chore(release): cargo-rail v0.9.1 #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Release workflow for cargo-rail | |
| # | |
| # Triggered by pushing a version tag (v0.1.0, v1.0.0, etc.) | |
| # | |
| # This workflow builds pre-built binaries and uploads them to GitHub Releases. | |
| # It also publishes `SHA256SUMS` and `SHA256SUMS.json` so downstream packagers can | |
| # verify assets without downloading everything just to compute hashes. | |
| # The version bump, changelog, tagging, and crates.io publish are done locally | |
| # via `cargo rail release run cargo-rail --bump <version>`. | |
| # | |
| # Workflow: | |
| # LOCAL: cargo rail release run cargo-rail --bump 0.1.0 | |
| # git push origin main --follow-tags | |
| # CI: This workflow triggers, builds binaries, attaches to release | |
| name: Release | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| tags: | |
| - v[0-9]+.* | |
| env: | |
| CARGO_INCREMENTAL: 0 | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| jobs: | |
| # ========================================================================== | |
| # Job 1: Create GitHub Release | |
| # ========================================================================== | |
| create-release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Create GitHub Release | |
| uses: taiki-e/create-gh-release-action@b7abb0cf5e72cb5500307b577f9ca3fd4c5be9d2 # v1.8.4 | |
| with: | |
| changelog: CHANGELOG.md | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # ========================================================================== | |
| # Job 2: Build and upload pre-built binaries | |
| # ========================================================================== | |
| upload-assets: | |
| name: Build (${{ matrix.target }}) | |
| needs: create-release | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Linux x86_64 (glibc) | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-22.04 | |
| # Linux x86_64 (musl) - static, portable | |
| - target: x86_64-unknown-linux-musl | |
| os: ubuntu-latest | |
| # Linux ARM64 (glibc) | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-22.04 | |
| # Linux ARM64 (musl) - static, portable | |
| - target: aarch64-unknown-linux-musl | |
| os: ubuntu-latest | |
| # Windows x86_64 | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-2022 | |
| # Windows ARM64 | |
| - target: aarch64-pc-windows-msvc | |
| os: windows-2022 | |
| # macOS ARM64 (Apple Silicon) | |
| - target: aarch64-apple-darwin | |
| os: macos-14 | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 60 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 # master | |
| with: | |
| toolchain: stable | |
| - name: Setup cross-compilation | |
| uses: taiki-e/setup-cross-toolchain-action@bdeb9ca6f0f909ea36bb94e1e3ec916b2ceb35fc # v1.26.0 | |
| with: | |
| target: ${{ matrix.target }} | |
| # Static linking for musl targets (portable binaries) | |
| - name: Configure static linking (musl) | |
| if: contains(matrix.target, '-linux-musl') | |
| run: echo "RUSTFLAGS=${RUSTFLAGS} -C target-feature=+crt-static -C link-self-contained=yes" >> "$GITHUB_ENV" | |
| shell: bash | |
| # Static linking for Windows (no MSVC runtime dependency) | |
| - name: Configure static linking (Windows) | |
| if: contains(matrix.target, '-windows-msvc') | |
| run: echo "RUSTFLAGS=${RUSTFLAGS} -C target-feature=+crt-static" >> "$GITHUB_ENV" | |
| shell: bash | |
| # macOS deployment target | |
| - name: Set macOS deployment target | |
| if: matrix.target == 'aarch64-apple-darwin' | |
| run: echo "MACOSX_DEPLOYMENT_TARGET=11.0" >> "$GITHUB_ENV" | |
| - name: Build and upload binary | |
| uses: taiki-e/upload-rust-binary-action@e7953b6078194a4ae5f5619632e3715db6275561 # v1.24.0 | |
| with: | |
| bin: cargo-rail | |
| target: ${{ matrix.target }} | |
| tar: all | |
| zip: windows | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # ========================================================================== | |
| # Job 3: Publish SHA256SUMS for release assets | |
| # ========================================================================== | |
| publish-checksums: | |
| name: Publish SHA256SUMS | |
| needs: upload-assets | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Download release assets | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| # Only include platform archives produced by the release workflow. | |
| gh release download "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" --pattern "cargo-rail-*.tar.*" | |
| gh release download "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" --pattern "cargo-rail-*.zip" || true | |
| shopt -s nullglob | |
| files=(cargo-rail-*.tar.* cargo-rail-*.zip) | |
| if [ "${#files[@]}" -eq 0 ]; then | |
| echo "No matching release assets found to checksum." >&2 | |
| exit 1 | |
| fi | |
| - name: Generate SHA256SUMS and SHA256SUMS.json | |
| run: | | |
| set -euo pipefail | |
| shopt -s nullglob | |
| files=(cargo-rail-*.tar.* cargo-rail-*.zip) | |
| sha256sum "${files[@]}" | sort -k2 > SHA256SUMS | |
| python3 - <<'PY' | |
| import json | |
| import os | |
| import pathlib | |
| import time | |
| tag = os.environ.get("GITHUB_REF_NAME", "") | |
| lines = pathlib.Path("SHA256SUMS").read_text().splitlines() | |
| entries = [] | |
| for line in lines: | |
| line = line.strip() | |
| if not line: | |
| continue | |
| # sha256sum format: "<hash> <filename>" | |
| digest, filename = line.split(maxsplit=1) | |
| filename = filename.lstrip("*").strip() | |
| entries.append({"file": filename, "sha256": digest}) | |
| payload = { | |
| "tool": "cargo-rail", | |
| "tag": tag, | |
| "generated_at_utc": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()), | |
| "entries": entries, | |
| } | |
| pathlib.Path("SHA256SUMS.json").write_text(json.dumps(payload, indent=2, sort_keys=True) + "\n") | |
| PY | |
| - name: Upload checksum assets to GitHub Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| gh release upload "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" SHA256SUMS SHA256SUMS.json --clobber |