name: Release
on:
push:
tags:
- "v*"
env:
CARGO_TERM_COLOR: always
permissions:
contents: read
jobs:
build-binaries:
name: Build (${{ matrix.target }})
runs-on: ${{ matrix.os }}
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-musl
archive: tar.gz
use_cross: false
- os: ubuntu-latest
target: aarch64-unknown-linux-musl
archive: tar.gz
use_cross: true
- os: macos-latest
target: x86_64-apple-darwin
archive: tar.gz
use_cross: false
- os: macos-latest
target: aarch64-apple-darwin
archive: tar.gz
use_cross: false
- os: windows-latest
target: x86_64-pc-windows-msvc
archive: zip
use_cross: false
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 with:
toolchain: stable
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 with:
cache-targets: "false"
shared-key: "release-${{ matrix.target }}"
- name: Install musl-tools (Linux native musl builds)
if: "!matrix.use_cross && runner.os == 'Linux'"
run: sudo apt-get install -y musl-tools
- uses: mozilla-actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 if: "!matrix.use_cross"
- uses: taiki-e/install-action@b8153da15e82ddb851f29be81a76a859360db51e - name: Build binary (cross)
if: matrix.use_cross
run: cross build --release --features full --target ${{ matrix.target }}
- name: Build binary (native)
if: "!matrix.use_cross"
run: cargo build --release --features full --target ${{ matrix.target }}
env:
RUSTC_WRAPPER: sccache
SCCACHE_GHA_ENABLED: "true"
- name: Strip binary (Unix)
if: "!matrix.use_cross && runner.os != 'Windows'"
run: strip target/${{ matrix.target }}/release/zeph
- name: Create archive (tar.gz)
if: matrix.archive == 'tar.gz'
run: |
cd target/${{ matrix.target }}/release
tar czf ../../../zeph-${{ matrix.target }}.tar.gz zeph
cd ../../..
shasum -a 256 zeph-${{ matrix.target }}.tar.gz > zeph-${{ matrix.target }}.tar.gz.sha256
- name: Create archive (zip)
if: matrix.archive == 'zip'
shell: bash
run: |
cd target/${{ matrix.target }}/release
if [ -f zeph.exe ]; then
7z a ../../../zeph-${{ matrix.target }}.zip zeph.exe
else
7z a ../../../zeph-${{ matrix.target }}.zip zeph
fi
cd ../../..
if command -v shasum &> /dev/null; then
shasum -a 256 zeph-${{ matrix.target }}.zip > zeph-${{ matrix.target }}.zip.sha256
else
sha256sum zeph-${{ matrix.target }}.zip > zeph-${{ matrix.target }}.zip.sha256
fi
- name: Upload archive
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with:
name: binary-${{ matrix.target }}
path: |
zeph-${{ matrix.target }}.tar.gz
zeph-${{ matrix.target }}.tar.gz.sha256
zeph-${{ matrix.target }}.zip
zeph-${{ matrix.target }}.zip.sha256
retention-days: 3
publish-crates:
name: Publish to crates.io
needs: [build-binaries]
runs-on: ubuntu-latest
timeout-minutes: 60
environment: release
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 with:
toolchain: stable
- name: Verify version matches tag
run: |
TAG_VERSION="${GITHUB_REF#refs/tags/v}"
CARGO_VERSION=$(grep '^version' Cargo.toml | grep -m1 'version' | sed 's/.*version = "\(.*\)".*/\1/')
if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
echo "Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
exit 1
fi
- name: Authenticate with crates.io (OIDC)
uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec id: auth
- name: Publish crates to crates.io
env:
CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
run: |
PUBLISH_ORDER=$(python3 -c "
import json, subprocess, sys
from collections import defaultdict, deque
meta = json.loads(subprocess.check_output(
['cargo', 'metadata', '--no-deps', '--format-version', '1']
))
ws = set(meta['workspace_members'])
pkgs = {p['id']: p for p in meta['packages'] if p['id'] in ws}
pub_pkgs = {id: p for id, p in pkgs.items() if p.get('publish') != []}
name_to_id = {p['name']: p['id'] for p in pub_pkgs.values()}
in_deg = defaultdict(int)
graph = defaultdict(list)
for pkg in pub_pkgs.values():
for dep in pkg['dependencies']:
if dep['name'] in name_to_id and dep['name'] != pkg['name']:
dep_id = name_to_id[dep['name']]
graph[dep_id].append(pkg['id'])
in_deg[pkg['id']] += 1
queue = deque(id for id in pub_pkgs if in_deg[id] == 0)
order = []
while queue:
node = queue.popleft()
order.append(pub_pkgs[node]['name'])
for nxt in graph[node]:
in_deg[nxt] -= 1
if in_deg[nxt] == 0:
queue.append(nxt)
print(chr(10).join(order))
")
VERSION="${GITHUB_REF#refs/tags/v}"
FIRST=true
for CRATE in $PUBLISH_ORDER; do
REMOTE=$(curl -sf "https://crates.io/api/v1/crates/${CRATE}/versions" \
-H "User-Agent: zeph-release-ci" \
| python3 -c "import sys,json; vs=[v['num'] for v in json.load(sys.stdin).get('versions',[])]; print('yes' if '${VERSION}' in vs else 'no')" 2>/dev/null || echo "no")
if [ "$REMOTE" = "yes" ]; then
echo "Skipping $CRATE@$VERSION (already published)"
continue
fi
if [ "$FIRST" = "false" ]; then
echo "Waiting 60s for crates.io sparse index propagation..."
sleep 60
fi
FIRST=false
echo "Publishing $CRATE@$VERSION..."
cargo publish --no-verify -p "$CRATE"
done
create-release:
name: Create GitHub Release
needs: [build-binaries, publish-crates]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Download all artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with:
path: artifacts
pattern: binary-*
- name: Create release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with:
generate_release_notes: true
files: |
artifacts/**/*.tar.gz
artifacts/**/*.zip
artifacts/**/*.sha256
scripts/install.sh
docker-publish:
name: Publish Docker Image
needs: [build-binaries]
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Download Linux binaries
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with:
pattern: binary-*-unknown-linux-musl
path: artifacts
- name: Extract and prepare binaries
run: |
mkdir -p binaries
tar -xzf artifacts/binary-x86_64-unknown-linux-musl/zeph-x86_64-unknown-linux-musl.tar.gz -C binaries
mv binaries/zeph binaries/zeph-amd64
tar -xzf artifacts/binary-aarch64-unknown-linux-musl/zeph-aarch64-unknown-linux-musl.tar.gz -C binaries
mv binaries/zeph binaries/zeph-arm64
chmod +x binaries/zeph-*
ls -lh binaries/
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf id: meta
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest,enable={{is_default_branch}}
- uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f with:
context: .
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max