name: Release with Auto Version
on:
release:
types: [created]
env:
CARGO_TERM_COLOR: always
jobs:
publish:
name: Auto-version and Publish
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v5
with:
token: ${{ secrets.PAT }}
ref: main
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install libopus
run: sudo apt-get update && sudo apt-get install -y libopus-dev
- name: Extract version from tag
id: version
run: |
VERSION="${GITHUB_REF_NAME#v}"
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Extracted version: $VERSION"
- name: Update version in Cargo.toml
run: |
CURRENT_VERSION=$(grep '^version' Cargo.toml | head -1 | cut -d'"' -f2)
if [ "$CURRENT_VERSION" != "${{ steps.version.outputs.version }}" ]; then
echo "Updating version from $CURRENT_VERSION to ${{ steps.version.outputs.version }}"
# Update version in Cargo.toml
sed -i "s/^version = \"$CURRENT_VERSION\"/version = \"${{ steps.version.outputs.version }}\"/" Cargo.toml
# Regenerate lockfile
cargo generate-lockfile
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add Cargo.toml Cargo.lock
git commit -m "chore: bump version to ${{ steps.version.outputs.version }}"
git push origin HEAD:main
echo "Version updated and pushed"
else
echo "Version already matches tag, skipping update"
fi
- name: Run tests
run: cargo test --all-targets
- name: Publish to crates.io
run: cargo publish --token ${{ secrets.CRATES_IO_TOKEN }}
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
build-linux:
name: Build Linux (musl static)
runs-on: ubuntu-latest
needs: publish
steps:
- uses: actions/checkout@v4
with:
ref: main
- name: Install Rust with musl target
uses: dtolnay/rust-toolchain@stable
with:
targets: x86_64-unknown-linux-musl
- name: Install musl-tools
run: sudo apt-get update && sudo apt-get install -y musl-tools
- name: Build static binary (without Opus for static linking simplicity)
run: |
cargo build --release --target x86_64-unknown-linux-musl --no-default-features
strip target/x86_64-unknown-linux-musl/release/zimhide
- name: Verify static linking
run: |
if readelf -d target/x86_64-unknown-linux-musl/release/zimhide 2>/dev/null | grep -q "NEEDED"; then
echo "ERROR: Binary has dynamic dependencies!"
readelf -d target/x86_64-unknown-linux-musl/release/zimhide | grep NEEDED
exit 1
fi
echo "✓ Binary is statically linked"
- name: Rename binary
run: mv target/x86_64-unknown-linux-musl/release/zimhide target/x86_64-unknown-linux-musl/release/zimhide-linux-x86_64
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: zimhide-linux-x86_64
path: target/x86_64-unknown-linux-musl/release/zimhide-linux-x86_64
build-macos-arm64:
name: Build macOS (ARM64)
runs-on: macos-latest
needs: publish
steps:
- uses: actions/checkout@v4
with:
ref: main
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Install libopus
run: brew install opus
- name: Build binary
run: cargo build --release
- name: Rename binary
run: mv target/release/zimhide target/release/zimhide-macos-arm64
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: zimhide-macos-arm64
path: target/release/zimhide-macos-arm64
upload-release:
name: Upload Release Binaries
needs: [build-linux, build-macos-arm64]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: List artifacts
run: find artifacts -type f
- name: Upload binaries to release
uses: softprops/action-gh-release@v1
with:
files: artifacts/**/*
append_body: true
body: |
## Binary Downloads
Pre-built binaries are available for:
- **Linux x86_64** (statically linked, works on any Linux, no Opus compression)
- **macOS ARM64** (Apple Silicon, with Opus compression)
Note: The Linux binary is built without Opus to enable static linking. Audio embedding uses raw WAV bytes (larger). For Opus compression, build from source with libopus installed.
### Installation
```bash
chmod +x zimhide-*
mv zimhide-* /usr/local/bin/zimhide
```
### macOS Quarantine
macOS quarantines unsigned binaries. After downloading, remove the quarantine:
```bash
xattr -d com.apple.quarantine ./zimhide-macos-arm64
```
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}