starship/.github/workflows/deploy.yml

299 lines
9.6 KiB
YAML

name: Deploy
on:
push:
branches:
- master
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
jobs:
# Update release PR
release_please:
name: Release Please
runs-on: ubuntu-latest
if: github.repository == 'starship/starship'
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
steps:
- uses: google-github-actions/release-please-action@v3
id: release
with:
token: ${{ secrets.GITHUB_TOKEN }}
release-type: rust
# Build sources for every OS
github_build:
name: Build release binaries
needs: release_please
if: ${{ needs.release_please.outputs.release_created == 'true' }}
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
name: starship-x86_64-unknown-linux-gnu.tar.gz
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
name: starship-x86_64-unknown-linux-musl.tar.gz
- target: i686-unknown-linux-musl
os: ubuntu-latest
name: starship-i686-unknown-linux-musl.tar.gz
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
name: starship-aarch64-unknown-linux-musl.tar.gz
- target: arm-unknown-linux-musleabihf
os: ubuntu-latest
name: starship-arm-unknown-linux-musleabihf.tar.gz
- target: x86_64-apple-darwin
os: macOS-11
name: starship-x86_64-apple-darwin.tar.gz
- target: aarch64-apple-darwin
os: macOS-11
name: starship-aarch64-apple-darwin.tar.gz
- target: x86_64-pc-windows-msvc
os: windows-latest
name: starship-x86_64-pc-windows-msvc.zip
- target: i686-pc-windows-msvc
os: windows-latest
name: starship-i686-pc-windows-msvc.zip
- target: aarch64-pc-windows-msvc
os: windows-latest
name: starship-aarch64-pc-windows-msvc.zip
- target: x86_64-unknown-freebsd
os: ubuntu-latest
name: starship-x86_64-unknown-freebsd.tar.gz
runs-on: ${{ matrix.os }}
continue-on-error: true
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- name: Setup | Rust
uses: actions-rs/toolchain@v1.0.7
with:
toolchain: stable
override: true
profile: minimal
target: ${{ matrix.target }}
- name: Build | Build
uses: actions-rs/cargo@v1.0.3
with:
command: build
args: --release --locked --target ${{ matrix.target }}
use-cross: ${{ matrix.os == 'ubuntu-latest' }}
- name: Post Build | Prepare artifacts [Windows]
if: matrix.os == 'windows-latest'
run: |
cd target/${{ matrix.target }}/release
strip starship.exe
7z a ../../../${{ matrix.name }} starship.exe
cd -
- name: Post Build | Prepare artifacts [-nix]
if: matrix.os != 'windows-latest'
run: |
cd target/${{ matrix.target }}/release
# TODO: investigate better cross platform stripping
strip starship || true
tar czvf ../../../${{ matrix.name }} starship
cd -
- name: Deploy | Upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
# Notarize starship binaries for MacOS and build notarized pkg installers
notarize_and_pkgbuild:
runs-on: macos-latest
needs: github_build
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-apple-darwin
arch: x86_64
name: starship-x86_64-apple-darwin.tar.gz
pkgname: starship-x86_64-apple-darwin.pkg
- target: aarch64-apple-darwin
arch: aarch64
name: starship-aarch64-apple-darwin.tar.gz
pkgname: starship-aarch64-apple-darwin.pkg
env:
KEYCHAIN_FILENAME: app-signing.keychain-db
KEYCHAIN_ENTRY: AC_PASSWORD
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Notarize | Set up secrets
env:
APP_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_APPSIGNKEY_BASE64 }}
INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_INSTALLERSIGNKEY_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
APPLEID_USERNAME: ${{ secrets.APPLEDEV_ID_NAME }}
APPLEID_TEAMID: ${{ secrets.APPLEDEV_TEAM_ID }}
APPLEID_PASSWORD: ${{ secrets.APPLEDEV_PASSWORD }}
run: |
APP_CERTIFICATE_PATH="$RUNNER_TEMP/app_certificate.p12"
INSTALL_CERTIFICATE_PATH="$RUNNER_TEMP/install_certificate.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
# import certificates from secrets
echo -n "$APP_CERTIFICATE_BASE64" | base64 --decode --output $APP_CERTIFICATE_PATH
echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode --output $INSTALL_CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# import certificates to keychain
security import $APP_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Add Apple Developer ID credentials to keychain
xcrun notarytool store-credentials "$KEYCHAIN_ENTRY" --team-id "$APPLEID_TEAMID" --apple-id "$APPLEID_USERNAME" --password "$APPLEID_PASSWORD" --keychain "$KEYCHAIN_PATH"
- name: Notarize | Build docs
run: |
cd docs
npm install
npm run build
- name: Notarize | Download artifacts
uses: actions/download-artifact@v3
with:
name: ${{ matrix.name }}
path: artifacts
- name: Notarize | Unpack Binaries
run: tar xf artifacts/${{ matrix.name }}
- name: Notarize | Build, Sign, and Notarize Pkg
run: bash install/macos_packages/build_and_notarize.sh starship docs ${{ matrix.arch }} ${{ matrix.pkgname }}
- name: Notarize | Upload Notarized Flat Installer
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.pkgname }}
path: ${{ matrix.pkgname }}
- name: Notarize | Package Notarized Binary
run: tar czvf ${{ matrix.name }} starship
- name: Notarize | Upload Notarized Binary
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
- name: Cleanup Secrets
if: ${{ always() }}
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
security delete-keychain $KEYCHAIN_PATH
# Create GitHub release with Rust build targets and release notes
upload_artifacts:
name: Add Build Artifacts to Release
needs: [release_please, github_build, notarize_and_pkgbuild]
runs-on: ubuntu-latest
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup | Artifacts
uses: actions/download-artifact@v3
- name: Setup | Checksums
run: for file in starship-*/starship-*; do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done
- name: Build | Add Artifacts to Release
uses: softprops/action-gh-release@v1
with:
files: starship-*/starship-*
tag_name: ${{ needs.release_please.outputs.tag_name }}
# Publish starship to Crates.io
cargo_publish:
name: Publish Cargo Package
runs-on: ubuntu-latest
needs: release_please
if: ${{ needs.release_please.outputs.release_created == 'true' }}
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- name: Setup | Rust
uses: actions-rs/toolchain@v1.0.7
with:
toolchain: stable
profile: minimal
override: true
- name: Build | Publish
run: cargo publish --token ${{ secrets.CRATES_IO_TOKEN }}
update_brew_formula:
name: Update Brew Formula
runs-on: ubuntu-latest
needs: release_please
if: ${{ needs.release_please.outputs.release_created == 'true' }}
steps:
- uses: mislav/bump-homebrew-formula-action@v1.16
with:
formula-name: starship
tag_name: ${{ needs.release_please.outputs.tag_name }}
env:
COMMITTER_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
publish_docs:
name: Publish docs to Netlify
runs-on: ubuntu-latest
needs: release_please
if: ${{ needs.release_please.outputs.release_created == 'true' }}
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- name: Setup | Install dependencies
run: npm install
working-directory: docs
- name: Build | Build docs site
run: npm run build
working-directory: docs
- name: Publish
uses: netlify/actions/cli@master
with:
args: deploy --prod --dir=docs/.vuepress/dist
env:
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}