-
Notifications
You must be signed in to change notification settings - Fork 17
148 lines (142 loc) · 4.83 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
on:
push:
tags-ignore:
- "**"
branches:
- main
pull_request:
# ignore gh-pages
name: main
permissions: write-all
jobs:
build-test:
strategy:
matrix:
runs-on: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Run `nixci build`
run: |
nix run nixpkgs#nixci -- \
--extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \
-v \
build
- name: Collect artifacts
id: collect-artifacts
run: |
ALL=$(nix eval --raw '.#all.outPath')/bin/*
echo ::set-output name=all::$ALL
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.runs-on }}
path: ${{steps.collect-artifacts.outputs.all}}
docs:
needs: [build-test]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- uses: DeterminateSystems/nix-installer-action@v16
- uses: DeterminateSystems/magic-nix-cache-action@v8
- name: Run Zola
run: |
nix develop --command zola build
cp ./static/pages/* public
working-directory: docs
- uses: peaceiris/actions-gh-pages@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs/public
force_orphan: true
crates-publish:
name: Publish to crates.io
needs: [build-test]
if: github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'release:')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
- uses: katyo/publish-crates@v2
continue-on-error: true
with:
registry-token: ${{ secrets.CRATES_IO_TOKEN }}
args: --no-verify
fh-publish:
name: Publish to FlakeHub
needs: [build-test]
if: github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'release:')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/flakehub-push@main
with:
visibility: public
gh-publish:
name: Publish to Github
needs: [build-test]
if: github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'release:')
strategy:
matrix:
runs-on: [ubuntu-latest, macos-latest]
target:
[
clang-tidy-sarif,
clippy-sarif,
hadolint-sarif,
shellcheck-sarif,
sarif-fmt,
]
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: Swatinem/rust-cache@v2
- uses: DeterminateSystems/nix-installer-action@v16
- uses: DeterminateSystems/magic-nix-cache-action@v8
- uses: actions-rs/cargo@v1
with:
command: build
args: --release --bin ${{ matrix.target }}
- name: targets
id: targets
run: |
TARGET_TRIPLE=$(rustc --version --verbose | grep host | awk '{print $2}')
echo ::set-output name=target_triple::$TARGET_TRIPLE
TARGET_VERSION=$(./target/release/${{ matrix.target }} --version | awk '{print $2}')
echo ::set-output name=target_version::$TARGET_VERSION
TARGET_BINARY=./target/release/${{ matrix.target }}-${TARGET_TRIPLE}
mv ./target/release/${{ matrix.target }} ${TARGET_BINARY}
echo ::set-output name=target_binary::$TARGET_BINARY
- name: changelog
id: changelog
run: |
nix develop --command git-cliff -c ${{ matrix.target }}/cliff.toml --unreleased --tag ${{ matrix.target }}-v${{steps.targets.outputs.target_version}} --output CHANGELOG.md
- name: latest
continue-on-error: true
run: |
git push --delete origin ${{ matrix.target }}-latest
- uses: ncipollo/release-action@v1
with:
artifacts: ${{steps.targets.outputs.target_binary}}
bodyFile: CHANGELOG.md
token: ${{ secrets.GITHUB_TOKEN }}
allowUpdates: true
tag: ${{ matrix.target }}-v${{steps.targets.outputs.target_version}}
name: ${{ matrix.target }} ${{steps.targets.outputs.target_version}}
- uses: ncipollo/release-action@v1
with:
artifacts: ${{steps.targets.outputs.target_binary}}
bodyFile: CHANGELOG.md
token: ${{ secrets.GITHUB_TOKEN }}
allowUpdates: true
tag: ${{ matrix.target }}-latest
name: ${{ matrix.target }} latest
replacesArtifacts: true
makeLatest: true