forked from BamPeers/rust-ci-github-actions-workflow
-
Notifications
You must be signed in to change notification settings - Fork 1
146 lines (132 loc) · 4.53 KB
/
Copy pathrelease-packaging.yaml
File metadata and controls
146 lines (132 loc) · 4.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Release Packaging
on:
push:
tags:
- 'v*'
permissions:
contents: write
env:
PROJECT_NAME_UNDERSCORE: test2
jobs:
release:
name: Linux
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: block
allowed-endpoints: >
api.deps.dev:443
api.github.com:443
api.osv.dev:443
api.scorecard.dev:443
fulcio.sigstore.dev:443
github.com:443
uploads.github.com:443
oss-fuzz-build-logs.storage.googleapis.com:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
www.bestpractices.dev:443
objects.githubusercontent.com:443
raw.githubusercontent.com:443
static.rust-lang.org:443
static.crates.io:443
index.crates.io:443
azure.archive.ubuntu.com:80
changelogs.ubuntu.com:443
esm.ubuntu.com:443
security.ubuntu.com:80
packages.microsoft.com:443
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # stable
with:
toolchain: stable
- name: Release Build
uses: yonasBSD/toolkit@9067fa17c79d97c3bad28da5ebba1d3c32ab3582 # v0.1.0
with:
run: |
cargo auditable build --release
- name: Set env
run: echo "NFPM_VERSION=$(curl -sL https://api.github.com/repos/goreleaser/nfpm/releases/latest | jq -r ".tag_name" | cut -d'v' -f2)" >> $GITHUB_ENV
- name: Create Packages
env:
VERSION: ${{ github.ref_name }}
run: |
wget https://github.com/goreleaser/nfpm/releases/download/v${NFPM_VERSION}/nfpm_${NFPM_VERSION}_amd64.deb
sudo dpkg -i nfpm_${NFPM_VERSION}_amd64.deb
rm nfpm_${NFPM_VERSION}_amd64.deb
sed -i -E "s/^version:.+$/version: $VERSION/g" nfpm.yaml
mkdir scripts
touch foo bar scripts/postremove.sh scripts/preremove.sh scripts/preinstall.sh scripts/postinstall.sh changelog.yaml foobar.conf
for pkg in deb apk archlinux rpm ipk; do
nfpm package -p $pkg
done
- name: Upload Artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
id: artifact-upload-step
with:
name: ${{ env.PROJECT_NAME_UNDERSCORE }}
path: |
*.deb
*.apk
*.ipk
*.rpm
*.zst
- name: Create Release
uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
with:
files: |
*.deb
*.apk
*.ipk
*.rpm
*.zst
#- name: Output artifact ID
# run: echo 'Artifact ID is ${{ steps.artifact-upload-step.outputs.artifact-id }}'
# - name: Create Release
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# tag: ${{ github.ref_name }}
# gh release create "$tag" \
# --repo="$GITHUB_REPOSITORY" \
# --title="${tag#v}" \
# --generate-notes
macos:
name: Mac
runs-on: macos-latest
permissions:
contents: write
packages: write
needs: [release]
steps:
- uses: actions/checkout@v6
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
default: true
- run: cargo build --release
- run: |
mv target/release/${{ env.PROJECT_NAME_UNDERSCORE }} ${{ env.PROJECT_NAME_UNDERSCORE }}-macos-64bit.dmg
gh release upload "${{ github.ref_name }}" ${{ env.PROJECT_NAME_UNDERSCORE }}-macos-64bit.dmg --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
windows:
name: Windows
runs-on: windows-latest
permissions:
contents: write
packages: write
needs: [release]
steps:
- uses: actions/checkout@v6
- uses: actions-rs/toolchain@v1
with:
toolchain: stable
default: true
- run: cargo build --release
- run: |
mv target/release/${{ env.PROJECT_NAME_UNDERSCORE }}.exe ${{ env.PROJECT_NAME_UNDERSCORE }}-windows-64bit.exe
gh release upload "${{ github.ref_name }}" ${{ env.PROJECT_NAME_UNDERSCORE }}-windows-64bit.exe --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}