docs: real-repo scan benchmarks, Security section, v0.1.23 #19
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| npm_pkg: chub-linux-x64 | |
| binary: chub | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| npm_pkg: chub-linux-arm64 | |
| binary: chub | |
| - target: x86_64-apple-darwin | |
| os: macos-latest | |
| npm_pkg: chub-darwin-x64 | |
| binary: chub | |
| - target: aarch64-apple-darwin | |
| os: macos-latest | |
| npm_pkg: chub-darwin-arm64 | |
| binary: chub | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| npm_pkg: chub-win32-x64 | |
| binary: chub.exe | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install cross-compilation tools (Linux ARM64) | |
| if: matrix.target == 'aarch64-unknown-linux-gnu' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-aarch64-linux-gnu | |
| echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV | |
| - name: Build release binary | |
| run: cargo build --release --target ${{ matrix.target }} | |
| - name: Copy binary to npm package | |
| shell: bash | |
| run: | | |
| cp target/${{ matrix.target }}/release/${{ matrix.binary }} npm/${{ matrix.npm_pkg }}/ | |
| - name: Upload npm artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.npm_pkg }} | |
| path: npm/${{ matrix.npm_pkg }}/ | |
| - name: Upload binary artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binary-${{ matrix.target }} | |
| path: target/${{ matrix.target }}/release/${{ matrix.binary }} | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - run: cargo test --all | |
| smoke-test: | |
| needs: [build] | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| binary: chub | |
| - target: x86_64-apple-darwin | |
| os: macos-latest | |
| binary: chub | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| binary: chub.exe | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download binary artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: binary-${{ matrix.target }} | |
| path: bin | |
| - name: Set executable permission | |
| if: runner.os != 'Windows' | |
| run: chmod +x bin/${{ matrix.binary }} | |
| - name: Verify --version output | |
| shell: bash | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| OUTPUT=$(bin/${{ matrix.binary }} --version) | |
| echo "Binary output: $OUTPUT" | |
| if [[ "$OUTPUT" != *"$VERSION"* ]]; then | |
| echo "ERROR: Version mismatch — expected '$VERSION' in output" | |
| exit 1 | |
| fi | |
| - name: Verify --help runs | |
| shell: bash | |
| run: bin/${{ matrix.binary }} --help | |
| - name: Verify build --validate-only works | |
| shell: bash | |
| run: bin/${{ matrix.binary }} build ./content --validate-only | |
| - name: Verify search runs against built registry | |
| shell: bash | |
| run: | | |
| bin/${{ matrix.binary }} build ./content -o ./test-dist | |
| CHUB_BUNDLE_URL="file://$PWD/test-dist" bin/${{ matrix.binary }} search "stripe" --json | head -5 | |
| package-test: | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - name: Test npm package structure | |
| run: | | |
| for pkg in chub-linux-x64 chub-linux-arm64 chub-darwin-x64 chub-darwin-arm64 chub-win32-x64; do | |
| echo "Checking $pkg..." | |
| cp -r artifacts/$pkg/* npm/$pkg/ | |
| cd npm/$pkg | |
| npm pack --dry-run | |
| cd $GITHUB_WORKSPACE | |
| done | |
| cd npm/chub | |
| npm pack --dry-run | |
| - name: Test npm local install | |
| run: | | |
| chmod +x npm/chub-linux-x64/chub | |
| cd npm/chub-linux-x64 && npm pack && cd $GITHUB_WORKSPACE | |
| cd npm/chub && npm pack && cd $GITHUB_WORKSPACE | |
| npm install -g ./npm/chub-linux-x64/*.tgz ./npm/chub/*.tgz | |
| chub --version | |
| chub --help | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT | |
| - name: Test Python wheel build and install | |
| run: | | |
| binary="artifacts/binary-x86_64-unknown-linux-gnu/chub" | |
| chmod +x "$binary" | |
| python python/build_wheel.py \ | |
| --binary "$binary" \ | |
| --target x86_64-unknown-linux-gnu \ | |
| --version "${{ steps.version.outputs.VERSION }}" \ | |
| --output test-dist/ | |
| pip install twine | |
| twine check test-dist/*.whl | |
| pip install test-dist/*.whl | |
| chub --version | |
| chub --help | |
| - name: Test cargo package (dry-run) | |
| run: | | |
| cargo package -p chub-core --allow-dirty | |
| cargo package -p chub-cli --allow-dirty | |
| cargo package -p chub --allow-dirty | |
| publish-npm: | |
| needs: [build, test, smoke-test, package-test] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| registry-url: https://registry.npmjs.org | |
| - name: Ensure npm >= 11.5.1 for OIDC trusted publishing | |
| run: npm install -g npm@latest | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - name: Copy binaries into npm packages | |
| run: | | |
| for pkg in chub-linux-x64 chub-linux-arm64 chub-darwin-x64 chub-darwin-arm64 chub-win32-x64; do | |
| cp -r artifacts/$pkg/* npm/$pkg/ | |
| done | |
| - name: Set executable permissions | |
| run: | | |
| chmod +x npm/chub-linux-x64/chub | |
| chmod +x npm/chub-linux-arm64/chub | |
| chmod +x npm/chub-darwin-x64/chub | |
| chmod +x npm/chub-darwin-arm64/chub | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT | |
| - name: Update package versions | |
| run: | | |
| for dir in npm/chub npm/chub-linux-x64 npm/chub-linux-arm64 npm/chub-darwin-x64 npm/chub-darwin-arm64 npm/chub-win32-x64; do | |
| cd $dir | |
| npm version ${{ steps.version.outputs.VERSION }} --no-git-tag-version --allow-same-version | |
| cd $GITHUB_WORKSPACE | |
| done | |
| - name: Publish platform packages | |
| run: | | |
| for dir in npm/chub-linux-x64 npm/chub-linux-arm64 npm/chub-darwin-x64 npm/chub-darwin-arm64 npm/chub-win32-x64; do | |
| cd $dir | |
| npm publish --access public --provenance || true | |
| cd $GITHUB_WORKSPACE | |
| done | |
| - name: Publish wrapper package | |
| run: | | |
| cd npm/chub | |
| npm publish --access public --provenance | |
| publish-crates: | |
| needs: [test, smoke-test, package-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Publish chub-core to crates.io | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| run: cargo publish -p chub-core | |
| - name: Wait for crates.io index update | |
| run: sleep 30 | |
| - name: Publish chub-cli to crates.io | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| run: cargo publish -p chub-cli | |
| - name: Wait for crates.io index update | |
| run: sleep 30 | |
| - name: Publish chub to crates.io | |
| env: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
| run: cargo publish -p chub | |
| publish-pypi: | |
| needs: [build, test, smoke-test, package-test] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Download all binary artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT | |
| - name: Update Python package version | |
| run: | | |
| VERSION=${{ steps.version.outputs.VERSION }} | |
| sed -i "s/^version = .*/version = \"$VERSION\"/" python/pyproject.toml | |
| sed -i "s/^__version__ = .*/__version__ = \"$VERSION\"/" python/chub/__init__.py | |
| - name: Build platform wheels | |
| run: | | |
| targets=( | |
| "x86_64-unknown-linux-gnu:chub" | |
| "aarch64-unknown-linux-gnu:chub" | |
| "x86_64-apple-darwin:chub" | |
| "aarch64-apple-darwin:chub" | |
| "x86_64-pc-windows-msvc:chub.exe" | |
| ) | |
| for entry in "${targets[@]}"; do | |
| target="${entry%%:*}" | |
| bin_name="${entry##*:}" | |
| binary="artifacts/binary-${target}/${bin_name}" | |
| if [ -f "$binary" ]; then | |
| chmod +x "$binary" 2>/dev/null || true | |
| python python/build_wheel.py \ | |
| --binary "$binary" \ | |
| --target "$target" \ | |
| --version "${{ steps.version.outputs.VERSION }}" \ | |
| --output dist/ | |
| else | |
| echo "WARNING: Binary not found for $target at $binary" | |
| fi | |
| done | |
| ls -la dist/ | |
| - name: Validate wheels | |
| run: | | |
| pip install twine | |
| twine check dist/*.whl | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| packages-dir: dist/ | |
| release: | |
| needs: [publish-npm, publish-crates, publish-pypi] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true |