Release version 0.3.2 (#428) #34
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Cargo and Installer Packages | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| build-windows: | |
| name: Build Windows Installers | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: x86_64-pc-windows-msvc | |
| - name: Install cargo-packager | |
| run: cargo install cargo-packager --locked | |
| - name: Build ggsql binary | |
| run: cargo build --release --bin ggsql --bin ggsql-jupyter | |
| - name: Sign files before making NSIS and MSI installer | |
| id: sign-files | |
| uses: ./.github/workflows/actions/sign-files | |
| with: | |
| paths: | | |
| ./target/release/ggsql.exe | |
| ./target/release/ggsql-jupyter.exe | |
| env: | |
| # environment variables required to sign with signtool | |
| SM_HOST: ${{ secrets.SM_HOST }} | |
| SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
| SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
| SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
| SM_CLIENT_CERT_FINGERPRINT: ${{ secrets.SM_CLIENT_CERT_FINGERPRINT }} | |
| - name: Build NSIS installer | |
| run: cargo packager --release --formats nsis | |
| - name: Build MSI installer | |
| run: cargo packager --release --formats wix | |
| - name: Sign installers | |
| uses: ./.github/workflows/actions/sign-files | |
| with: | |
| paths: | | |
| ./ggsql-cli/target/release/packager/*.exe | |
| ./ggsql-cli/target/release/packager/*.msi | |
| env: | |
| # environment variables required to sign with signtool | |
| SM_HOST: ${{ secrets.SM_HOST }} | |
| SM_API_KEY: ${{ secrets.SM_API_KEY }} | |
| SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
| SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
| SM_CLIENT_CERT_FINGERPRINT: ${{ secrets.SM_CLIENT_CERT_FINGERPRINT }} | |
| - name: Upload NSIS installer | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-windows-nsis | |
| path: ggsql-cli/target/release/packager/*.exe | |
| retention-days: 30 | |
| - name: Upload MSI installer | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-windows-msi | |
| path: ggsql-cli/target/release/packager/*.msi | |
| retention-days: 30 | |
| build-macos-x86_64: | |
| name: Build macOS Installers (x86_64) | |
| runs-on: macos-15-intel | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: x86_64-apple-darwin | |
| - name: Set up Apple notarization key | |
| run: | | |
| mkdir -p ~/.private_keys | |
| echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o ~/.private_keys/AuthKey_${APPLE_API_KEY}.p8 | |
| chmod 600 ~/.private_keys/AuthKey_${APPLE_API_KEY}.p8 | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.GWS_APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY: ${{ secrets.GWS_APPLE_API_KEY }} | |
| - name: Import signing certificates | |
| env: | |
| APPLICATION_P12: ${{ secrets.GWS_APPLE_SIGN_APPLICATION_P12 }} | |
| INSTALLER_P12: ${{ secrets.GWS_APPLE_SIGN_INSTALLER_P12 }} | |
| P12_PASSWORD: ${{ secrets.GWS_APPLE_SIGN_PW }} | |
| run: | | |
| KEYCHAIN_PATH="$RUNNER_TEMP/signing.keychain-db" | |
| KEYCHAIN_PW="$(openssl rand -hex 32)" | |
| security create-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_PATH" | |
| security set-keychain-settings "$KEYCHAIN_PATH" | |
| security unlock-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_PATH" | |
| echo -n "$APPLICATION_P12" | base64 --decode -o "$RUNNER_TEMP/app.p12" | |
| echo -n "$INSTALLER_P12" | base64 --decode -o "$RUNNER_TEMP/inst.p12" | |
| security import "$RUNNER_TEMP/app.p12" -P "$P12_PASSWORD" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -T /usr/bin/pkgbuild | |
| security import "$RUNNER_TEMP/inst.p12" -P "$P12_PASSWORD" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -T /usr/bin/pkgbuild | |
| security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" "$KEYCHAIN_PATH" | |
| security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"') | |
| - name: Compute version from tag | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "VERSION=$VERSION" >> "$GITHUB_ENV" | |
| - name: Build ggsql binary (x86_64) | |
| run: cargo build --release --bin ggsql --bin ggsql-jupyter | |
| - name: Sign binaries (Developer ID Application) | |
| env: | |
| SIGN_ID: "Developer ID Application: ${{ secrets.GWS_APPLE_SIGN_IDENTITY }}" | |
| run: | | |
| codesign --force --options runtime --timestamp \ | |
| --entitlements entitlements.plist \ | |
| --sign "$SIGN_ID" target/release/ggsql | |
| codesign --force --options runtime --timestamp \ | |
| --entitlements entitlements.plist \ | |
| --sign "$SIGN_ID" target/release/ggsql-jupyter | |
| - name: Build and notarize PKG installer (x86_64) | |
| # NOTE: --sign uses the Developer ID *Installer* cert (signs .pkg only), | |
| # distinct from the Developer ID Application cert used to sign Mach-O above. | |
| env: | |
| SIGN_ID: "Developer ID Installer: ${{ secrets.GWS_APPLE_SIGN_IDENTITY }}" | |
| APPLE_API_KEY: ${{ secrets.GWS_APPLE_API_KEY }} | |
| APPLE_API_ISSUER: ${{ secrets.GWS_APPLE_API_ISSUER }} | |
| run: | | |
| PKG_NAME="ggsql_${VERSION}_x86_64.pkg" | |
| mkdir -p pkg-payload/usr/local/bin | |
| cp target/release/ggsql pkg-payload/usr/local/bin/ | |
| cp target/release/ggsql-jupyter pkg-payload/usr/local/bin/ | |
| mkdir -p pkg-scripts | |
| cat > pkg-scripts/postinstall <<EOF | |
| #!/bin/sh | |
| mkdir -p /usr/local/bin | |
| EOF | |
| chmod 755 pkg-scripts/postinstall | |
| pkgbuild \ | |
| --root ./pkg-payload \ | |
| --install-location / \ | |
| --identifier co.posit.ggsql \ | |
| --version "$VERSION" \ | |
| --scripts ./pkg-scripts \ | |
| --sign "$SIGN_ID" \ | |
| "$PKG_NAME" | |
| xcrun notarytool submit "$PKG_NAME" \ | |
| --key ~/.private_keys/AuthKey_${APPLE_API_KEY}.p8 \ | |
| --key-id "$APPLE_API_KEY" \ | |
| --issuer "$APPLE_API_ISSUER" \ | |
| --wait | |
| xcrun stapler staple "$PKG_NAME" | |
| - name: Upload PKG installer (x86_64) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-macos-pkg-x86_64 | |
| path: ggsql_*_x86_64.pkg | |
| retention-days: 30 | |
| build-macos-aarch64: | |
| name: Build macOS Installers (aarch64) | |
| runs-on: macos-15 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: aarch64-apple-darwin | |
| - name: Set up Apple notarization key | |
| run: | | |
| mkdir -p ~/.private_keys | |
| echo -n "$APPLE_API_KEY_BASE64" | base64 --decode -o ~/.private_keys/AuthKey_${APPLE_API_KEY}.p8 | |
| chmod 600 ~/.private_keys/AuthKey_${APPLE_API_KEY}.p8 | |
| env: | |
| APPLE_API_KEY_BASE64: ${{ secrets.GWS_APPLE_API_KEY_BASE64 }} | |
| APPLE_API_KEY: ${{ secrets.GWS_APPLE_API_KEY }} | |
| - name: Import signing certificates | |
| env: | |
| APPLICATION_P12: ${{ secrets.GWS_APPLE_SIGN_APPLICATION_P12 }} | |
| INSTALLER_P12: ${{ secrets.GWS_APPLE_SIGN_INSTALLER_P12 }} | |
| P12_PASSWORD: ${{ secrets.GWS_APPLE_SIGN_PW }} | |
| run: | | |
| KEYCHAIN_PATH="$RUNNER_TEMP/signing.keychain-db" | |
| KEYCHAIN_PW="$(openssl rand -hex 32)" | |
| security create-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_PATH" | |
| security set-keychain-settings "$KEYCHAIN_PATH" | |
| security unlock-keychain -p "$KEYCHAIN_PW" "$KEYCHAIN_PATH" | |
| echo -n "$APPLICATION_P12" | base64 --decode -o "$RUNNER_TEMP/app.p12" | |
| echo -n "$INSTALLER_P12" | base64 --decode -o "$RUNNER_TEMP/inst.p12" | |
| security import "$RUNNER_TEMP/app.p12" -P "$P12_PASSWORD" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -T /usr/bin/pkgbuild | |
| security import "$RUNNER_TEMP/inst.p12" -P "$P12_PASSWORD" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -T /usr/bin/pkgbuild | |
| security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" "$KEYCHAIN_PATH" | |
| security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"') | |
| - name: Compute version from tag | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "VERSION=$VERSION" >> "$GITHUB_ENV" | |
| - name: Build ggsql binary (aarch64) | |
| run: cargo build --release --bin ggsql --bin ggsql-jupyter | |
| - name: Sign binaries (Developer ID Application) | |
| env: | |
| SIGN_ID: "Developer ID Application: ${{ secrets.GWS_APPLE_SIGN_IDENTITY }}" | |
| run: | | |
| codesign --force --options runtime --timestamp \ | |
| --entitlements entitlements.plist \ | |
| --sign "$SIGN_ID" target/release/ggsql | |
| codesign --force --options runtime --timestamp \ | |
| --entitlements entitlements.plist \ | |
| --sign "$SIGN_ID" target/release/ggsql-jupyter | |
| - name: Build and notarize PKG installer (aarch64) | |
| # NOTE: --sign uses the Developer ID *Installer* cert (signs .pkg only), | |
| # distinct from the Developer ID Application cert used to sign Mach-O above. | |
| env: | |
| SIGN_ID: "Developer ID Installer: ${{ secrets.GWS_APPLE_SIGN_IDENTITY }}" | |
| APPLE_API_KEY: ${{ secrets.GWS_APPLE_API_KEY }} | |
| APPLE_API_ISSUER: ${{ secrets.GWS_APPLE_API_ISSUER }} | |
| run: | | |
| PKG_NAME="ggsql_${VERSION}_aarch64.pkg" | |
| mkdir -p pkg-payload/usr/local/bin | |
| cp target/release/ggsql pkg-payload/usr/local/bin/ | |
| cp target/release/ggsql-jupyter pkg-payload/usr/local/bin/ | |
| mkdir -p pkg-scripts | |
| cat > pkg-scripts/postinstall <<EOF | |
| #!/bin/sh | |
| mkdir -p /usr/local/bin | |
| EOF | |
| chmod 755 pkg-scripts/postinstall | |
| pkgbuild \ | |
| --root ./pkg-payload \ | |
| --install-location / \ | |
| --identifier co.posit.ggsql \ | |
| --version "$VERSION" \ | |
| --scripts ./pkg-scripts \ | |
| --sign "$SIGN_ID" \ | |
| "$PKG_NAME" | |
| xcrun notarytool submit "$PKG_NAME" \ | |
| --key ~/.private_keys/AuthKey_${APPLE_API_KEY}.p8 \ | |
| --key-id "$APPLE_API_KEY" \ | |
| --issuer "$APPLE_API_ISSUER" \ | |
| --wait | |
| xcrun stapler staple "$PKG_NAME" | |
| - name: Upload PKG installer (aarch64) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-macos-pkg-aarch64 | |
| path: ggsql_*_aarch64.pkg | |
| retention-days: 30 | |
| build-linux-x86_64: | |
| name: Build Linux Installers (x86_64) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: x86_64-unknown-linux-gnu | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libgtk-3-dev \ | |
| libwebkit2gtk-4.1-dev \ | |
| libappindicator3-dev \ | |
| librsvg2-dev \ | |
| patchelf | |
| - name: Install cargo-packager | |
| run: cargo install cargo-packager --locked | |
| - name: Build ggsql binary (x86_64) | |
| run: cargo build --release --bin ggsql --bin ggsql-jupyter | |
| - name: Build Debian package (x86_64) | |
| run: cargo packager --release --formats deb | |
| - name: Upload Debian package (x86_64) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-linux-deb-x86_64 | |
| path: ggsql-cli/target/release/packager/*.deb | |
| retention-days: 30 | |
| build-linux-aarch64: | |
| name: Build Linux Installers (aarch64) | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: aarch64-unknown-linux-gnu | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libgtk-3-dev \ | |
| libwebkit2gtk-4.1-dev \ | |
| libappindicator3-dev \ | |
| librsvg2-dev \ | |
| patchelf | |
| - name: Install cargo-packager | |
| run: cargo install cargo-packager --locked | |
| - name: Build ggsql binary (aarch64) | |
| run: cargo build --release --bin ggsql --bin ggsql-jupyter | |
| - name: Build Debian package (aarch64) | |
| run: cargo packager --release --formats deb | |
| - name: Upload Debian package (aarch64) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-linux-deb-aarch64 | |
| path: ggsql-cli/target/release/packager/*.deb | |
| retention-days: 30 | |
| build-cargo: | |
| name: Publish to crates.io | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Get crates.io publish token | |
| uses: rust-lang/crates-io-auth-action@v1 | |
| id: auth | |
| - name: Build tree-sitter-ggsql | |
| run: cargo build --package tree-sitter-ggsql | |
| - name: Publish tree-sitter-ggsql | |
| run: cargo publish --package tree-sitter-ggsql --allow-dirty | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | |
| - name: Wait for crates.io index update | |
| run: sleep 30 | |
| - name: Publish ggsql | |
| run: cargo publish --package ggsql | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | |
| - name: Wait for crates.io index update | |
| run: sleep 30 | |
| - name: Publish ggsql-jupyter | |
| run: cargo publish --package ggsql-jupyter | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | |
| - name: Publish ggsql-cli | |
| run: cargo publish --package ggsql-cli | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }} | |
| build-wasm: | |
| name: Build Wasm Package (wasm32) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Increase disk space | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force | |
| sudo docker builder prune -a | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Install tree-sitter-cli | |
| run: npm install -g tree-sitter-cli | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Install LLVM | |
| run: sudo apt-get install -y llvm | |
| - name: Install wasm-pack | |
| run: cargo install wasm-pack | |
| - name: Install wasm-opt | |
| run: cargo install wasm-opt | |
| - name: Build WASM library | |
| working-directory: ggsql-wasm/library | |
| run: npm install && npm run build | |
| - name: Build WASM package | |
| working-directory: ggsql-wasm | |
| run: wasm-pack build --target web --profile wasm --no-opt | |
| - name: Optimise WASM binary | |
| working-directory: ggsql-wasm | |
| run: wasm-opt pkg/ggsql_wasm_bg.wasm -o pkg/ggsql_wasm_bg.wasm -Oz --all-features | |
| - name: Create npm tarball | |
| working-directory: ggsql-wasm/pkg | |
| run: npm pack | |
| - name: Upload npm tarball | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ggsql-wasm-npm | |
| path: ggsql-wasm/pkg/*.tgz | |
| retention-days: 30 | |
| publish-npm: | |
| name: Publish to npm | |
| needs: [build-wasm] | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| environment: npm | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Download npm tarball | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ggsql-wasm-npm | |
| path: npm-tarball | |
| - name: Update npm for OIDC support | |
| # Install v10.9.8 first as workaround for nodejs/node#62425 | |
| run: | | |
| npm install -g npm@10.9.8 | |
| npm install -g npm@latest | |
| - name: Determine npm dist-tag | |
| id: dist-tag | |
| run: | | |
| if [[ "$GITHUB_REF_NAME" == *"-dev"* || "$GITHUB_REF_NAME" == *"-rc"* ]]; then | |
| echo "tag=next" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "tag=latest" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Publish to npm | |
| run: npm publish ./npm-tarball/*.tgz --access=public --provenance --tag ${{ steps.dist-tag.outputs.tag }} | |
| create-release: | |
| name: Create GitHub Release | |
| needs: [build-windows, build-macos-x86_64, build-macos-aarch64, build-linux-x86_64, build-linux-aarch64, build-cargo, build-wasm] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - name: Display structure of downloaded files | |
| run: ls -R artifacts | |
| - name: Create release and upload installers | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| artifacts/**/*.exe | |
| artifacts/**/*.msi | |
| artifacts/**/*.pkg | |
| artifacts/**/*.deb | |
| artifacts/**/*.tgz | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |