name: Deploy on: push: branches: - master env: CARGO_INCREMENTAL: 0 CARGO_NET_RETRY: 10 RUST_BACKTRACE: short RUSTUP_MAX_RETRIES: 10 jobs: # Update release PR release_please: name: Release Please runs-on: ubuntu-latest outputs: release_created: ${{ steps.release.outputs.release_created }} tag_name: ${{ steps.release.outputs.tag_name }} steps: - uses: google-github-actions/release-please-action@v3 id: release with: token: ${{ secrets.GITHUB_TOKEN }} release-type: rust # Build sources for every OS github_build: name: Build release binaries needs: release_please if: ${{ needs.release_please.outputs.release_created }} strategy: fail-fast: false matrix: include: - target: x86_64-unknown-linux-gnu os: ubuntu-latest name: starship-x86_64-unknown-linux-gnu.tar.gz - target: x86_64-unknown-linux-musl os: ubuntu-latest name: starship-x86_64-unknown-linux-musl.tar.gz - target: i686-unknown-linux-musl os: ubuntu-latest name: starship-i686-unknown-linux-musl.tar.gz - target: aarch64-unknown-linux-musl os: ubuntu-latest name: starship-aarch64-unknown-linux-musl.tar.gz - target: arm-unknown-linux-musleabihf os: ubuntu-latest name: starship-arm-unknown-linux-musleabihf.tar.gz - target: x86_64-apple-darwin os: macOS-11 name: starship-x86_64-apple-darwin.tar.gz - target: aarch64-apple-darwin os: macOS-11 name: starship-aarch64-apple-darwin.tar.gz - target: x86_64-pc-windows-msvc os: windows-latest name: starship-x86_64-pc-windows-msvc.zip - target: i686-pc-windows-msvc os: windows-latest name: starship-i686-pc-windows-msvc.zip - target: aarch64-pc-windows-msvc os: windows-latest name: starship-aarch64-pc-windows-msvc.zip - target: x86_64-unknown-freebsd os: ubuntu-latest name: starship-x86_64-unknown-freebsd.tar.gz runs-on: ${{ matrix.os }} continue-on-error: true steps: - name: Setup | Checkout uses: actions/checkout@v3 - name: Setup | Rust uses: actions-rs/toolchain@v1.0.7 with: toolchain: stable override: true profile: minimal target: ${{ matrix.target }} - name: Build | Build uses: actions-rs/cargo@v1.0.3 with: command: build args: --release --locked --target ${{ matrix.target }} use-cross: ${{ matrix.os == 'ubuntu-latest' }} - name: Post Build | Prepare artifacts [Windows] if: matrix.os == 'windows-latest' run: | cd target/${{ matrix.target }}/release strip starship.exe 7z a ../../../${{ matrix.name }} starship.exe cd - - name: Post Build | Prepare artifacts [-nix] if: matrix.os != 'windows-latest' run: | cd target/${{ matrix.target }}/release # TODO: investigate better cross platform stripping strip starship || true tar czvf ../../../${{ matrix.name }} starship cd - - name: Deploy | Upload artifacts uses: actions/upload-artifact@v2 with: name: ${{ matrix.name }} path: ${{ matrix.name }} # Notarize starship binaries for MacOS and build notarized pkg installers notarize_and_pkgbuild: runs-on: macos-latest needs: github_build strategy: fail-fast: false matrix: include: - target: x86_64-apple-darwin arch: x86_64 name: starship-x86_64-apple-darwin.tar.gz pkgname: starship-x86_64-apple-darwin.pkg - target: aarch64-apple-darwin arch: aarch64 name: starship-aarch64-apple-darwin.tar.gz pkgname: starship-aarch64-apple-darwin.pkg env: KEYCHAIN_FILENAME: app-signing.keychain-db KEYCHAIN_ENTRY: AC_PASSWORD steps: - name: Checkout repository uses: actions/checkout@v3 - name: Notarize | Set up secrets env: APP_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_APPSIGNKEY_BASE64 }} INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_INSTALLERSIGNKEY_BASE64 }} P12_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }} KEYCHAIN_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }} APPLEID_USERNAME: ${{ secrets.APPLEDEV_ID_NAME }} APPLEID_TEAMID: ${{ secrets.APPLEDEV_TEAM_ID }} APPLEID_PASSWORD: ${{ secrets.APPLEDEV_PASSWORD }} run: | APP_CERTIFICATE_PATH="$RUNNER_TEMP/app_certificate.p12" INSTALL_CERTIFICATE_PATH="$RUNNER_TEMP/install_certificate.p12" KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME" # import certificates from secrets echo -n "$APP_CERTIFICATE_BASE64" | base64 --decode --output $APP_CERTIFICATE_PATH echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode --output $INSTALL_CERTIFICATE_PATH # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" # import certificates to keychain security import $APP_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH # Add Apple Developer ID credentials to keychain xcrun notarytool store-credentials "$KEYCHAIN_ENTRY" --team-id "$APPLEID_TEAMID" --apple-id "$APPLEID_USERNAME" --password "$APPLEID_PASSWORD" --keychain "$KEYCHAIN_PATH" - name: Notarize | Build docs run: | cd docs npm install npm run build - name: Notarize | Download artifacts uses: actions/download-artifact@v3 with: name: ${{ matrix.name }} path: artifacts - name: Notarize | Unpack Binaries run: tar xf artifacts/${{ matrix.name }} - name: Notarize | Build, Sign, and Notarize Pkg run: bash install/macos_packages/build_and_notarize.sh starship docs ${{ matrix.arch }} ${{ matrix.pkgname }} - name: Notarize | Upload Notarized Flat Installer uses: actions/upload-artifact@v2 with: name: ${{ matrix.pkgname }} path: ${{ matrix.pkgname }} - name: Notarize | Package Notarized Binary run: tar czvf ${{ matrix.name }} starship - name: Notarize | Upload Notarized Binary uses: actions/upload-artifact@v2 with: name: ${{ matrix.name }} path: ${{ matrix.name }} - name: Cleanup Secrets if: ${{ always() }} run: | KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME" security delete-keychain $KEYCHAIN_PATH # Create GitHub release with Rust build targets and release notes upload_artifacts: name: Add Build Artifacts to Release needs: [release_please, github_build, notarize_and_pkgbuild] runs-on: ubuntu-latest steps: - name: Setup | Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup | Artifacts uses: actions/download-artifact@v3 - name: Setup | Checksums run: for file in starship-*/starship-*; do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done - name: Build | Add Artifacts to Release uses: softprops/action-gh-release@v1 with: files: starship-*/starship-* tag_name: ${{ needs.release_please.outputs.release_created }} # Publish starship to Crates.io cargo_publish: name: Publish Cargo Package runs-on: ubuntu-latest needs: release_please if: ${{ needs.release_please.outputs.release_created }} steps: - name: Setup | Checkout uses: actions/checkout@v3 - name: Setup | Rust uses: actions-rs/toolchain@v1.0.7 with: toolchain: stable profile: minimal override: true - name: Build | Publish run: cargo publish --token ${{ secrets.CRATES_IO_TOKEN }} update_brew_formula: name: Update Brew Formula runs-on: ubuntu-latest needs: release_please if: ${{ needs.release_please.outputs.release_created }} steps: - uses: mislav/bump-homebrew-formula-action@v1.16 with: formula-name: starship env: COMMITTER_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} publish_docs: name: Publish docs to Netlify runs-on: ubuntu-latest needs: release_please if: ${{ needs.release_please.outputs.release_created }} steps: - name: Setup | Checkout uses: actions/checkout@v3 - name: Setup | Install dependencies run: npm install working-directory: docs - name: Build | Build docs site run: npm run build working-directory: docs - name: Publish uses: netlify/actions/cli@master with: args: deploy --prod --dir=docs/.vuepress/dist env: NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}