|
1 | | -# Reusable release workflow for Tangle blueprint operators. |
2 | | -# Copy this to .github/workflows/release.yml in each blueprint repo. |
3 | | -# |
4 | | -# Triggers on version tags (v0.1.0, v1.2.3, etc.). |
5 | | -# Builds for linux/amd64, linux/arm64, macOS/arm64. |
6 | | -# Uploads binaries + sha256 checksums as GitHub Release assets. |
7 | | -# |
8 | | -# Prerequisites: |
9 | | -# - Cargo.toml has [[bin]] with the operator binary name |
10 | | -# - rust-toolchain.toml pins the Rust version (e.g. 1.91) |
11 | | -# |
12 | | -# Usage: |
13 | | -# git tag v0.1.0 && git push origin v0.1.0 |
14 | | - |
15 | 1 | name: Release |
16 | 2 |
|
17 | 3 | on: |
18 | 4 | push: |
19 | 5 | tags: ['v*'] |
| 6 | + workflow_dispatch: |
| 7 | + inputs: |
| 8 | + tag: |
| 9 | + description: 'Existing tag to (re)build a release for' |
| 10 | + required: true |
20 | 11 |
|
21 | 12 | permissions: |
22 | 13 | contents: write |
23 | 14 |
|
24 | 15 | env: |
25 | 16 | CARGO_TERM_COLOR: always |
26 | | - # Use cmake builder for aws-lc-sys to bypass GCC memcmp bug in cross containers |
27 | | - AWS_LC_SYS_CMAKE_BUILDER: 1 |
28 | | - # The binary name from [[bin]] in operator/Cargo.toml. |
29 | | - # Override per repo if different. |
30 | 17 | BINARY_NAME: ${{ vars.BINARY_NAME || 'embedding-operator' }} |
| 18 | + TARGET: x86_64-unknown-linux-gnu |
31 | 19 |
|
32 | 20 | jobs: |
33 | | - build: |
34 | | - strategy: |
35 | | - fail-fast: false |
36 | | - matrix: |
37 | | - include: |
38 | | - - target: x86_64-unknown-linux-gnu |
39 | | - os: ubuntu-latest |
40 | | - use_cross: true |
41 | | - - target: x86_64-unknown-linux-musl |
42 | | - os: ubuntu-latest |
43 | | - use_cross: true |
44 | | - - target: aarch64-unknown-linux-gnu |
45 | | - os: ubuntu-latest |
46 | | - use_cross: true |
47 | | - - target: aarch64-apple-darwin |
48 | | - os: macos-14 |
49 | | - use_cross: false |
50 | | - |
51 | | - runs-on: ${{ matrix.os }} |
| 21 | + release: |
| 22 | + runs-on: ubuntu-latest |
52 | 23 | steps: |
53 | 24 | - uses: actions/checkout@v4 |
| 25 | + with: |
| 26 | + ref: ${{ github.event.inputs.tag && format('refs/tags/{0}', github.event.inputs.tag) || github.ref }} |
54 | 27 |
|
55 | | - - name: Install system dependencies (Linux) |
56 | | - if: runner.os == 'Linux' |
| 28 | + - name: System dependencies |
57 | 29 | run: sudo apt-get update && sudo apt-get install -y protobuf-compiler libssl-dev pkg-config |
58 | 30 |
|
59 | | - - name: Install system dependencies (macOS) |
60 | | - if: runner.os == 'macOS' |
61 | | - run: brew install protobuf |
62 | | - |
63 | 31 | - name: Install Rust toolchain |
64 | 32 | uses: dtolnay/rust-toolchain@stable |
65 | | - with: |
66 | | - targets: ${{ matrix.target }} |
67 | 33 |
|
68 | | - - name: Install cross |
69 | | - if: matrix.use_cross |
70 | | - run: cargo install cross --git https://github.com/cross-rs/cross |
| 34 | + - name: Cache cargo build |
| 35 | + uses: Swatinem/rust-cache@v2 |
71 | 36 |
|
72 | 37 | - name: Build release binary |
73 | | - run: | |
74 | | - BUILD_CMD="cargo" |
75 | | - if [ "${{ matrix.use_cross }}" = "true" ]; then |
76 | | - BUILD_CMD="cross" |
77 | | - fi |
78 | | - $BUILD_CMD build --release --target ${{ matrix.target }} |
| 38 | + run: cargo build --release --bin "$BINARY_NAME" |
79 | 39 |
|
80 | | - - name: Package archive |
| 40 | + - name: Package archive + checksum |
81 | 41 | run: | |
82 | | - BIN="target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}" |
83 | | - ARCHIVE="${{ env.BINARY_NAME }}-${{ matrix.target }}.tar.xz" |
84 | | -
|
85 | | - # Strip debug symbols (saves 50-80% size) |
86 | | - if command -v llvm-strip &>/dev/null; then |
87 | | - llvm-strip "$BIN" 2>/dev/null || true |
88 | | - elif command -v strip &>/dev/null; then |
89 | | - strip "$BIN" 2>/dev/null || true |
90 | | - fi |
91 | | -
|
92 | | - tar -cJf "$ARCHIVE" -C "$(dirname "$BIN")" "${{ env.BINARY_NAME }}" |
93 | | -
|
94 | | - # Generate checksums |
95 | | - if command -v sha256sum &>/dev/null; then sha256sum "$ARCHIVE"; else shasum -a 256 "$ARCHIVE"; fi > "${ARCHIVE}.sha256" |
| 42 | + BIN="target/release/${BINARY_NAME}" |
| 43 | + test -f "$BIN" || { echo "::error::binary not found: $BIN"; exit 1; } |
| 44 | + strip "$BIN" 2>/dev/null || true |
| 45 | + ARCHIVE="${BINARY_NAME}-${TARGET}.tar.xz" |
| 46 | + tar -cJf "$ARCHIVE" -C target/release "$BINARY_NAME" |
| 47 | + sha256sum "$ARCHIVE" > "${ARCHIVE}.sha256" |
96 | 48 | echo "ARCHIVE=$ARCHIVE" >> "$GITHUB_ENV" |
97 | | - echo "SHA256_FILE=${ARCHIVE}.sha256" >> "$GITHUB_ENV" |
98 | | - echo "Binary size: $(du -h "$BIN" | cut -f1)" |
99 | | - echo "Archive size: $(du -h "$ARCHIVE" | cut -f1)" |
100 | 49 | cat "${ARCHIVE}.sha256" |
101 | 50 |
|
102 | | - - name: Upload artifact |
103 | | - uses: actions/upload-artifact@v4 |
104 | | - with: |
105 | | - name: ${{ env.BINARY_NAME }}-${{ matrix.target }} |
106 | | - path: | |
107 | | - ${{ env.ARCHIVE }} |
108 | | - ${{ env.SHA256_FILE }} |
109 | | -
|
110 | | - release: |
111 | | - needs: build |
112 | | - runs-on: ubuntu-latest |
113 | | - steps: |
114 | | - - uses: actions/checkout@v4 |
115 | | - |
116 | | - - name: Download all artifacts |
117 | | - uses: actions/download-artifact@v4 |
118 | | - with: |
119 | | - path: artifacts/ |
120 | | - |
121 | | - - name: Create GitHub Release |
| 51 | + - name: Publish GitHub Release |
122 | 52 | env: |
123 | 53 | GH_TOKEN: ${{ github.token }} |
124 | 54 | run: | |
125 | | - TAG="${GITHUB_REF_NAME}" |
126 | | -
|
127 | | - # Collect all archives and checksums |
128 | | - FILES=$(find artifacts/ -name "*.tar.xz" -o -name "*.sha256" | sort) |
129 | | -
|
130 | | - # Generate release notes from tag message or changelog |
131 | | - NOTES="## Binary Downloads |
132 | | -
|
133 | | - | Platform | Archive | SHA256 | |
134 | | - |----------|---------|--------|" |
135 | | -
|
136 | | - for f in $(find artifacts/ -name "*.tar.xz" | sort); do |
137 | | - BASENAME=$(basename "$f") |
138 | | - SHA=$(cat "${f}.sha256" | awk '{print $1}') |
139 | | - TARGET=$(echo "$BASENAME" | sed "s/${BINARY_NAME}-//" | sed 's/\.tar\.xz//') |
140 | | - NOTES="$NOTES |
141 | | - | \`$TARGET\` | \`$BASENAME\` | \`${SHA:0:16}...\` |" |
142 | | - done |
143 | | -
|
144 | | - NOTES="$NOTES |
145 | | -
|
146 | | - ### Verify checksums |
147 | | - \`\`\`bash |
148 | | - sha256sum -c *.sha256 2>/dev/null || shasum -a 256 -c *.sha256 |
149 | | - \`\`\` |
150 | | -
|
151 | | - ### Install |
152 | | - \`\`\`bash |
153 | | - curl -sSL https://github.com/${{ github.repository }}/releases/download/$TAG/${BINARY_NAME}-x86_64-unknown-linux-gnu.tar.xz | tar xJ |
154 | | - chmod +x ${BINARY_NAME} |
155 | | - \`\`\` |
156 | | - " |
157 | | -
|
158 | | - gh release create "$TAG" \ |
159 | | - --title "$TAG" \ |
160 | | - --notes "$NOTES" \ |
161 | | - $FILES |
| 55 | + TAG="${{ github.event.inputs.tag || github.ref_name }}" |
| 56 | + gh release view "$TAG" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1 \ |
| 57 | + || gh release create "$TAG" --repo "$GITHUB_REPOSITORY" --title "$TAG" --notes "Operator binary \`${TARGET}\`. Verify: sha256sum -c ${ARCHIVE}.sha256" |
| 58 | + gh release upload "$TAG" "$ARCHIVE" "${ARCHIVE}.sha256" --repo "$GITHUB_REPOSITORY" --clobber |
0 commit comments