deps(rust)(deps): bump the rust-core group #169
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | ||
|
Check failure on line 1 in .github/workflows/release.yml
|
||
| on: | ||
| push: | ||
| tags: | ||
| - "v*.*.*" | ||
| workflow_dispatch: | ||
| inputs: | ||
| tag: | ||
| description: "Release tag to publish (e.g. v0.1.0). Leave empty when triggered by tag push." | ||
| required: false | ||
| default: "" | ||
| permissions: | ||
| contents: write | ||
| concurrency: | ||
| group: release-${{ github.ref }} | ||
| cancel-in-progress: false | ||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| RUST_BACKTRACE: 1 | ||
| NODE_VERSION: "20" | ||
| PNPM_VERSION: "9" | ||
| jobs: | ||
| meta: | ||
| name: Prepare release metadata | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| tag: ${{ steps.tag.outputs.tag }} | ||
| version: ${{ steps.tag.outputs.version }} | ||
| steps: | ||
| - name: Determine tag | ||
| id: tag | ||
| run: | | ||
| set -euo pipefail | ||
| if [ -n "${{ inputs.tag }}" ]; then | ||
| TAG="${{ inputs.tag }}" | ||
| else | ||
| TAG="${GITHUB_REF_NAME}" | ||
| fi | ||
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | ||
| # Strip leading "v" for version, if present | ||
| VERSION="${TAG#v}" | ||
| echo "version=${VERSION}" >> "$GITHUB_OUTPUT" | ||
| echo "Using tag: ${TAG}" | ||
| echo "Version: ${VERSION}" | ||
| build-binaries: | ||
| name: Build binaries (${{ matrix.target }}) | ||
| needs: [meta] | ||
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - os: ubuntu-latest | ||
| target: x86_64-unknown-linux-gnu | ||
| artifact_ext: tar.gz | ||
| - os: macos-latest | ||
| target: aarch64-apple-darwin | ||
| artifact_ext: tar.gz | ||
| - os: windows-latest | ||
| target: x86_64-pc-windows-msvc | ||
| artifact_ext: zip | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Install Rust toolchain | ||
| uses: dtolnay/rust-toolchain@stable | ||
| with: | ||
| targets: ${{ matrix.target }} | ||
| - name: Cache cargo | ||
| uses: Swatinem/rust-cache@v2 | ||
| with: | ||
| cache-on-failure: true | ||
| - name: Build signia CLI (release) | ||
| shell: bash | ||
| run: | | ||
| set -euo pipefail | ||
| cargo build --release --locked --target "${{ matrix.target }}" --manifest-path crates/signia-cli/Cargo.toml | ||
| - name: Build signia API (release) | ||
| shell: bash | ||
| run: | | ||
| set -euo pipefail | ||
| cargo build --release --locked --target "${{ matrix.target }}" --manifest-path crates/signia-api/Cargo.toml | ||
| - name: Package artifacts (unix) | ||
| if: runner.os != 'Windows' | ||
| shell: bash | ||
| run: | | ||
| set -euo pipefail | ||
| TAG="${{ needs.meta.outputs.tag }}" | ||
| TARGET="${{ matrix.target }}" | ||
| OUT="dist/${TAG}/${TARGET}" | ||
| mkdir -p "${OUT}" | ||
| cp "crates/signia-cli/target/${TARGET}/release/signia" "${OUT}/signia" | ||
| # API binary name depends on your Cargo.toml; adjust if different. | ||
| # Default assumed: signia-api | ||
| cp "crates/signia-api/target/${TARGET}/release/signia-api" "${OUT}/signia-api" | ||
| # Include licenses and notices | ||
| cp LICENSE "${OUT}/LICENSE" | ||
| if [ -f NOTICE ]; then cp NOTICE "${OUT}/NOTICE"; fi | ||
| if [ -f README.md ]; then cp README.md "${OUT}/README.md"; fi | ||
| (cd "dist/${TAG}" && tar -czf "signia-${TAG}-${TARGET}.tar.gz" "${TARGET}") | ||
| - name: Package artifacts (windows) | ||
| if: runner.os == 'Windows' | ||
| shell: pwsh | ||
| run: | | ||
| $ErrorActionPreference = "Stop" | ||
| $tag = "${{ needs.meta.outputs.tag }}" | ||
| $target = "${{ matrix.target }}" | ||
| $out = "dist/$tag/$target" | ||
| New-Item -ItemType Directory -Force -Path $out | Out-Null | ||
| Copy-Item "crates/signia-cli/target/$target/release/signia.exe" "$out/signia.exe" | ||
| Copy-Item "crates/signia-api/target/$target/release/signia-api.exe" "$out/signia-api.exe" | ||
| Copy-Item "LICENSE" "$out/LICENSE" | ||
| if (Test-Path "NOTICE") { Copy-Item "NOTICE" "$out/NOTICE" } | ||
| if (Test-Path "README.md") { Copy-Item "README.md" "$out/README.md" } | ||
| Compress-Archive -Path "dist/$tag/$target" -DestinationPath "dist/$tag/signia-$tag-$target.zip" -Force | ||
| - name: Generate checksums (unix) | ||
| if: runner.os != 'Windows' | ||
| shell: bash | ||
| run: | | ||
| set -euo pipefail | ||
| TAG="${{ needs.meta.outputs.tag }}" | ||
| cd "dist/${TAG}" | ||
| shasum -a 256 "signia-${TAG}-${{ matrix.target }}.${{ matrix.artifact_ext }}" > "signia-${TAG}-${{ matrix.target }}.${{ matrix.artifact_ext }}.sha256" | ||
| - name: Generate checksums (windows) | ||
| if: runner.os == 'Windows' | ||
| shell: pwsh | ||
| run: | | ||
| $ErrorActionPreference = "Stop" | ||
| $tag = "${{ needs.meta.outputs.tag }}" | ||
| $target = "${{ matrix.target }}" | ||
| $file = "dist/$tag/signia-$tag-$target.zip" | ||
| $hash = (Get-FileHash -Algorithm SHA256 $file).Hash.ToLower() | ||
| "$hash signia-$tag-$target.zip" | Out-File -FilePath "dist/$tag/signia-$tag-$target.zip.sha256" -Encoding ascii | ||
| - name: Upload dist artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: dist-${{ matrix.target }} | ||
| path: dist/${{ needs.meta.outputs.tag }}/* | ||
| if-no-files-found: error | ||
| github-release: | ||
| name: Create GitHub Release | ||
| needs: [meta, build-binaries] | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Download all dist artifacts | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| path: dist-merge | ||
| - name: Flatten dist directory | ||
| run: | | ||
| set -euo pipefail | ||
| TAG="${{ needs.meta.outputs.tag }}" | ||
| mkdir -p "release-dist/${TAG}" | ||
| find dist-merge -type f -name "signia-${TAG}-*.tar.gz" -exec cp {} "release-dist/${TAG}/" \; | ||
| find dist-merge -type f -name "signia-${TAG}-*.zip" -exec cp {} "release-dist/${TAG}/" \; | ||
| find dist-merge -type f -name "*.sha256" -exec cp {} "release-dist/${TAG}/" \; | ||
| ls -la "release-dist/${TAG}" | ||
| - name: Generate release notes (basic) | ||
| run: | | ||
| set -euo pipefail | ||
| TAG="${{ needs.meta.outputs.tag }}" | ||
| cat > RELEASE_NOTES.md <<EOF | ||
| SIGNIA ${TAG} | ||
| Assets: | ||
| - signia (CLI) | ||
| - signia-api (API service) | ||
| - SHA256 checksums included | ||
| Notes: | ||
| - This release is built from tag ${TAG}. | ||
| EOF | ||
| - name: Publish GitHub Release and upload assets | ||
| uses: softprops/action-gh-release@v2 | ||
| with: | ||
| tag_name: ${{ needs.meta.outputs.tag }} | ||
| name: SIGNIA ${{ needs.meta.outputs.tag }} | ||
| body_path: RELEASE_NOTES.md | ||
| draft: false | ||
| prerelease: false | ||
| files: | | ||
| release-dist/${{ needs.meta.outputs.tag }}/signia-${{ needs.meta.outputs.tag }}-*.tar.gz | ||
| release-dist/${{ needs.meta.outputs.tag }}/signia-${{ needs.meta.outputs.tag }}-*.zip | ||
| release-dist/${{ needs.meta.outputs.tag }}/*.sha256 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| docker: | ||
| name: Build and push Docker images (optional) | ||
| needs: [meta, github-release] | ||
| runs-on: ubuntu-latest | ||
| if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| - name: Build and push API image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| file: infra/docker/api.Dockerfile | ||
| push: true | ||
| tags: | | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/signia-api:${{ needs.meta.outputs.version }} | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/signia-api:latest | ||
| - name: Build and push Console image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| file: infra/docker/console.Dockerfile | ||
| push: true | ||
| tags: | | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/signia-console:${{ needs.meta.outputs.version }} | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/signia-console:latest | ||
| - name: Build and push Interface image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| file: infra/docker/interface.Dockerfile | ||
| push: true | ||
| tags: | | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/signia-interface:${{ needs.meta.outputs.version }} | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/signia-interface:latest | ||
| npm: | ||
| name: Publish npm packages (optional) | ||
| needs: [meta, github-release] | ||
| runs-on: ubuntu-latest | ||
| if: ${{ secrets.NPM_TOKEN != '' }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Node | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: ${{ env.NODE_VERSION }} | ||
| registry-url: "https://registry.npmjs.org" | ||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| with: | ||
| version: ${{ env.PNPM_VERSION }} | ||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
| - name: Build packages | ||
| run: | | ||
| set -euo pipefail | ||
| if [ -d "sdk/ts" ]; then | ||
| (cd sdk/ts && pnpm install --frozen-lockfile || true) | ||
| (cd sdk/ts && (pnpm run build || true)) | ||
| fi | ||
| - name: Publish sdk/ts (if configured) | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| run: | | ||
| set -euo pipefail | ||
| if [ -f "sdk/ts/package.json" ]; then | ||
| cd sdk/ts | ||
| # Ensure package.json has proper name/version and "publishConfig" if needed. | ||
| npm publish --access public || npm publish | ||
| else | ||
| echo "sdk/ts/package.json not found; skipping." | ||
| fi | ||
