patrick.jackson.dev / cmprss
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

cmprss / .github / workflows / publish.yml
at tangled-ci 160 lines 5.7 kB view raw
Patrick Jackson chore(deps): bump GitHub Actions to latest versions
bf8f1990
1# Publish workflow — publishes release artifacts. 2# 3# Jobs: 4# - snap: builds and publishes the snap package to the Snap Store. 5# - binaries: builds static musl binaries via Nix and attaches them to the 6# GitHub Release. Runs only on release events (not on push validation). 7# 8# Triggers: 9# 1. workflow_run: After Nix CI passes on main. Builds the snap to validate 10# the packaging pipeline on every push to main. The binaries job is 11# skipped on this trigger. 12# 13# 2. workflow_dispatch: Triggered by the release-plz workflow after a release 14# is created, or manually for retrying a failed release. Accepts a tag name 15# input and publishes the snap and uploads binaries for that tag. 16# 17# 3. release (published): Kept as a fallback trigger in case the release is 18# created with a token that fires events (e.g. a PAT or GitHub App token). 19# 20# Note: release-plz uses GITHUB_TOKEN, so releases it creates do not fire the 21# release event (GitHub Actions limitation). The release-plz workflow explicitly 22# dispatches this workflow instead. 23 24name: Publish 25 26on: 27 workflow_run: 28 workflows: ["Nix"] 29 types: [completed] 30 branches: ["main"] 31 release: 32 types: [published] 33 workflow_dispatch: 34 inputs: 35 tag_name: 36 description: "Release tag to retry (e.g. v1.2.3)" 37 required: true 38 type: string 39 40jobs: 41 snap: 42 name: Snap 43 runs-on: ubuntu-latest 44 if: | 45 github.repository_owner == 'arcuru' && 46 (github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success') 47 environment: ${{ (github.event_name == 'release' || github.event_name == 'workflow_dispatch') && 'publish' || '' }} 48 steps: 49 - name: Resolve ref 50 id: ref 51 env: 52 EVENT_NAME: ${{ github.event_name }} 53 RELEASE_TAG: ${{ github.event.release.tag_name }} 54 INPUT_TAG: ${{ inputs.tag_name }} 55 RUN_SHA: ${{ github.event.workflow_run.head_sha || github.sha }} 56 run: | 57 if [[ "$EVENT_NAME" == "release" ]]; then 58 echo "ref=$RELEASE_TAG" >> "$GITHUB_OUTPUT" 59 elif [[ "$EVENT_NAME" == "workflow_dispatch" ]]; then 60 echo "ref=$INPUT_TAG" >> "$GITHUB_OUTPUT" 61 else 62 echo "ref=$RUN_SHA" >> "$GITHUB_OUTPUT" 63 fi 64 65 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 66 with: 67 ref: ${{ steps.ref.outputs.ref }} 68 69 - name: Set snap version from release tag 70 if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' 71 env: 72 TAG: ${{ github.event.release.tag_name || inputs.tag_name }} 73 run: | 74 VERSION="${TAG#v}" 75 sed -i "s/^version: .*/version: \"${VERSION}\"/" snap/snapcraft.yaml 76 77 - uses: snapcore/action-build@d12445ae70c52b1ead8b8a0ac6635f0432af5c80 # v1.3.0 78 id: build 79 80 - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 81 with: 82 name: snap 83 path: ${{ steps.build.outputs.snap }} 84 85 - name: Publish to Snap Store 86 if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' 87 uses: snapcore/action-publish@214b86e5ca036ead1668c79afb81e550e6c54d40 # v1.2.0 88 env: 89 SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }} 90 with: 91 snap: ${{ steps.build.outputs.snap }} 92 release: stable 93 94 binaries: 95 name: Binary (${{ matrix.target }}) 96 runs-on: ${{ matrix.runner }} 97 if: | 98 github.repository_owner == 'arcuru' && 99 (github.event_name == 'release' || github.event_name == 'workflow_dispatch') 100 permissions: 101 contents: write 102 strategy: 103 fail-fast: false 104 matrix: 105 include: 106 - runner: ubuntu-latest 107 target: x86_64-unknown-linux-musl 108 - runner: ubuntu-24.04-arm 109 target: aarch64-unknown-linux-musl 110 steps: 111 - name: Resolve tag 112 id: tag 113 env: 114 EVENT_NAME: ${{ github.event_name }} 115 RELEASE_TAG: ${{ github.event.release.tag_name }} 116 INPUT_TAG: ${{ inputs.tag_name }} 117 run: | 118 if [[ "$EVENT_NAME" == "release" ]]; then 119 TAG="$RELEASE_TAG" 120 else 121 TAG="$INPUT_TAG" 122 fi 123 echo "tag=$TAG" >> "$GITHUB_OUTPUT" 124 125 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 126 with: 127 ref: ${{ steps.tag.outputs.tag }} 128 129 - name: Install Nix 130 uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25 # v22 131 132 - name: Nix Cache 133 uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 134 135 - name: Build static binary 136 run: nix build -L .#cmprss-static 137 138 - name: Package binary 139 id: pkg 140 env: 141 TAG: ${{ steps.tag.outputs.tag }} 142 TARGET: ${{ matrix.target }} 143 run: | 144 DIR="cmprss-${TAG}-${TARGET}" 145 ASSET="${DIR}.tar.gz" 146 mkdir "$DIR" 147 install -m 0755 result/bin/cmprss "${DIR}/cmprss" 148 cp README.md LICENSE.txt "${DIR}/" 149 tar -czf "$ASSET" "$DIR" 150 sha256sum "$ASSET" > "${ASSET}.sha256" 151 echo "asset=$ASSET" >> "$GITHUB_OUTPUT" 152 153 - name: Upload to GitHub Release 154 env: 155 GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 156 TAG: ${{ steps.tag.outputs.tag }} 157 ASSET: ${{ steps.pkg.outputs.asset }} 158 run: | 159 gh release upload "$TAG" "$ASSET" "${ASSET}.sha256" \ 160 --clobber --repo "$GITHUB_REPOSITORY"