name: Release on: push: branches: - master env: CARGO_INCREMENTAL: 0 CARGO_NET_RETRY: 10 RUST_BACKTRACE: short RUSTUP_MAX_RETRIES: 10 MACOSX_DEPLOYMENT_TARGET: 10.7 jobs: # Update release PR release_please: name: Release Please runs-on: ubuntu-latest if: github.repository == 'starship/starship' outputs: release_created: ${{ steps.release.outputs.release_created }} tag_name: ${{ steps.release.outputs.tag_name }} steps: - uses: google-github-actions/release-please-action@v4 id: release with: token: ${{ secrets.GITHUB_TOKEN }} release-type: rust # Build sources for every OS github_build: name: Build release binaries needs: release_please if: ${{ needs.release_please.outputs.release_created == 'true' }} strategy: fail-fast: false matrix: include: - target: x86_64-unknown-linux-gnu os: ubuntu-latest name: starship-x86_64-unknown-linux-gnu.tar.gz - target: x86_64-unknown-linux-musl os: ubuntu-latest name: starship-x86_64-unknown-linux-musl.tar.gz - target: i686-unknown-linux-musl os: ubuntu-latest name: starship-i686-unknown-linux-musl.tar.gz - target: aarch64-unknown-linux-musl os: ubuntu-latest name: starship-aarch64-unknown-linux-musl.tar.gz - target: arm-unknown-linux-musleabihf os: ubuntu-latest name: starship-arm-unknown-linux-musleabihf.tar.gz - target: x86_64-apple-darwin os: macOS-11 name: starship-x86_64-apple-darwin.tar.gz - target: aarch64-apple-darwin os: macOS-11 name: starship-aarch64-apple-darwin.tar.gz - target: x86_64-pc-windows-msvc os: windows-latest name: starship-x86_64-pc-windows-msvc.zip rustflags: -C target-feature=+crt-static - target: i686-pc-windows-msvc os: windows-latest name: starship-i686-pc-windows-msvc.zip rustflags: -C target-feature=+crt-static - target: aarch64-pc-windows-msvc os: windows-latest name: starship-aarch64-pc-windows-msvc.zip rustflags: -C target-feature=+crt-static - target: x86_64-unknown-freebsd os: ubuntu-latest name: starship-x86_64-unknown-freebsd.tar.gz runs-on: ${{ matrix.os }} continue-on-error: true env: RUSTFLAGS: ${{ matrix.rustflags || '' }} steps: - name: Setup | Checkout uses: actions/checkout@v4 - name: Setup | Rust uses: dtolnay/rust-toolchain@master with: toolchain: stable target: ${{ matrix.target }} - name: Setup | Install cargo-wix [Windows] continue-on-error: true if: matrix.os == 'windows-latest' run: cargo install --version 0.3.4 cargo-wix env: # cargo-wix does not require static crt RUSTFLAGS: "" - name: Setup | Install cross [Linux] if: matrix.os == 'ubuntu-latest' uses: taiki-e/install-action@cross - name: Build | Build [Cargo] if: matrix.os != 'ubuntu-latest' run: cargo build --release --locked --target ${{ matrix.target }} - name: Build | Build [Cross] if: matrix.os == 'ubuntu-latest' run: cross build --release --locked --target ${{ matrix.target }} - name: Build | Installer [Windows] continue-on-error: true if: matrix.os == 'windows-latest' run: > cargo wix -v --no-build --nocapture -I install/windows/main.wxs --target ${{ matrix.target }} --output target/${{ matrix.target }}/release/starship-${{ matrix.target }}.msi - name: Sign | Upload [Windows] continue-on-error: true if: matrix.os == 'windows-latest' uses: actions/upload-artifact@v4 with: name: unsigned-${{ matrix.name }} path: | target/${{ matrix.target }}/release/starship.exe target/${{ matrix.target }}/release/starship-${{ matrix.target }}.msi - name: Sign | Sign [Windows] continue-on-error: true if: matrix.os == 'windows-latest' uses: signpath/github-action-submit-signing-request@v0.3 with: api-token: '${{ secrets.SIGNPATH_API_TOKEN }}' organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}' project-slug: 'starship' signing-policy-slug: 'test-signing' github-artifact-name: 'unsigned-${{ matrix.name }}' wait-for-completion: false # TODO use release-signing certificate: # signing-policy-slug: 'release-signing' # wait-for-completion: true # output-artifact-directory: 'target/${{ matrix.target }}/release' - name: Post Build | Prepare artifacts [Windows] if: matrix.os == 'windows-latest' run: | cd target/${{ matrix.target }}/release 7z a ../../../${{ matrix.name }} starship.exe cd - - name: Post Build | Prepare artifacts [-nix] if: matrix.os != 'windows-latest' run: | cd target/${{ matrix.target }}/release tar czvf ../../../${{ matrix.name }} starship cd - - name: Release | Upload artifacts uses: actions/upload-artifact@v4 with: name: ${{ matrix.name }} path: ${{ matrix.name }} - name: Release | Upload installer artifacts [Windows] continue-on-error: true if: matrix.os == 'windows-latest' uses: actions/upload-artifact@v4 with: name: starship-${{ matrix.target }}.msi path: target/${{ matrix.target }}/release/starship-${{ matrix.target }}.msi # Notarize starship binaries for MacOS and build notarized pkg installers notarize_and_pkgbuild: runs-on: macos-latest continue-on-error: true needs: [github_build, merge_crowdin_pr] strategy: fail-fast: false matrix: include: - target: x86_64-apple-darwin arch: x86_64 name: starship-x86_64-apple-darwin.tar.gz pkgname: starship-x86_64-apple-darwin.pkg - target: aarch64-apple-darwin arch: aarch64 name: starship-aarch64-apple-darwin.tar.gz pkgname: starship-aarch64-apple-darwin.pkg env: KEYCHAIN_FILENAME: app-signing.keychain-db KEYCHAIN_ENTRY: AC_PASSWORD STARSHIP_VERSION: ${{ needs.release_please.outputs.tag_name }} steps: - name: Checkout repository uses: actions/checkout@v4 with: # Required to include the recently merged Crowdin PR ref: master - name: Notarize | Set up secrets env: APP_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_APPSIGNKEY_BASE64 }} INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_INSTALLERSIGNKEY_BASE64 }} P12_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }} KEYCHAIN_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }} APPLEID_USERNAME: ${{ secrets.APPLEDEV_ID_NAME }} APPLEID_TEAMID: ${{ secrets.APPLEDEV_TEAM_ID }} APPLEID_PASSWORD: ${{ secrets.APPLEDEV_PASSWORD }} run: | APP_CERTIFICATE_PATH="$RUNNER_TEMP/app_certificate.p12" INSTALL_CERTIFICATE_PATH="$RUNNER_TEMP/install_certificate.p12" KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME" # import certificates from secrets echo -n "$APP_CERTIFICATE_BASE64" | base64 --decode --output $APP_CERTIFICATE_PATH echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode --output $INSTALL_CERTIFICATE_PATH # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" # import certificates to keychain security import $APP_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH # Add Apple Developer ID credentials to keychain xcrun notarytool store-credentials "$KEYCHAIN_ENTRY" --team-id "$APPLEID_TEAMID" --apple-id "$APPLEID_USERNAME" --password "$APPLEID_PASSWORD" --keychain "$KEYCHAIN_PATH" - name: Setup | Node uses: actions/setup-node@v4 with: node-version: 20 - name: Notarize | Build docs run: | cd docs npm install npm run build - name: Notarize | Download artifacts uses: actions/download-artifact@v4 with: name: ${{ matrix.name }} path: artifacts - name: Notarize | Unpack Binaries run: tar xf artifacts/${{ matrix.name }} - name: Notarize | Build, Sign, and Notarize Pkg run: bash install/macos_packages/build_and_notarize.sh starship docs ${{ matrix.arch }} ${{ matrix.pkgname }} - name: Notarize | Upload Notarized Flat Installer uses: actions/upload-artifact@v4 with: name: ${{ matrix.pkgname }} path: ${{ matrix.pkgname }} - name: Notarize | Package Notarized Binary run: tar czvf ${{ matrix.name }} starship - name: Notarize | Upload Notarized Binary uses: actions/upload-artifact@v4 with: name: ${{ matrix.name }} path: ${{ matrix.name }} overwrite: true - name: Cleanup Secrets if: ${{ always() }} run: | KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME" security delete-keychain $KEYCHAIN_PATH # Create GitHub release with Rust build targets and release notes upload_artifacts: name: Add Build Artifacts to Release needs: [release_please, github_build, notarize_and_pkgbuild] runs-on: ubuntu-latest steps: - name: Setup | Artifacts uses: actions/download-artifact@v4 - name: Setup | Checksums run: for file in starship-*/starship-*; do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done - name: Setup | Publish Release run: gh release edit ${{ needs.release_please.outputs.tag_name }} --draft=false --repo=starship/starship env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Build | Add Artifacts to Release uses: softprops/action-gh-release@v2 with: files: starship-*/starship-* tag_name: ${{ needs.release_please.outputs.tag_name }} # Publish starship to Crates.io cargo_publish: name: Publish Cargo Package runs-on: ubuntu-latest needs: [release_please, upload_artifacts] if: ${{ needs.release_please.outputs.release_created == 'true' }} steps: - name: Setup | Checkout uses: actions/checkout@v4 - name: Setup | Rust uses: dtolnay/rust-toolchain@stable - name: Build | Publish run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }} update_brew_formula: name: Update Brew Formula runs-on: ubuntu-latest needs: [release_please, upload_artifacts] if: ${{ needs.release_please.outputs.release_created == 'true' }} steps: - uses: mislav/bump-homebrew-formula-action@v3.1 with: formula-name: starship tag-name: ${{ needs.release_please.outputs.tag_name }} env: # Used for creating the formula update PR COMMITTER_TOKEN: ${{ secrets.GH_PAT }} # Used for verifying the SHA256 sum of the draft release GITHUB_TOKEN: ${{ secrets.GH_PAT }} winget_update: name: Update Winget Manifest runs-on: windows-latest needs: [release_please, github_build, upload_artifacts] if: ${{ needs.release_please.outputs.release_created == 'true' }} env: URL_64: https://github.com/starship/starship/releases/download/${{ needs.release_please.outputs.tag_name }}/starship-x86_64-pc-windows-msvc URL_32: https://github.com/starship/starship/releases/download/${{ needs.release_please.outputs.tag_name }}/starship-i686-pc-windows-msvc URL_ARM: https://github.com/starship/starship/releases/download/${{ needs.release_please.outputs.tag_name }}/starship-aarch64-pc-windows-msvc steps: # Publishing will fail if the repo is too far behind the upstream - run: gh repo sync matchai/winget-pkgs env: GITHUB_TOKEN: ${{ secrets.GH_PAT }} - run: | $version = '${{ needs.release_please.outputs.tag_name }}'.replace('v', '') iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe ./wingetcreate.exe update Starship.Starship -s -v $version ` -u ${{ env.URL_64 }}.msi ${{ env.URL_64 }}.zip ` ${{ env.URL_32 }}.msi ${{ env.URL_32 }}.zip ` ${{ env.URL_ARM }}.msi ${{ env.URL_ARM }}.zip ` -t ${{ secrets.GH_PAT }} choco_update: name: Update Chocolatey Package runs-on: windows-latest needs: [release_please, github_build, upload_artifacts] if: ${{ needs.release_please.outputs.release_created == 'true' }} steps: - name: Setup | Checkout uses: actions/checkout@v4 - name: Setup | Artifacts uses: actions/download-artifact@v4 - run: pwsh ./install/windows/choco/update.ps1 env: STARSHIP_VERSION: ${{ needs.release_please.outputs.tag_name }} PUSH_TOKEN: ${{ secrets.CHOCO_TOKEN }} merge_crowdin_pr: name: Merge Crowdin PR runs-on: ubuntu-latest needs: release_please if: ${{ needs.release_please.outputs.release_created == 'true' }} continue-on-error: true steps: - name: Setup | Checkout uses: actions/checkout@v4 - name: Merge | Merge Crowdin PR run: gh pr merge i18n_master --squash --repo=starship/starship env: GITHUB_TOKEN: ${{ secrets.GH_PAT }} publish_docs: name: Trigger docs deployment runs-on: ubuntu-latest needs: merge_crowdin_pr steps: - name: Setup | Checkout uses: actions/checkout@v4 - name: Trigger workflow dispatch run: gh workflow run publish-docs.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}