Merge branch 'main' of github.com:azerpas/bourso-api #30
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Inspired by https://github.com/Swatinem/rust-cache/blob/master/.github/workflows/simple.yml | |
| name: CI/CD | |
| on: | |
| push: | |
| tags: | |
| - v*.*.* | |
| permissions: | |
| contents: write | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| build: | |
| outputs: | |
| hash-ubuntu-latest: ${{ steps.hash.outputs.hash-ubuntu-latest }} | |
| hash-macos-latest: ${{ steps.hash.outputs.hash-macos-latest }} | |
| hash-windows-latest: ${{ steps.hash-windows.outputs.hash-windows-latest }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| name: Bourso CLI ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # When rustup is updated, it tries to replace its binary, which on Windows is somehow locked. | |
| # This can result in the CI failure, see: https://github.com/rust-lang/rustup/issues/3029 | |
| - run: | | |
| rustup set auto-self-update disable | |
| rustup toolchain install stable --profile minimal | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - name: Cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Check and test | |
| run: | | |
| cargo check | |
| cargo test | |
| cargo test -p bourso_api | |
| - name: Build release | |
| run: cargo build --release | |
| - name: Rename and make executabe Mac Release | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| chmod +x target/release/bourso-cli | |
| tar -czvf target/release/bourso-cli-darwin.tar.gz -C target/release bourso-cli | |
| - name: Build Linux Release | |
| if: matrix.os == 'ubuntu-latest' | |
| run: tar -czvf target/release/bourso-cli-linux.tar.gz -C target/release bourso-cli | |
| - name: Generate subject for Unix-like | |
| if: matrix.os != 'windows-latest' | |
| id: hash | |
| run: | | |
| set -euo pipefail | |
| if [ ${{ matrix.os }} = "ubuntu-latest" ]; then | |
| echo "hash-${{ matrix.os }}=$(sha256sum target/release/bourso-cli | base64 -w0)" >> "$GITHUB_OUTPUT" | |
| elif [ ${{ matrix.os }} = "macos-latest" ]; then | |
| echo "hash-${{ matrix.os }}=$(shasum -a 256 target/release/bourso-cli | base64)" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Generate subject for Windows | |
| if: matrix.os == 'windows-latest' | |
| id: hash-windows | |
| run: | | |
| # Stop script execution on errors (similar to set -e in Unix) | |
| $ErrorActionPreference = "Stop" | |
| $hash = Get-FileHash -Path "target/release/bourso-cli.exe" -Algorithm SHA256 | |
| $hashString = $hash.Hash.ToLower() + " target/release/bourso-cli.exe" | |
| $base64Hash = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($hashString)) | |
| echo "hash-windows-latest=$base64Hash" | Out-File -FilePath $env:GITHUB_OUTPUT -Append | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2.0.4 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| files: | | |
| target/release/bourso-cli-linux.tar.gz | |
| target/release/bourso-cli-darwin.tar.gz | |
| target/release/bourso-cli.exe | |
| provenance: | |
| needs: [build] | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| permissions: | |
| actions: read # To read the workflow path. | |
| id-token: write # To sign the provenance. | |
| contents: write # To add assets to a release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 | |
| with: | |
| provenance-name: provenance-id-${{ matrix.os }}.intoto.jsonl | |
| base64-subjects: "${{ needs.build.outputs[format('hash-{0}', matrix.os)] }}" | |
| upload-assets: true # Optional: Upload to a new release |