Skip to content

Build package

Build package #157060

Workflow file for this run

name: Build package
on:
workflow_call:
inputs:
crate:
description: Crate to release
required: true
type: string
version:
description: Version to release
required: true
type: string
target_arch:
description: Target to build against
required: true
type: string
build_os:
description: The OS to use for building
required: true
type: string
branch:
description: The branch which is checked out
required: true
type: string
features:
description: Features to enable
default: ""
type: string
no_default_features:
description: Disable default features
default: ""
type: string
always_build:
description: Always build even if it's already present, set to 1 to enable this
default: ""
type: string
skip_upload:
description: Skip upload
default: ""
type: string
workflow_dispatch:
inputs:
crate:
description: Crate to release
required: true
type: string
version:
description: Version to release
required: true
type: string
target_arch:
description: Target to build against
required: true
type: string
build_os:
description: The OS to use for building
required: true
type: string
branch:
description: The branch which is checked out
required: true
type: string
features:
description: Features to enable
default: ""
type: string
no_default_features:
description: Disable default features
default: ""
type: string
always_build:
description: Always build even if it's already present, set to 1 to enable this
default: ""
type: string
skip_upload:
description: Skip upload
default: ""
type: string
concurrency:
group: build-package-${{ github.event.inputs.crate }}-${{ github.event.inputs.version }}-${{ github.event.inputs.target_arch }}
env:
CRATE: ${{ inputs.crate }}
TARGET_ARCH: ${{ inputs.target_arch }}
VERSION: ${{ inputs.version }}
FEATURES: ${{ inputs.features }}
NO_DEFAULT_FEATURES: ${{ inputs.NO_DEFAULT_FEATURES }}
BUILD_DIR: ${{ github.workspace }}/built.d
jobs:
build-popular-package:
name: build-popular-package-${{ inputs.crate }}-${{ inputs.version }}-${{ inputs.target_arch }}-${{ inputs.features }}
runs-on: ${{ inputs.build_os }}
permissions: {}
defaults:
run:
shell: bash
steps:
- name: Checkout trigger commit
uses: actions/checkout@v4
with:
persist-credentials: false
path: trigger
- name: Checkout main repo
uses: actions/checkout@v4
with:
persist-credentials: false
ref: ${{ inputs.branch }}
path: cargo-quickinstall
- name: Print inputs
run: |
echo $CRATE
echo $VERSION
echo $TARGET_ARCH
echo $FEATURES
- name: Install latest rust
run: rustup toolchain install stable --no-self-update --profile minimal
- name: build package
env:
ALWAYS_BUILD: ${{ inputs.always_build }}
TEMPDIR: ${{ env.BUILD_DIR }}
run: |
set -euxo pipefail
# `tar` does not understand mixed forward and backslashes, but mkdir does.
# Try coercing it into a single style?
mkdir -p "$TEMPDIR"
pushd "$TEMPDIR"
TEMPDIR="$PWD"
popd
cargo-quickinstall/build-version.sh "$CRATE"
touch "$TEMPDIR/dummy-file"
ls "$TEMPDIR"
# At this point, I don't think that you can really trust anything on the system anymore.
# I'm not sure whether the js actions runtime is also affected by this.
# TODO: try breaking things so that uploads don't work.
- name: Upload run-local binary artifact
uses: actions/upload-artifact@v4
with:
name: built-${{ inputs.build_os }}
path: ${{ env.BUILD_DIR }}
if-no-files-found: error
upload-popular-package:
name: Upload
needs: build-popular-package
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
env:
BUILD_ARCHIVE: ${{ github.workspace }}/built.d/${{ inputs.crate }}-${{ inputs.version }}-${{ inputs.target_arch }}.tar.gz
SIG_FILENAME: ${{ github.workspace }}/built.d/${{ inputs.crate }}-${{ inputs.version }}-${{ inputs.target_arch }}.tar.gz.sig
steps:
- name: Checkout trigger commit
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CRONJOB_DEPLOY_KEY }}
persist-credentials: true
path: trigger
- name: Checkout main repo
uses: actions/checkout@v4
with:
persist-credentials: false
# TODO: maybe this should be main or configurable or something?
ref: ${{ inputs.branch }}
path: cargo-quickinstall
- name: Download binary artifact
uses: actions/download-artifact@v4
with:
name: built-${{ inputs.build_os }}
# TODO: check that we it can't write anywhere other than built.d
path: ${{ env.BUILD_DIR }}
- name: Check if tarball exists
id: check_files
uses: andstor/file-existence-action@v3
with:
files: ${{ env.BUILD_ARCHIVE }}
- name: Cancel if no tarball
if: steps.check_files.outputs.files_exists == 'false'
uses: andymckay/cancel-action@0.5
- name: Wait for cancellation signal if no tarball
if: steps.check_files.outputs.files_exists == 'false'
run: |
sleep 1m
exit 1
- name: Install minisign
run: |
set -euxo pipefail
cd /tmp
curl -L "$URL" | tar -xz
sudo mv minisign-linux/x86_64/minisign /usr/local/bin
env:
URL: https://github.com/jedisct1/minisign/releases/download/0.11/minisign-0.11-linux.tar.gz
- name: Sign the tarball
run: |
echo "$MINISIGN_PRIVATE_KEY" > /tmp/minisign-key
minisign -S -s /tmp/minisign-key -x $SIG_FILENAME -m $BUILD_ARCHIVE
env:
MINISIGN_PRIVATE_KEY: ${{ secrets.MINISIGN_PRIVATE_KEY }}
- name: Tag release
if: "! inputs.skip_upload"
run: |
(
set -euxo pipefail
cd trigger
if ! ../cargo-quickinstall/create_and_upload_tag.sh $CRATE-$VERSION; then
echo "$CRATE-$VERSION tag already exists"
fi
)
- name: Releasing assets in new release format
if: "! inputs.skip_upload"
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ inputs.crate }}-${{ inputs.version }}
release_name: ${{ inputs.crate }}-${{ inputs.version }}
body: build ${{ inputs.crate }}@${{ inputs.version }}
file: ${{ env.BUILD_ARCHIVE }}
- name: Releasing assets signature in new release format
if: "! inputs.skip_upload"
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ inputs.crate }}-${{ inputs.version }}
release_name: ${{ inputs.crate }}-${{ inputs.version }}
body: build ${{ inputs.crate }}@${{ inputs.version }}
file: ${{ env.SIG_FILENAME }}
- name: Upload signature
uses: actions/upload-artifact@v4
with:
name: signature
path: ${{ env.SIG_FILENAME }}
if-no-files-found: error
build-popular-package-failure:
needs:
- build-popular-package
if: ${{ failure() }}
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout trigger branch
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CRONJOB_DEPLOY_KEY }}
persist-credentials: true
ref: trigger/${{ inputs.target_arch }}
path: trigger
- name: Checkout trigger commit
uses: actions/checkout@v4
with:
persist-credentials: false
path: cargo-quickinstall
- name: Record failure
run: ${{ github.workspace }}/cargo-quickinstall/add-exclude.sh ${{ github.workspace }}/trigger