0.8.0 #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| release: | |
| types: [created] | |
| permissions: | |
| contents: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| build: | |
| name: Build ${{ matrix.target }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| archive: tar.gz | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| archive: tar.gz | |
| - target: x86_64-apple-darwin | |
| os: macos-latest | |
| archive: tar.gz | |
| macos_sign: true | |
| - target: aarch64-apple-darwin | |
| os: macos-latest | |
| archive: tar.gz | |
| macos_sign: true | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| archive: zip | |
| - target: aarch64-pc-windows-msvc | |
| os: windows-latest | |
| archive: zip | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install cross-compilation tools | |
| if: matrix.target == 'aarch64-unknown-linux-gnu' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-aarch64-linux-gnu | |
| echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ${{ matrix.target }} | |
| - name: Build | |
| run: cargo build --release --target ${{ matrix.target }} | |
| # --- macOS: import certificate and sign the binary --- | |
| - name: Import Apple Developer ID certificate | |
| if: matrix.macos_sign | |
| env: | |
| APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
| APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| run: | | |
| # Write the .p12 to disk | |
| echo "$APPLE_CERTIFICATE" | base64 --decode > certificate.p12 | |
| # Create a temporary keychain so we don't touch the login keychain | |
| security create-keychain -p actions-keychain phpantom.keychain | |
| security set-keychain-settings -lut 21600 phpantom.keychain | |
| security unlock-keychain -p actions-keychain phpantom.keychain | |
| # Import the certificate + private key | |
| security import certificate.p12 \ | |
| -k phpantom.keychain \ | |
| -P "$APPLE_CERTIFICATE_PASSWORD" \ | |
| -T /usr/bin/codesign | |
| security list-keychain -d user -s phpantom.keychain | |
| # Allow codesign to use the key without a UI prompt | |
| security set-key-partition-list \ | |
| -S apple-tool:,apple: \ | |
| -k actions-keychain \ | |
| phpantom.keychain | |
| rm certificate.p12 | |
| - name: Sign binary (macOS) | |
| if: matrix.macos_sign | |
| env: | |
| APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
| run: | | |
| codesign \ | |
| --keychain phpantom.keychain \ | |
| --sign "$APPLE_SIGNING_IDENTITY" \ | |
| --options runtime \ | |
| --timestamp \ | |
| --force \ | |
| target/${{ matrix.target }}/release/phpantom_lsp | |
| - name: Notarize binary (macOS) | |
| if: matrix.macos_sign | |
| env: | |
| APPLE_ID: ${{ secrets.APPLE_ID }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
| run: | | |
| # Zip just for submission — notarytool requires an archive | |
| ditto -c -k --keepParent \ | |
| target/${{ matrix.target }}/release/phpantom_lsp \ | |
| phpantom_lsp-notarize.zip | |
| xcrun notarytool submit phpantom_lsp-notarize.zip \ | |
| --apple-id "$APPLE_ID" \ | |
| --password "$APPLE_ID_PASSWORD" \ | |
| --team-id "$APPLE_TEAM_ID" \ | |
| --wait | |
| rm phpantom_lsp-notarize.zip | |
| # Staple the notarization ticket onto the binary itself | |
| xcrun stapler staple target/${{ matrix.target }}/release/phpantom_lsp | |
| - name: Delete temporary keychain | |
| if: matrix.macos_sign && always() | |
| run: | | |
| security delete-keychain phpantom.keychain || true | |
| # --- Package --- | |
| - name: Package (unix) | |
| if: matrix.archive == 'tar.gz' | |
| run: | | |
| cd target/${{ matrix.target }}/release | |
| tar czf ../../../phpantom_lsp-${{ matrix.target }}.tar.gz phpantom_lsp | |
| cd ../../.. | |
| - name: Package (windows) | |
| if: matrix.archive == 'zip' | |
| shell: pwsh | |
| run: | | |
| Compress-Archive ` | |
| -Path "target/${{ matrix.target }}/release/phpantom_lsp.exe" ` | |
| -DestinationPath "phpantom_lsp-${{ matrix.target }}.zip" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: phpantom_lsp-${{ matrix.target }} | |
| path: phpantom_lsp-${{ matrix.target }}.${{ matrix.archive }} | |
| release: | |
| name: Create Release | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| merge-multiple: true | |
| - name: Upload assets to release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| for file in artifacts/*; do | |
| gh release upload "${{ github.event.release.tag_name }}" "$file" --clobber | |
| done |