yage 0.5.0

A simple tool to manage encrypted secrets in YAML files with age encryption
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187

name: release

# Only do the release on x.y.z tags.
on:
  push:
    tags:
    - "[0-9]+.[0-9]+.[0-9]+"

# We need this to be able to create releases.
permissions:
  contents: write

jobs:
  # The create-release job runs purely to initialize the GitHub release itself,
  # and names the release after the `x.y.z` tag that was pushed. It's separate
  # from building the release so that we only create the release once.
  create-release:
    name: create-release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Get the release version from the tag
        if: env.VERSION == ''
        run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
      - name: Show the version
        run: |
          echo "version is: $VERSION"
      - name: Check that tag version and Cargo.toml version are the same
        shell: bash
        run: |
          if ! grep -q "version = \"$VERSION\"" Cargo.toml; then
            echo "version does not match Cargo.toml" >&2
            exit 1
          fi
      - name: Create GitHub release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh release create $VERSION --draft --verify-tag --title $VERSION
    outputs:
      version: ${{ env.VERSION }}

  build-release:
    name: build-release
    needs: ['create-release']
    runs-on: ${{ matrix.os }}
    env:
      # For some builds, we use cross to test on 32-bit and big-endian
      # systems.
      CARGO: cargo
      # When CARGO is set to CROSS, this is set to `--target matrix.target`.
      TARGET_FLAGS:
      # When CARGO is set to CROSS, TARGET_DIR includes matrix.target.
      TARGET_DIR: ./target
      # Bump this as appropriate. We pin to a version to make sure CI
      # continues to work as cross releases in the past have broken things
      # in subtle ways.
      CROSS_VERSION: v0.2.5
      # Emit backtraces on panics.
      RUST_BACKTRACE: 1
    strategy:
      fail-fast: false
      matrix:
        include:
          - build: linux-amd64
            os: ubuntu-latest
            rust: stable
            target: x86_64-unknown-linux-musl
          - build: linux-i686
            os: ubuntu-latest
            rust: stable
            target: i686-unknown-linux-musl
          - build: linux-arm64
            os: ubuntu-latest
            rust: stable
            target: aarch64-unknown-linux-musl
          - build: linux-arm
            os: ubuntu-latest
            rust: stable
            target: arm-unknown-linux-musleabihf
          - build: linux-ppc64le
            os: ubuntu-latest
            rust: stable
            target: powerpc64le-unknown-linux-gnu
          - build: linux-s390x
            os: ubuntu-latest
            rust: stable
            target: s390x-unknown-linux-gnu
          - build: macos-amd64
            os: macos-latest
            rust: stable
            target: x86_64-apple-darwin
          - build: macos-arm64
            os: macos-14
            rust: stable
            target: aarch64-apple-darwin
          - build: windows-amd64
            os: windows-latest
            rust: stable
            target: x86_64-pc-windows-msvc
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@master
      with:
        toolchain: ${{ matrix.rust }}
        target: ${{ matrix.target }}

    - name: Use Cross
      if: matrix.os == 'ubuntu-latest' && matrix.target != ''
      shell: bash
      run: |
        # In the past, new releases of 'cross' have broken CI. So for now, we
        # pin it. We also use their pre-compiled binary releases because cross
        # has over 100 dependencies and takes a bit to compile.
        dir="$RUNNER_TEMP/cross-download"
        mkdir "$dir"
        echo "$dir" >> $GITHUB_PATH
        cd "$dir"
        curl -LO "https://github.com/cross-rs/cross/releases/download/$CROSS_VERSION/cross-x86_64-unknown-linux-musl.tar.gz"
        tar xf cross-x86_64-unknown-linux-musl.tar.gz
        echo "CARGO=cross" >> $GITHUB_ENV

    - name: Set target variables
      shell: bash
      run: |
        echo "TARGET_FLAGS=--target ${{ matrix.target }}" >> $GITHUB_ENV
        echo "TARGET_DIR=./target/${{ matrix.target }}" >> $GITHUB_ENV

    - name: Show command used for Cargo
      shell: bash
      run: |
        echo "cargo command is: ${{ env.CARGO }}"
        echo "target flag is: ${{ env.TARGET_FLAGS }}"
        echo "target dir is: ${{ env.TARGET_DIR }}"

    - name: Build release binary
      shell: bash
      run: |
        ${{ env.CARGO }} build --verbose --release ${{ env.TARGET_FLAGS }}
        if [ "${{ matrix.os }}" = "windows-latest" ]; then
          bin="target/${{ matrix.target }}/release/yage.exe"
        else
          bin="target/${{ matrix.target }}/release/yage"
        fi
        echo "BIN=$bin" >> $GITHUB_ENV

    - name: Determine archive name
      shell: bash
      run: |
        version="${{ needs.create-release.outputs.version }}"
        echo "ARCHIVE=yage-$version-${{ matrix.build }}" >> $GITHUB_ENV

    - name: Creating directory for archive
      shell: bash
      run: |
        mkdir -p "$ARCHIVE"/{complete,doc}
        cp "$BIN" "$ARCHIVE"/
        cp {README.md,LICENSE} "$ARCHIVE"/
        cp doc/* "$ARCHIVE"/doc/

    - name: Build archive (Windows)
      shell: bash
      if: matrix.os == 'windows-latest'
      run: |
        7z a "$ARCHIVE.zip" "$ARCHIVE"
        certutil -hashfile "$ARCHIVE.zip" SHA256 > "$ARCHIVE.zip.sha256"
        echo "ASSET=$ARCHIVE.zip" >> $GITHUB_ENV
        echo "ASSET_SUM=$ARCHIVE.zip.sha256" >> $GITHUB_ENV

    - name: Build archive (Unix)
      shell: bash
      if: matrix.os != 'windows-latest'
      run: |
        tar czf "$ARCHIVE.tar.gz" "$ARCHIVE"
        shasum -a 256 "$ARCHIVE.tar.gz" > "$ARCHIVE.tar.gz.sha256"
        echo "ASSET=$ARCHIVE.tar.gz" >> $GITHUB_ENV
        echo "ASSET_SUM=$ARCHIVE.tar.gz.sha256" >> $GITHUB_ENV

    - name: Upload release archive
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      shell: bash
      run: |
        version="${{ needs.create-release.outputs.version }}"
        gh release upload "$version" ${{ env.ASSET }} ${{ env.ASSET_SUM }}