hcpctl/.github/workflows/release.yml at 4ab164f5ec0999bfb059e7c41cb018fa05b7a103 · pkodzis/hcpctl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: Release

on:
  push:
    branches:
      - main
    paths-ignore:
      - "scripts/**"
      - "*.md"
      - "docs/**"
  workflow_dispatch:
    inputs:
      version:
        description: "Version tag for manual build (e.g., v0.2.0)"
        required: true

permissions:
  contents: write
  pull-requests: write

env:
  CARGO_TERM_COLOR: always
  BINARY_NAME: hcpctl

jobs:
  release-please:
    runs-on: ubuntu-latest
    if: github.event_name == 'push'
    outputs:
      release_created: ${{ steps.release.outputs.release_created }}
      tag_name: ${{ steps.release.outputs.tag_name }}
    steps:
      - name: Release Please
        id: release
        uses: googleapis/release-please-action@v4
        with:
          release-type: rust

  build:
    name: Build ${{ matrix.target }}
    needs: release-please
    # always() is required to evaluate the condition even when release-please is skipped (workflow_dispatch).
    # Without it, this job would be auto-skipped due to skipped dependency.
    if: |
      always() &&
      (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch')
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - target: x86_64-unknown-linux-gnu
            os: ubuntu-latest
            platform: linux_amd64
          - target: x86_64-unknown-linux-musl
            os: ubuntu-latest
            platform: linux_amd64_musl
          - target: aarch64-unknown-linux-gnu
            os: ubuntu-latest
            platform: linux_arm64
            use-cross: true
          - target: x86_64-apple-darwin
            os: macos-latest
            platform: macos_amd64
          - target: aarch64-apple-darwin
            os: macos-latest
            platform: macos_arm64
          - target: x86_64-pc-windows-msvc
            os: windows-latest
            platform: windows_amd64

    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.target }}

      - name: Install musl tools (Linux musl)
        if: matrix.target == 'x86_64-unknown-linux-musl'
        run: sudo apt-get update && sudo apt-get install -y musl-tools

      - name: Install cross (ARM64)
        if: matrix.use-cross
        run: cargo install cross

      - name: Build (cross)
        if: matrix.use-cross
        run: cross build --release --target ${{ matrix.target }}

      - name: Build (cargo)
        if: ${{ !matrix.use-cross }}
        run: cargo build --release --target ${{ matrix.target }}

      - name: Prepare package
        shell: bash
        run: |
          VERSION="${{ needs.release-please.outputs.tag_name || github.event.inputs.version }}"

          mkdir -p dist package

          if [[ "${{ matrix.platform }}" == windows_* ]]; then
            cp "target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}.exe" "package/${{ env.BINARY_NAME }}.exe"
            PACKAGE_NAME="${{ env.BINARY_NAME }}_${VERSION}_${{ matrix.platform }}.zip"
            (cd package && 7z a -tzip "../dist/${PACKAGE_NAME}" "${{ env.BINARY_NAME }}.exe")
          else
            cp "target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}" "package/${{ env.BINARY_NAME }}"
            chmod +x "package/${{ env.BINARY_NAME }}"
            PACKAGE_NAME="${{ env.BINARY_NAME }}_${VERSION}_${{ matrix.platform }}.tar.gz"
            (cd package && tar -czf "../dist/${PACKAGE_NAME}" "${{ env.BINARY_NAME }}")
          fi

          echo "ARTIFACT_NAME=${PACKAGE_NAME}" >> $GITHUB_ENV

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.ARTIFACT_NAME }}
          path: dist/${{ env.ARTIFACT_NAME }}

  upload-release:
    name: Upload Release Assets
    needs: [release-please, build]
    runs-on: ubuntu-latest
    # always() needed for same reason as build job - release-please may be skipped
    if: |
      always() &&
      needs.build.result == 'success' &&
      (needs.release-please.outputs.release_created == 'true' || github.event_name == 'workflow_dispatch')

    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          path: dist
          merge-multiple: true

      - name: Generate SHA256SUMS
        run: |
          cd dist
          sha256sum * > SHA256SUMS
          cat SHA256SUMS

      - name: Import GPG key
        if: ${{ vars.GPG_SIGNING_ENABLED == 'true' }}
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
        run: |
          echo "$GPG_PRIVATE_KEY" | gpg --batch --import

      - name: Sign SHA256SUMS
        if: ${{ vars.GPG_SIGNING_ENABLED == 'true' }}
        env:
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
        run: |
          cd dist
          gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" --local-user "$GPG_KEY_ID" --detach-sign --output SHA256SUMS.sig SHA256SUMS

      - name: Upload to GitHub Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ needs.release-please.outputs.tag_name || github.event.inputs.version }}
          files: dist/*