Bump serde_jcs (#27) #11
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Native FFI Artifacts | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: "Build and package release artifacts without publishing a GitHub release" | |
| required: true | |
| default: true | |
| type: boolean | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| name: Build (${{ matrix.label }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| label: linux x86_64 | |
| asset_suffix: linux-x86_64 | |
| lib_path: target/release/libintegrity_ffi.so | |
| lib_name: libintegrity_ffi.so | |
| import_lib_candidates: "" | |
| - os: macos-14 | |
| label: macos 14 aarch64 | |
| asset_suffix: macos-14-aarch64 | |
| lib_path: target/release/libintegrity_ffi.dylib | |
| lib_name: libintegrity_ffi.dylib | |
| import_lib_candidates: "" | |
| - os: macos-15-intel | |
| label: macos 15 x86_64 | |
| asset_suffix: macos-15-x86_64 | |
| lib_path: target/release/libintegrity_ffi.dylib | |
| lib_name: libintegrity_ffi.dylib | |
| import_lib_candidates: "" | |
| - os: macos-15 | |
| label: macos 15 aarch64 | |
| asset_suffix: macos-15-aarch64 | |
| lib_path: target/release/libintegrity_ffi.dylib | |
| lib_name: libintegrity_ffi.dylib | |
| import_lib_candidates: "" | |
| steps: | |
| - name: Install Nix | |
| uses: eqtylab-actions/install-nix-action@v31 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - name: Cachix | |
| uses: eqtylab-actions/cachix-action@v14 | |
| with: | |
| name: eqtylab | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| skipPush: true | |
| continue-on-error: true | |
| - name: Checkout repo | |
| uses: eqtylab-actions/checkout@v4 | |
| - name: Rust cache | |
| uses: eqtylab-actions/rust-cache@v2 | |
| - name: Build release cdylib | |
| run: nix develop . -c cargo build --release --locked -p integrity-ffi --features "blob-all,signer-all" | |
| - name: Stage artifact files | |
| shell: bash | |
| run: | | |
| nix develop . -c bash -euxo pipefail <<'SCRIPT_EOF' | |
| pkg="integrity-ffi-${{ matrix.asset_suffix }}" | |
| out_dir="dist/${pkg}" | |
| mkdir -p "${out_dir}" | |
| cp "${{ matrix.lib_path }}" "${out_dir}/${{ matrix.lib_name }}" | |
| cp include/integrity_ffi.h "${out_dir}/integrity_ffi.h" | |
| cp LICENSE "${out_dir}/LICENSE" | |
| for candidate in ${{ matrix.import_lib_candidates }}; do | |
| if [ -f "${candidate}" ]; then | |
| cp "${candidate}" "${out_dir}/" | |
| fi | |
| done | |
| cat > "${out_dir}/BUILD_INFO.txt" <<BUILD_INFO_EOF | |
| crate=integrity-ffi | |
| git_ref=${GITHUB_REF} | |
| git_sha=${GITHUB_SHA} | |
| runner_os=${RUNNER_OS} | |
| asset_suffix=${{ matrix.asset_suffix }} | |
| BUILD_INFO_EOF | |
| SCRIPT_EOF | |
| - name: Upload workflow artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: integrity-ffi-${{ matrix.asset_suffix }} | |
| path: dist/integrity-ffi-${{ matrix.asset_suffix }} | |
| if-no-files-found: error | |
| package: | |
| name: Package Release Bundles | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Nix | |
| uses: eqtylab-actions/install-nix-action@v31 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - name: Cachix | |
| uses: eqtylab-actions/cachix-action@v14 | |
| with: | |
| name: eqtylab | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| skipPush: true | |
| continue-on-error: true | |
| - name: Checkout repo | |
| uses: eqtylab-actions/checkout@v4 | |
| - name: Download all build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: release-artifacts | |
| pattern: integrity-ffi-* | |
| - name: Package tarballs + checksums | |
| shell: bash | |
| run: | | |
| nix develop . -c bash -euxo pipefail <<'SCRIPT_EOF' | |
| mkdir -p release | |
| for dir in release-artifacts/*; do | |
| [ -d "${dir}" ] || continue | |
| base="$(basename "${dir}")" | |
| tar -czf "release/${base}.tar.gz" -C release-artifacts "${base}" | |
| done | |
| sha256sum release/*.tar.gz > release/SHA256SUMS.txt | |
| SCRIPT_EOF | |
| - name: Upload packaged release artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: integrity-ffi-release-bundles | |
| path: | | |
| release/*.tar.gz | |
| release/SHA256SUMS.txt | |
| if-no-files-found: error | |
| - name: Dry-run summary | |
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }} | |
| run: | | |
| echo "Dry-run enabled: packaged artifacts were uploaded and no GitHub release will be created." | |
| publish-release: | |
| name: Publish GitHub Release Assets | |
| needs: package | |
| runs-on: ubuntu-latest | |
| if: >- | |
| startsWith(github.ref, 'refs/tags/') && | |
| !(github.event_name == 'workflow_dispatch' && inputs.dry_run) | |
| steps: | |
| - name: Download packaged release artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: release | |
| name: integrity-ffi-release-bundles | |
| - name: Upload release assets | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| release/**/*.tar.gz | |
| release/**/SHA256SUMS.txt |