mirror of
https://github.com/Llewellynvdm/starship.git
synced 2024-12-12 14:17:45 +00:00
405 lines
14 KiB
YAML
405 lines
14 KiB
YAML
name: Release
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
env:
|
|
CARGO_INCREMENTAL: 0
|
|
CARGO_NET_RETRY: 10
|
|
RUST_BACKTRACE: short
|
|
RUSTUP_MAX_RETRIES: 10
|
|
MACOSX_DEPLOYMENT_TARGET: 10.7
|
|
|
|
jobs:
|
|
# Update release PR
|
|
release_please:
|
|
name: Release Please
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'starship/starship'
|
|
outputs:
|
|
release_created: ${{ steps.release.outputs.release_created }}
|
|
tag_name: ${{ steps.release.outputs.tag_name }}
|
|
steps:
|
|
- uses: google-github-actions/release-please-action@v4
|
|
id: release
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
release-type: rust
|
|
|
|
# Build sources for every OS
|
|
github_build:
|
|
name: Build release binaries
|
|
needs: release_please
|
|
if: ${{ needs.release_please.outputs.release_created == 'true' }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: x86_64-unknown-linux-gnu
|
|
os: ubuntu-latest
|
|
name: starship-x86_64-unknown-linux-gnu.tar.gz
|
|
|
|
- target: x86_64-unknown-linux-musl
|
|
os: ubuntu-latest
|
|
name: starship-x86_64-unknown-linux-musl.tar.gz
|
|
|
|
- target: i686-unknown-linux-musl
|
|
os: ubuntu-latest
|
|
name: starship-i686-unknown-linux-musl.tar.gz
|
|
|
|
- target: aarch64-unknown-linux-musl
|
|
os: ubuntu-latest
|
|
name: starship-aarch64-unknown-linux-musl.tar.gz
|
|
|
|
- target: arm-unknown-linux-musleabihf
|
|
os: ubuntu-latest
|
|
name: starship-arm-unknown-linux-musleabihf.tar.gz
|
|
|
|
- target: x86_64-apple-darwin
|
|
os: macOS-11
|
|
name: starship-x86_64-apple-darwin.tar.gz
|
|
|
|
- target: aarch64-apple-darwin
|
|
os: macOS-11
|
|
name: starship-aarch64-apple-darwin.tar.gz
|
|
|
|
- target: x86_64-pc-windows-msvc
|
|
os: windows-latest
|
|
name: starship-x86_64-pc-windows-msvc.zip
|
|
rustflags: -C target-feature=+crt-static
|
|
|
|
- target: i686-pc-windows-msvc
|
|
os: windows-latest
|
|
name: starship-i686-pc-windows-msvc.zip
|
|
rustflags: -C target-feature=+crt-static
|
|
|
|
- target: aarch64-pc-windows-msvc
|
|
os: windows-latest
|
|
name: starship-aarch64-pc-windows-msvc.zip
|
|
rustflags: -C target-feature=+crt-static
|
|
|
|
- target: x86_64-unknown-freebsd
|
|
os: ubuntu-latest
|
|
name: starship-x86_64-unknown-freebsd.tar.gz
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
continue-on-error: true
|
|
env:
|
|
RUSTFLAGS: ${{ matrix.rustflags || '' }}
|
|
steps:
|
|
- name: Setup | Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup | Rust
|
|
uses: dtolnay/rust-toolchain@master
|
|
with:
|
|
toolchain: stable
|
|
target: ${{ matrix.target }}
|
|
|
|
- name: Setup | Install cargo-wix [Windows]
|
|
continue-on-error: true
|
|
if: matrix.os == 'windows-latest'
|
|
run: cargo install --version 0.3.4 cargo-wix
|
|
env:
|
|
# cargo-wix does not require static crt
|
|
RUSTFLAGS: ""
|
|
|
|
- name: Setup | Install cross [Linux]
|
|
if: matrix.os == 'ubuntu-latest'
|
|
uses: taiki-e/install-action@cross
|
|
|
|
- name: Build | Build [Cargo]
|
|
if: matrix.os != 'ubuntu-latest'
|
|
run: cargo build --release --locked --target ${{ matrix.target }}
|
|
|
|
- name: Build | Build [Cross]
|
|
if: matrix.os == 'ubuntu-latest'
|
|
run: cross build --release --locked --target ${{ matrix.target }}
|
|
|
|
- name: Build | Installer [Windows]
|
|
continue-on-error: true
|
|
if: matrix.os == 'windows-latest'
|
|
run: >
|
|
cargo wix -v --no-build --nocapture -I install/windows/main.wxs
|
|
--target ${{ matrix.target }}
|
|
--output target/${{ matrix.target }}/release/starship-${{ matrix.target }}.msi
|
|
|
|
- name: Sign | Upload [Windows]
|
|
continue-on-error: true
|
|
if: matrix.os == 'windows-latest'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: unsigned-${{ matrix.name }}
|
|
path: |
|
|
target/${{ matrix.target }}/release/starship.exe
|
|
target/${{ matrix.target }}/release/starship-${{ matrix.target }}.msi
|
|
|
|
- name: Sign | Sign [Windows]
|
|
continue-on-error: true
|
|
if: matrix.os == 'windows-latest'
|
|
uses: signpath/github-action-submit-signing-request@v0.3
|
|
with:
|
|
api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
|
|
organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
|
|
project-slug: 'starship'
|
|
signing-policy-slug: 'test-signing'
|
|
github-artifact-name: 'unsigned-${{ matrix.name }}'
|
|
wait-for-completion: false
|
|
# TODO use release-signing certificate:
|
|
# signing-policy-slug: 'release-signing'
|
|
# wait-for-completion: true
|
|
# output-artifact-directory: 'target/${{ matrix.target }}/release'
|
|
|
|
- name: Post Build | Prepare artifacts [Windows]
|
|
if: matrix.os == 'windows-latest'
|
|
run: |
|
|
cd target/${{ matrix.target }}/release
|
|
7z a ../../../${{ matrix.name }} starship.exe
|
|
cd -
|
|
|
|
- name: Post Build | Prepare artifacts [-nix]
|
|
if: matrix.os != 'windows-latest'
|
|
run: |
|
|
cd target/${{ matrix.target }}/release
|
|
tar czvf ../../../${{ matrix.name }} starship
|
|
cd -
|
|
|
|
- name: Release | Upload artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ matrix.name }}
|
|
path: ${{ matrix.name }}
|
|
|
|
- name: Release | Upload installer artifacts [Windows]
|
|
continue-on-error: true
|
|
if: matrix.os == 'windows-latest'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: starship-${{ matrix.target }}.msi
|
|
path: target/${{ matrix.target }}/release/starship-${{ matrix.target }}.msi
|
|
|
|
# Notarize starship binaries for MacOS and build notarized pkg installers
|
|
notarize_and_pkgbuild:
|
|
runs-on: macos-latest
|
|
continue-on-error: true
|
|
needs: [github_build, merge_crowdin_pr]
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: x86_64-apple-darwin
|
|
arch: x86_64
|
|
name: starship-x86_64-apple-darwin.tar.gz
|
|
pkgname: starship-x86_64-apple-darwin.pkg
|
|
|
|
- target: aarch64-apple-darwin
|
|
arch: aarch64
|
|
name: starship-aarch64-apple-darwin.tar.gz
|
|
pkgname: starship-aarch64-apple-darwin.pkg
|
|
|
|
env:
|
|
KEYCHAIN_FILENAME: app-signing.keychain-db
|
|
KEYCHAIN_ENTRY: AC_PASSWORD
|
|
STARSHIP_VERSION: ${{ needs.release_please.outputs.tag_name }}
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# Required to include the recently merged Crowdin PR
|
|
ref: master
|
|
|
|
- name: Notarize | Set up secrets
|
|
env:
|
|
APP_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_APPSIGNKEY_BASE64 }}
|
|
INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_INSTALLERSIGNKEY_BASE64 }}
|
|
P12_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
|
|
KEYCHAIN_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
|
|
APPLEID_USERNAME: ${{ secrets.APPLEDEV_ID_NAME }}
|
|
APPLEID_TEAMID: ${{ secrets.APPLEDEV_TEAM_ID }}
|
|
APPLEID_PASSWORD: ${{ secrets.APPLEDEV_PASSWORD }}
|
|
run: |
|
|
APP_CERTIFICATE_PATH="$RUNNER_TEMP/app_certificate.p12"
|
|
INSTALL_CERTIFICATE_PATH="$RUNNER_TEMP/install_certificate.p12"
|
|
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
|
|
|
|
# import certificates from secrets
|
|
echo -n "$APP_CERTIFICATE_BASE64" | base64 --decode --output $APP_CERTIFICATE_PATH
|
|
echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode --output $INSTALL_CERTIFICATE_PATH
|
|
|
|
# create temporary keychain
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
|
|
# import certificates to keychain
|
|
security import $APP_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security list-keychain -d user -s $KEYCHAIN_PATH
|
|
|
|
# Add Apple Developer ID credentials to keychain
|
|
xcrun notarytool store-credentials "$KEYCHAIN_ENTRY" --team-id "$APPLEID_TEAMID" --apple-id "$APPLEID_USERNAME" --password "$APPLEID_PASSWORD" --keychain "$KEYCHAIN_PATH"
|
|
|
|
- name: Setup | Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Notarize | Build docs
|
|
run: |
|
|
cd docs
|
|
npm install
|
|
npm run build
|
|
|
|
- name: Notarize | Download artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: ${{ matrix.name }}
|
|
path: artifacts
|
|
|
|
- name: Notarize | Unpack Binaries
|
|
run: tar xf artifacts/${{ matrix.name }}
|
|
|
|
- name: Notarize | Build, Sign, and Notarize Pkg
|
|
run: bash install/macos_packages/build_and_notarize.sh starship docs ${{ matrix.arch }} ${{ matrix.pkgname }}
|
|
|
|
- name: Notarize | Upload Notarized Flat Installer
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ matrix.pkgname }}
|
|
path: ${{ matrix.pkgname }}
|
|
|
|
- name: Notarize | Package Notarized Binary
|
|
run: tar czvf ${{ matrix.name }} starship
|
|
|
|
- name: Notarize | Upload Notarized Binary
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ matrix.name }}
|
|
path: ${{ matrix.name }}
|
|
overwrite: true
|
|
|
|
- name: Cleanup Secrets
|
|
if: ${{ always() }}
|
|
run: |
|
|
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
|
|
security delete-keychain $KEYCHAIN_PATH
|
|
|
|
# Create GitHub release with Rust build targets and release notes
|
|
upload_artifacts:
|
|
name: Add Build Artifacts to Release
|
|
needs: [release_please, github_build, notarize_and_pkgbuild]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Setup | Artifacts
|
|
uses: actions/download-artifact@v4
|
|
|
|
- name: Setup | Checksums
|
|
run: for file in starship-*/starship-*; do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done
|
|
|
|
- name: Setup | Publish Release
|
|
run: gh release edit ${{ needs.release_please.outputs.tag_name }} --draft=false --repo=starship/starship
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build | Add Artifacts to Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: starship-*/starship-*
|
|
tag_name: ${{ needs.release_please.outputs.tag_name }}
|
|
|
|
# Publish starship to Crates.io
|
|
cargo_publish:
|
|
name: Publish Cargo Package
|
|
runs-on: ubuntu-latest
|
|
needs: [release_please, upload_artifacts]
|
|
if: ${{ needs.release_please.outputs.release_created == 'true' }}
|
|
steps:
|
|
- name: Setup | Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup | Rust
|
|
uses: dtolnay/rust-toolchain@stable
|
|
|
|
- name: Build | Publish
|
|
run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
|
|
|
|
update_brew_formula:
|
|
name: Update Brew Formula
|
|
runs-on: ubuntu-latest
|
|
needs: [release_please, upload_artifacts]
|
|
if: ${{ needs.release_please.outputs.release_created == 'true' }}
|
|
steps:
|
|
- uses: mislav/bump-homebrew-formula-action@v3.1
|
|
with:
|
|
formula-name: starship
|
|
tag-name: ${{ needs.release_please.outputs.tag_name }}
|
|
env:
|
|
# Used for creating the formula update PR
|
|
COMMITTER_TOKEN: ${{ secrets.GH_PAT }}
|
|
# Used for verifying the SHA256 sum of the draft release
|
|
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
|
|
|
|
winget_update:
|
|
name: Update Winget Manifest
|
|
runs-on: windows-latest
|
|
needs: [release_please, github_build, upload_artifacts]
|
|
if: ${{ needs.release_please.outputs.release_created == 'true' }}
|
|
env:
|
|
URL_64: https://github.com/starship/starship/releases/download/${{ needs.release_please.outputs.tag_name }}/starship-x86_64-pc-windows-msvc
|
|
URL_32: https://github.com/starship/starship/releases/download/${{ needs.release_please.outputs.tag_name }}/starship-i686-pc-windows-msvc
|
|
URL_ARM: https://github.com/starship/starship/releases/download/${{ needs.release_please.outputs.tag_name }}/starship-aarch64-pc-windows-msvc
|
|
steps:
|
|
# Publishing will fail if the repo is too far behind the upstream
|
|
- run: gh repo sync matchai/winget-pkgs
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
|
|
- run: |
|
|
$version = '${{ needs.release_please.outputs.tag_name }}'.replace('v', '')
|
|
iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe
|
|
./wingetcreate.exe update Starship.Starship -s -v $version `
|
|
-u ${{ env.URL_64 }}.msi ${{ env.URL_64 }}.zip `
|
|
${{ env.URL_32 }}.msi ${{ env.URL_32 }}.zip `
|
|
${{ env.URL_ARM }}.msi ${{ env.URL_ARM }}.zip `
|
|
-t ${{ secrets.GH_PAT }}
|
|
|
|
choco_update:
|
|
name: Update Chocolatey Package
|
|
runs-on: windows-latest
|
|
needs: [release_please, github_build, upload_artifacts]
|
|
if: ${{ needs.release_please.outputs.release_created == 'true' }}
|
|
steps:
|
|
- name: Setup | Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Setup | Artifacts
|
|
uses: actions/download-artifact@v4
|
|
- run: pwsh ./install/windows/choco/update.ps1
|
|
env:
|
|
STARSHIP_VERSION: ${{ needs.release_please.outputs.tag_name }}
|
|
PUSH_TOKEN: ${{ secrets.CHOCO_TOKEN }}
|
|
|
|
merge_crowdin_pr:
|
|
name: Merge Crowdin PR
|
|
runs-on: ubuntu-latest
|
|
needs: release_please
|
|
if: ${{ needs.release_please.outputs.release_created == 'true' }}
|
|
continue-on-error: true
|
|
steps:
|
|
- name: Setup | Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Merge | Merge Crowdin PR
|
|
run: gh pr merge i18n_master --squash --repo=starship/starship
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
|
|
|
|
publish_docs:
|
|
name: Trigger docs deployment
|
|
runs-on: ubuntu-latest
|
|
needs: merge_crowdin_pr
|
|
steps:
|
|
- name: Setup | Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Trigger workflow dispatch
|
|
run: gh workflow run publish-docs.yml
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|