-
Notifications
You must be signed in to change notification settings - Fork 68
158 lines (131 loc) · 4.27 KB
/
release.yml
File metadata and controls
158 lines (131 loc) · 4.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Release
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
env:
CARGO_INCREMENTAL: 0
jobs:
# =============================================================================
# Build native binaries for each platform
# =============================================================================
build-native:
strategy:
fail-fast: false
matrix:
include:
- target: aarch64-apple-darwin
os: macos-latest
- target: x86_64-apple-darwin
os: macos-latest
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
use-cross: true
- target: x86_64-pc-windows-msvc
os: windows-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install dependencies (Linux musl)
if: matrix.use-cross
run: |
sudo apt-get update
sudo apt-get install -y musl-tools
- name: Install napi-rs CLI
run: npm install -g @napi-rs/cli
- name: Build native module
working-directory: osgrep-core
run: napi build --platform --release --target ${{ matrix.target }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: bindings-${{ matrix.target }}
path: osgrep-core/*.node
if-no-files-found: error
# =============================================================================
# Publish platform packages + meta package + osgrep
# =============================================================================
publish:
runs-on: ubuntu-latest
needs: build-native
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
- name: Install napi-rs CLI
run: npm install -g @napi-rs/cli
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: osgrep-core/artifacts
- name: Move artifacts to osgrep-core
run: |
cd osgrep-core
for dir in artifacts/bindings-*/; do
mv "$dir"*.node . 2>/dev/null || true
done
rm -rf artifacts
ls -la *.node
- name: Verify tag commit is on main
run: |
git fetch origin main --depth=1
if ! git merge-base --is-ancestor "$GITHUB_SHA" origin/main; then
echo "Refusing to publish: tag commit is not on main"
exit 1
fi
- name: Verify tag matches package.json version
run: |
TAG="${GITHUB_REF##*/}"
PKG_VERSION=$(node -p "require('./package.json').version")
if [ "v$PKG_VERSION" != "$TAG" ]; then
echo "Tag $TAG does not match package.json version v$PKG_VERSION"
exit 1
fi
- name: Publish osgrep-core platform packages
working-directory: osgrep-core
run: napi prepublish -t npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish osgrep-core meta package
working-directory: osgrep-core
run: npm publish --access public --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Install bun
uses: oven-sh/setup-bun@v2
- name: Install osgrep dependencies
run: bun install
- name: Check types
run: bun run typecheck
- name: Build osgrep
run: bun run build
- name: Publish osgrep to npm
run: npm publish --access public --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.ref_name }}
generate_release_notes: true