tracexec 0.17.0

Tracer for execve{,at} and pre-exec behavior, launcher for debuggers.
name: Release

permissions:
  contents: write

on:
  push:
    tags:
      - v[0-9]+.*
      - test-release.*

jobs:
  create-release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: taiki-e/create-gh-release-action@v1
        with:
          changelog: CHANGELOG.md
          draft: true
          # (required) GitHub token for creating GitHub Releases.
          token: ${{ secrets.GITHUB_TOKEN }}

  upload-assets:
    strategy:
      matrix:
        include:
          - os: ubuntu-24.04
            os-arch: amd64
            target: x86_64-unknown-linux-gnu
            arch: x86_64
            libpath: usr/lib/x86_64-linux-gnu
            no-default-features: false
          - os: ubuntu-24.04
            os-arch: amd64
            target: x86_64-unknown-linux-gnu
            arch: x86_64
            libpath: usr/lib/x86_64-linux-gnu
            no-default-features: false
            features: static,vendored
            artifact-suffix: -static
            rust_flags: -C target-feature=+crt-static
            static_libseccomp: true
          - os: ubuntu-24.04
            os-arch: arm64
            target: aarch64-unknown-linux-gnu
            arch: aarch64
            libpath: usr/lib/aarch64-linux-gnu
            no-default-features: false
          - os: ubuntu-24.04
            os-arch: arm64
            target: aarch64-unknown-linux-gnu
            arch: aarch64
            libpath: usr/lib/aarch64-linux-gnu
            no-default-features: false
            features: static,vendored
            artifact-suffix: -static
            rust_flags: -C target-feature=+crt-static
            static_libseccomp: true
          - os: ubuntu-24.04
            os-arch: riscv64
            target: riscv64gc-unknown-linux-gnu
            arch: riscv64
            libpath: usr/lib/riscv64-linux-gnu
            no-default-features: false
          - os: ubuntu-24.04
            os-arch: riscv64
            target: riscv64gc-unknown-linux-gnu
            arch: riscv64
            libpath: usr/lib/riscv64-linux-gnu
            no-default-features: false
            features: static,vendored
            artifact-suffix: -static
            rust_flags: -C target-feature=+crt-static
            static_libseccomp: true
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v3
      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt
      - uses: taiki-e/install-action@v2
        with:
          tool: cargo-about
      - uses: Swatinem/rust-cache@v2
        with:
          prefix-key: ${{ matrix.os }}-${{ matrix.target }}-rust
          cache-targets: true
          cache-on-failure: false

      - name: Add apt sources for ${{ matrix.os-arch }}
        if: matrix.os-arch != 'amd64'
        run: |
          dpkg --add-architecture ${{ matrix.os-arch }}

          release=$(. /etc/os-release && echo "$UBUNTU_CODENAME")
          sed -i '/Types: deb/aArchitectures: amd64' /etc/apt/sources.list.d/ubuntu.sources
          printf 'deb [arch=${{ matrix.os-arch }}] http://ports.ubuntu.com/ %s main restricted\n' \
              $release $release-updates $release-security \
              >> /etc/apt/sources.list
        shell: sudo sh -e {0}
      - name: Install native dependencies
        if: runner.os == 'Linux'
        run: |
          sudo apt update -y
          sudo apt install -y {binutils,gcc}-{aarch64,riscv64}-linux-gnu \
          build-essential autopoint gettext libelf-dev zlib1g-dev \
          protobuf-compiler \
          libelf-dev:${{ matrix.os-arch }} zlib1g-dev:${{ matrix.os-arch }}
          sudo apt-get install -y libseccomp-dev:${{ matrix.os-arch }}
          if ! [ "${{ matrix.static_libseccomp }}" = "true" ]; then
            sudo apt-get install -y libseccomp2:${{ matrix.os-arch }}
          fi
      - name: Generate third-party licenses
        run: cargo about generate -o THIRD_PARTY_LICENSES.HTML about.hbs
      - uses: taiki-e/upload-rust-binary-action@v1
        env:
          RUSTFLAGS: ${{ matrix.rust_flags }}
          LIBSECCOMP_LINK_TYPE: ${{ matrix.static_libseccomp && 'static' || 'dylib' }}
          LIBSECCOMP_LIB_PATH: ${{ matrix.static_libseccomp && format('/{0}', matrix.libpath) || '/this/path/does/not/exist' }}
        #   LIBBPF_SYS_LIBRARY_PATH: ${{ github.workspace }}/3rdparty/${{ matrix.arch }}/${{ matrix.libpath }}
        #   LIBBPF_SYS_EXTRA_CFLAGS: -I ${{ github.workspace }}/3rdparty/${{ matrix.arch }}/usr/include
        with:
          bin: tracexec
          build-tool: cargo
          token: ${{ secrets.GITHUB_TOKEN }}
          archive: $bin-$target${{ matrix.artifact-suffix }}
          target: ${{ matrix.target }}
          no-default-features: ${{ matrix.no-default-features }}
          features: ${{ matrix.features }}
          include: THIRD_PARTY_LICENSES.HTML,LICENSE