: bin/tempesta-${{ matrix.target }}.tar.gz
build-linux:
name: Build Arch Linux Packages
runs-on: ubuntu-latest
strategy:
matrix:
target: [x86_64-unknown-linux-gnu, aarch64-unknown-linux-gnu]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install cross
run: cargo install cross
- name: Add target
run: rustup target add ${{ matrix.target }}
- name: Build binary with cross
run: cross build --release --target ${{ matrix.target }}
- name: Rename and compress binary
run: |
mkdir -p bin
cp target/${{ matrix.target }}/release/tempesta bin/tempesta
tar -czvf bin/tempesta-${{ matrix.target }}.tar.gz -C bin tempesta
- name: Upload binary as artifact
uses: actions/upload-artifact@v4
with:
name: tempesta-${{ matrix.target }}
path: bin/tempesta-${{ matrix.target }}.tar.gz
release:
name: Create GitHub Release
needs: [build-macos, build-linux]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download macOS artifacts (aarch64)
uses: actions/download-artifact@v4
with:
name: tempesta-aarch64-apple-darwin
path: bin
- name: Download macOS artifacts (x86_64)
uses: actions/download-artifact@v4
with:
name: tempesta-x86_64-apple-darwin
path: bin
- name: Download Linux artifacts (x86_64)
uses: actions/download-artifact@v4
with:
name: tempesta-x86_64-unknown-linux-gnu
path: bin
- name: Download Linux artifacts (aarch64)
uses: actions/download-artifact@v4
with:
name: tempesta-aarch64-unknown-linux-gnu
path: bin
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
files: bin/**
token: ${{ secrets.GITHUB_TOKEN }}
draft: false
prerelease: false
- name: Trigger Homebrew Tap Update
run: |
curl -X POST -H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.HOMEBREW_PAT }}" \
https://api.github.com/repos/x71c9/homebrew-x71c9/dispatches \
-d '{"event_type": "update-tempesta", "client_payload": {"tag": "${{ github.ref_name }}"}}'
update-aur:
name: Update AUR
needs: release
runs-on: ubuntu-latest
container:
image: archlinux:latest
steps:
- name: Install dependencies
run: |
pacman -Syu --noconfirm base-devel coreutils curl git openssh sudo
- name: Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SECRET_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -t rsa,ecdsa,ed25519 aur.archlinux.org >> ~/.ssh/known_hosts
- name: Checkout AUR Repository
run: |
GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ed25519 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no" \
git clone ssh://aur@aur.archlinux.org/tempesta.git aur-tempesta
- name: Create non-root build user
run: |
useradd -m builduser
echo "builduser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
chown -R builduser:builduser aur-tempesta
mkdir -p /home/builduser/.ssh
cp ~/.ssh/id_ed25519 /home/builduser/.ssh/id_ed25519
chown -R builduser:builduser /home/builduser/.ssh
chmod 600 /home/builduser/.ssh/id_ed25519
- name: Update PKGBUILD and Push to AUR
run: |
sudo -E -H -u builduser bash <<'SCRIPT'
cd aur-tempesta
version=${GITHUB_REF_NAME#v}
curl -OL https://codeload.github.com/x71c9/tempesta/tar.gz/refs/tags/v${version}
sha256sum=$(sha256sum v${version} | awk '{print $1}')
cat > PKGBUILD <<EOF
pkgname=tempesta
pkgver=${version}
pkgrel=1
pkgdesc="The fastest and lightest bookmark manager CLI written in Rust"
arch=('x86_64' 'aarch64')
url="https://github.com/x71c9/tempesta"
license=('MIT')
depends=('glibc')
makedepends=('rust')
source=("\$pkgname-\$pkgver.tar.gz::https://codeload.github.com/x71c9/\$pkgname/tar.gz/refs/tags/v\$pkgver")
sha256sums=("${sha256sum}")
prepare() {
cd "\$pkgname-\$pkgver"
export RUSTUP_TOOLCHAIN=stable
cargo fetch --locked --target "\$(rustc -vV | sed -n 's/host: //p')"
}
build() {
cd "\$pkgname-\$pkgver"
export RUSTUP_TOOLCHAIN=stable
export CARGO_TARGET_DIR=target
cargo build --frozen --release --all-features
}
package() {
cd "\$pkgname-\$pkgver"
install -Dm0755 -t "\$pkgdir/usr/bin/" "target/release/\$pkgname"
}
EOF
cat PKGBUILD
makepkg --printsrcinfo > .SRCINFO
git config user.email "mail@x71c9.com"
git config user.name "x71c9"
git add .
git commit -m "chore(release): release ${version}"
GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ed25519 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no" git push origin master
SCRIPT
update-nur:
name: Update NUR
needs: release
runs-on: ubuntu-latest
steps:
- name: Install Nix
uses: cachix/install-nix-action@v25
- name: Checkout tempesta repository
uses: actions/checkout@v4
- name: Checkout NUR packages repository
uses: actions/checkout@v4
with:
repository: x71c9/nur-packages
token: ${{ secrets.NUR_PAT }}
path: nur-packages
- name: Update tempesta package
run: |
cd nur-packages
version=${GITHUB_REF_NAME#v}
echo "Updating tempesta to version ${version}"
# Step 1: Update version in default.nix
sed -i "s/version = \"[^\"]*\"/version = \"${version}\"/" pkgs/tempesta/default.nix
echo "✓ Updated version to ${version}"
# Step 2: Get and update source hash
echo "Calculating source hash..."
base32_hash=$(nix-prefetch-url --unpack "https://github.com/x71c9/tempesta/archive/refs/tags/v${version}.tar.gz")
if [[ -z "$base32_hash" ]]; then
echo "❌ Failed to get source hash"
exit 1
fi
new_hash=$(nix-hash --type sha256 --to-sri "$base32_hash")
if [[ ! "$new_hash" =~ ^sha256- ]]; then
echo "❌ Invalid source hash format: $new_hash"
exit 1
fi
sed -i "s|hash = \"[^\"]*\"|hash = \"${new_hash}\"|" pkgs/tempesta/default.nix
echo "✓ Updated source hash to ${new_hash}"
# Step 3: Get cargoHash by building and extracting from error
echo "Determining correct cargoHash..."
# Set a placeholder cargoHash that will fail
sed -i "s|cargoHash = \"[^\"]*\"|cargoHash = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\"|" pkgs/tempesta/default.nix
# Build and capture error (disable exit on error)
set +e
timeout 300s nix-build -E "with import (builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz) {}; callPackage ./pkgs/tempesta/default.nix {}" 2>/tmp/build_error >/dev/null
build_result=$?
set -e
if [[ $build_result -ne 0 ]]; then
echo "Build failed as expected, extracting cargoHash..."
# Check if we got a hash mismatch error
if grep -q "got:" /tmp/build_error && grep -q "vendor" /tmp/build_error; then
# Extract the correct cargoHash
correct_cargo_hash=$(grep "got:" /tmp/build_error | grep "sha256-" | tail -1 | sed 's/.*got:[[:space:]]*\(sha256-[A-Za-z0-9+/=]*\).*/\1/')
if [[ -n "$correct_cargo_hash" && "$correct_cargo_hash" =~ ^sha256- ]]; then
# Update with correct cargoHash
sed -i "s|cargoHash = \"[^\"]*\"|cargoHash = \"${correct_cargo_hash}\"|" pkgs/tempesta/default.nix
echo "✓ Updated cargoHash to ${correct_cargo_hash}"
else
echo "❌ Failed to extract valid cargoHash from error"
echo "Error output:"
cat /tmp/build_error
exit 1
fi
else
echo "❌ No cargoHash mismatch found in build error"
echo "Error output:"
cat /tmp/build_error
exit 1
fi
else
echo "❌ Build succeeded unexpectedly - cargoHash may already be correct"
exit 1
fi
# Step 4: Verify the fix by testing build
echo "Verifying the fix..."
if timeout 300s nix-build -E "with import (builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz) {}; callPackage ./pkgs/tempesta/default.nix {}" >/dev/null 2>&1; then
echo "✓ Build verification successful"
else
echo "❌ Build verification failed - hashes may still be incorrect"
exit 1
fi
# Step 5: Commit and push changes
echo "Committing changes..."
git config user.email "108585118+x71c9@users.noreply.github.com"
git config user.name "x71c9"
git add pkgs/tempesta/default.nix
git commit -m "tempesta: ${version}"
git push origin main
echo "✓ Changes committed and pushed successfully"