Upgrade CI toolchain #556
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Quick check crates | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
release: | |
types: [ published ] | |
env: | |
version: ${{ github.event.release.tag_name || github.sha }} | |
rust: 1.77.2 # same as nixos 23.11 | |
jobs: | |
security_audit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
- uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
build: | |
env: | |
clippy_args: --locked --target ${{ matrix.target }} ${{ matrix.packages }} | |
build_args: --locked --release --target ${{ matrix.target }} ${{ matrix.packages }} | |
target_path: target/${{ matrix.target }}/release/0s${{ matrix.os == 'windows-latest' && '.exe' || '' }} | |
asset_name: 0s-${{ github.event.release.tag_name || github.sha }}-${{ matrix.target }}${{ matrix.os == 'windows-latest' && '.exe' || '' }} | |
strategy: | |
matrix: | |
name: [ | |
macos, | |
macos-m1, | |
windows | |
] | |
include: | |
- name: macos | |
os: macos-latest | |
target: x86_64-apple-darwin | |
cross: false | |
packages: -p zerostash -p zerostash-files | |
- name: macos-m1 | |
os: macos-latest | |
target: aarch64-apple-darwin | |
cross: true | |
packages: -p zerostash -p zerostash-files | |
skip_tests: true | |
- name: windows | |
os: windows-latest | |
target: x86_64-pc-windows-msvc | |
cross: false | |
packages: -p zerostash -p zerostash-files | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
- uses: Swatinem/rust-cache@2656b87321093db1cb55fbd73183d195214fdfd1 | |
- uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f | |
with: | |
toolchain: ${{ env.rust }} | |
target: ${{ matrix.target }} | |
override: true | |
profile: minimal | |
components: clippy | |
- uses: actions-rs/clippy-check@b5b5f21f4797c02da247df37026fcd0a5024aa4d | |
if: matrix.skip_clippy != true | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: ${{ env.clippy_args }} | |
- name: Test | |
if: matrix.skip_tests != true | |
uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b | |
with: | |
use-cross: ${{ matrix.cross }} | |
args: ${{ env.build_args }} | |
command: test | |
- name: Build | |
id: build | |
uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b | |
with: | |
use-cross: ${{ matrix.cross }} | |
args: ${{ env.build_args }} | |
command: build | |
- name: Upload binaries | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
with: | |
name: ${{ env.asset_name }} | |
path: ${{ env.target_path }} | |
linux: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
- uses: cachix/install-nix-action@4b933aa7ebcc94a6174cf1364864e957b4910265 | |
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f | |
with: | |
name: symmetree-labs | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f | |
with: | |
toolchain: ${{ env.rust }} | |
override: true | |
components: clippy | |
- run: sudo apt-get update && sudo apt-get install -y libfuse3-dev | |
- uses: actions-rs/clippy-check@b5b5f21f4797c02da247df37026fcd0a5024aa4d | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- id: build | |
run: | | |
path=$(nix build --json .#zerostash-static | jq -r .[].outputs.out)/bin/0s | |
echo bin_path=$path >> "$GITHUB_OUTPUT" | |
- name: Upload binaries | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
with: | |
name: 0s-${{ github.event.release.tag_name || github.sha }}-x86_64-linux | |
path: ${{ steps.build.outputs.bin_path }} | |
release: | |
runs-on: ubuntu-latest | |
needs: [build, linux, security_audit] | |
if: github.event_name == 'release' && github.event.action == 'published' | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
path: bin | |
- name: Package artifacts | |
run: | | |
set -e | |
cd bin | |
for dir in 0s-*-linux 0s-*-darwin; do | |
(cd $dir; | |
echo $dir | |
tar czf $dir.tar.gz 0s; | |
sha256sum $dir.tar.gz | |
) | |
done | |
- name: Attach binaries to release | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 | |
with: | |
script: | | |
const fs = require('fs/promises'); | |
const path = require('path'); | |
const {owner, repo} = context.repo; | |
const release_id = context.payload.release.id; | |
const artifacts = await fs.readdir('bin/'); | |
for (dir of artifacts) { | |
const files = await fs.readdir(`bin/${dir}`); | |
for (file of files) { | |
if (file === '0s') { | |
continue; | |
} | |
var file_name = file; | |
if (file === '0s.exe') { | |
file_name = `${dir}.exe`; | |
} | |
console.log(`Uploading ${dir}/${file} as ${file_name} for release ${release_id}`); | |
await github.rest.repos.uploadReleaseAsset({ | |
owner, | |
repo, | |
release_id, | |
name: file_name, | |
data: await fs.readFile(`bin/${dir}/${file}`), | |
}); | |
// only upload the first file | |
// there shouldn't be more anyway | |
break; | |
} | |
} |