Skip to content

chore: release v0.2.1 (#389) #13

chore: release v0.2.1 (#389)

chore: release v0.2.1 (#389) #13

Workflow file for this run

name: Build
on:
push:
tags:
- "v*"
- "tempo-wallet@*"
- "tempo-request@*"
permissions:
contents: write
env:
CARGO_TERM_COLOR: always
CARGO_NET_GIT_FETCH_WITH_CLI: "true"
jobs:
parse-tag:
name: Parse tag
runs-on: ubuntu-latest
outputs:
packages: ${{ steps.parse.outputs.packages }}
version: ${{ steps.parse.outputs.version }}
release_tag: ${{ steps.parse.outputs.release_tag }}
steps:
- name: Parse release scope and version from tag
id: parse
run: |
TAG="${GITHUB_REF#refs/tags/}"
if [[ "$TAG" == v* ]]; then
VERSION="${TAG#v}"
PACKAGES='["tempo-wallet","tempo-request"]'
RELEASE_TAG="$TAG"
elif [[ "$TAG" == *"@"* ]]; then
PACKAGE="${TAG%%@*}"
VERSION="${TAG#*@}"
RELEASE_TAG="$TAG"
if [[ "$PACKAGE" == "tempo-wallet" || "$PACKAGE" == "tempo-request" ]]; then
PACKAGES="[\"${PACKAGE}\"]"
else
echo "Unsupported package in tag: ${PACKAGE}" >&2
exit 1
fi
else
echo "Unsupported tag format: ${TAG}" >&2
exit 1
fi
{
echo "packages=${PACKAGES}"
echo "version=${VERSION}"
echo "release_tag=${RELEASE_TAG}"
} >> "$GITHUB_OUTPUT"
echo "Tag: ${TAG}, packages: ${PACKAGES}, version: ${VERSION}, release tag: ${RELEASE_TAG}"
build:
name: Build ${{ matrix.package }} (${{ matrix.build.target }})
needs: [parse-tag]
runs-on: ${{ matrix.build.os }}
strategy:
fail-fast: false
matrix:
package: ${{ fromJson(needs.parse-tag.outputs.packages) }}
build:
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
suffix: linux-amd64
- os: ubuntu-24.04-arm
target: aarch64-unknown-linux-gnu
suffix: linux-arm64
- os: macos-latest
target: x86_64-apple-darwin
suffix: darwin-amd64
- os: macos-latest
target: aarch64-apple-darwin
suffix: darwin-arm64
env:
PACKAGE: ${{ matrix.package }}
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
with:
target: ${{ matrix.build.target }}
- uses: Swatinem/rust-cache@v2
with:
key: ${{ matrix.build.target }}
- name: Configure git auth
run: git config --global url."https://x-access-token:${{ secrets.GH_PAT }}@github.com/".insteadOf "https://github.com/"
- name: Build release binary
run: cargo build --release --target ${{ matrix.build.target }} -p ${{ env.PACKAGE }}
- run: strip target/${{ matrix.build.target }}/release/${{ env.PACKAGE }}
- run: mv target/${{ matrix.build.target }}/release/${{ env.PACKAGE }} ${{ env.PACKAGE }}-${{ matrix.build.suffix }}
- uses: actions/upload-artifact@v7
with:
name: ${{ env.PACKAGE }}-${{ matrix.build.suffix }}
path: ${{ env.PACKAGE }}-${{ matrix.build.suffix }}
publish:
name: Publish ${{ matrix.package }}
needs: [parse-tag, build]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package: ${{ fromJson(needs.parse-tag.outputs.packages) }}
env:
PACKAGE: ${{ matrix.package }}
VERSION: ${{ needs.parse-tag.outputs.version }}
RELEASE_TAG: ${{ needs.parse-tag.outputs.release_tag }}
steps:
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
path: artifacts
pattern: ${{ env.PACKAGE }}-*
merge-multiple: true
- name: Wait for GitHub Release
env:
GH_TOKEN: ${{ github.token }}
run: |
TAG="${RELEASE_TAG}"
for i in $(seq 1 40); do
if gh release view "$TAG" >/dev/null 2>&1; then
echo "Release ${TAG} found"
exit 0
fi
echo "Waiting for release ${TAG}... (attempt ${i}/40)"
sleep 15
done
echo "Release ${TAG} was not created in time" >&2
exit 1
- name: Upload to GitHub Release
env:
GH_TOKEN: ${{ github.token }}
run: |
TAG="${RELEASE_TAG}"
gh release upload "$TAG" artifacts/* --clobber
- name: Configure git auth
run: git config --global url."https://x-access-token:${{ secrets.GH_PAT }}@github.com/".insteadOf "https://github.com/"
- name: Build release signer
run: cargo build --release -p tempo-sign
- name: Sign release binaries
env:
RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
run: |
echo -n "$RELEASE_SIGNING_KEY" | base64 -d > /tmp/release.key
URL_PREFIX="https://cli.tempo.xyz/extensions/${PACKAGE}"
declare -A PKG_DESC=(
[tempo-wallet]="Manage your Tempo Wallet"
[tempo-request]="Make an HTTP request"
)
SIGN_ARGS=(
--key-file /tmp/release.key
--artifacts-dir artifacts
--version "$VERSION"
--base-url "$URL_PREFIX"
--description "${PKG_DESC[$PACKAGE]}"
--output "artifacts/${PACKAGE}-manifest.json"
)
if [ "$PACKAGE" = "tempo-request" ] && [ -f "SKILL.md" ]; then
SKILL_SHA256=$(sha256sum "SKILL.md" | cut -d' ' -f1)
SIGN_ARGS+=(
--skill "${URL_PREFIX}/v${VERSION}/SKILL.md"
--skill-sha256 "$SKILL_SHA256"
--skill-file "SKILL.md"
)
fi
./target/release/tempo-sign sign "${SIGN_ARGS[@]}"
rm /tmp/release.key
- name: Upload to R2
env:
AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
AWS_ENDPOINT_URL: https://${{ secrets.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
run: |
aws configure set default.s3.multipart_threshold 200MB
PREFIX="extensions/${PACKAGE}"
VTAG="v${VERSION}"
# Binaries (latest + versioned)
for f in "artifacts/${PACKAGE}"-linux-* "artifacts/${PACKAGE}"-darwin-*; do
[ -f "$f" ] || continue
BASENAME=$(basename "$f")
aws s3 cp "$f" "s3://tempo-cli/${PREFIX}/${BASENAME}" --endpoint-url "$AWS_ENDPOINT_URL"
aws s3 cp "$f" "s3://tempo-cli/${PREFIX}/${VTAG}/${BASENAME}" --endpoint-url "$AWS_ENDPOINT_URL"
done
# Signed manifest (latest + versioned)
aws s3 cp "artifacts/${PACKAGE}-manifest.json" "s3://tempo-cli/${PREFIX}/manifest.json" --endpoint-url "$AWS_ENDPOINT_URL"
aws s3 cp "artifacts/${PACKAGE}-manifest.json" "s3://tempo-cli/${PREFIX}/${VTAG}/manifest.json" --endpoint-url "$AWS_ENDPOINT_URL"
# SKILL.md (versioned snapshot, only for tempo-request)
if [ "$PACKAGE" = "tempo-request" ] && [ -f "SKILL.md" ]; then
aws s3 cp "SKILL.md" "s3://tempo-cli/${PREFIX}/${VTAG}/SKILL.md" --endpoint-url "$AWS_ENDPOINT_URL" --content-type "text/markdown"
fi
# VERSION
echo "${VERSION}" | aws s3 cp - "s3://tempo-cli/${PREFIX}/VERSION" --endpoint-url "$AWS_ENDPOINT_URL" --content-type "text/plain"
echo "Released ${PACKAGE}@${VERSION}"