Skip to content

Publish crate bob-nvim 4.0.2 from #1954 #34

Publish crate bob-nvim 4.0.2 from #1954

Publish crate bob-nvim 4.0.2 from #1954 #34

name: bob-nvim stable build
on:
push:
branches: [ trigger/stable ]
workflow_dispatch:
permissions:
contents: write
env:
index: https://github.com/cargo-prebuilt/index/releases/download/stable-index/
crate: bob-nvim
version: 4.0.2
dl: https://static.crates.io/crates/bob-nvim/bob-nvim-4.0.2.crate
checksum: 62d74502aa7523f1e8bf794f15e03cbb816509fac30900c336e12c34358b2234
git: https://github.com/MordechaiHadad/bob
bins: bob
file: ./crates/bob-nvim.toml
CARGO_TERM_COLOR: always
python-version: "3.12"
jobs:
setup:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Cache
uses: actions/cache@v4
id: cache
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
- name: Create Folder
if: ${{ !steps.cache.outputs.cache-hit }}
run: mkdir -p ./build
- name: Download crate and check hash
if: ${{ !steps.cache.outputs.cache-hit }}
run: |
wget ${{ env.dl }}
echo "${{ env.checksum }} ${{ env.crate }}-${{ env.version }}.crate" | sha256sum -c
tar -xf ${{ env.crate }}-${{ env.version }}.crate
mv ${{ env.crate }}-${{ env.version }}/* ./build
- name: Update Rust
if: ${{ !steps.cache.outputs.cache-hit }}
run: |
rustup update
rustc --version
- name: Generated lockfile if needed
if: ${{ !steps.cache.outputs.cache-hit }}
working-directory: ./build
run: test -f Cargo.lock || cargo +stable generate-lockfile --verbose
reports:
runs-on: ubuntu-latest
outputs:
crate-license: ${{ steps.get_toml.outputs.license }}
crate-description: ${{ steps.get_toml.outputs.description }}
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get deps and crates from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- name: Cache Advisory DB
uses: actions/cache@v4
with:
path: |
~/.cargo/advisory-db
key: stable-advisory-db
- name: Update Rust
run: |
rustup update
rustc --version
- uses: cargo-prebuilt/cargo-prebuilt-action@v4
with:
prebuilt-verify: minisign
pkgs: cargo-audit
- name: Get license and desc
id: get_toml
working-directory: ./build
run: |
echo "license=$(python ../scripts/crate-info.py 'license')" >> $GITHUB_OUTPUT
{
echo 'description<<EOF'
python ../scripts/crate-info.py 'description'
echo EOF
} >> $GITHUB_OUTPUT
- name: Generate license report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../license.report && echo "Crates.io license metadata: ${{ steps.get_toml.outputs.license }}" >> ../license.report
echo "Found license texts:" >> ../license.report
tail -n +1 *LICENSE* >> ../license.report || true
tail -n +1 *license* >> ../license.report || true
tail -n +1 *License* >> ../license.report || true
- name: Generate deps report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../deps.report && cargo +stable tree --verbose --locked -e normal,build >> ../deps.report
- name: Generate audit report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../audit.report && cargo audit >> ../audit.report || true
- name: Output reports
run: |
echo "### License:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat license.report >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "### Deps:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat deps.report >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "### Audit:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat audit.report >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
- name: Store reports
uses: actions/upload-artifact@v4
with:
name: reports
retention-days: 1
path: "*.report"
t1-cross:
strategy:
fail-fast: false
matrix:
target: [ x86_64-unknown-linux-gnu, x86_64-unknown-linux-musl, aarch64-unknown-linux-gnu, aarch64-unknown-linux-musl ]
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}"
- name: Build with ink cross
run: |
docker run --rm \
--userns host --user $(id -u):$(id -g) \
-v $HOME/.cargo/registry:/usr/local/cargo/registry \
-v ./build:/project \
ghcr.io/cargo-prebuilt/ink-cross:stable-${{ matrix.target }} \
auditable build --verbose --release --locked --target ${{ matrix.target }}
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t1-apple-darwin:
strategy:
fail-fast: false
matrix:
target: [ x86_64-apple-darwin, aarch64-apple-darwin ]
runs-on: macos-14
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}"
- name: Update Rust and Add Target
run: |
rustup update
rustc --version
rustup target add ${{ matrix.target }}
- uses: cargo-prebuilt/cargo-prebuilt-action@v4
with:
prebuilt-verify: minisign
pkgs: cargo-auditable
- name: Build crate
working-directory: ./build
run: cargo +stable auditable build --verbose --release --locked --target ${{ matrix.target }}
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t2-cross:
if: true
strategy:
fail-fast: false
matrix:
target: [ riscv64gc-unknown-linux-gnu,s390x-unknown-linux-gnu,powerpc64le-unknown-linux-gnu,armv7-unknown-linux-gnueabihf,armv7-unknown-linux-musleabihf ]
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}"
- name: Build with ink cross
run: |
docker run --rm \
--userns host --user $(id -u):$(id -g) \
-v $HOME/.cargo/registry:/usr/local/cargo/registry \
-v ./build:/project \
ghcr.io/cargo-prebuilt/ink-cross:stable-${{ matrix.target }} \
auditable build --verbose --release --locked --target ${{ matrix.target }}
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t2-pc-windows-msvc:
if: true
strategy:
fail-fast: false
matrix:
target: [ x86_64-pc-windows-msvc,aarch64-pc-windows-msvc ]
runs-on: windows-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}"
- name: Update Rust and Add Target
run: |
rustup update
rustc --version
rustup target add ${{ matrix.target }}
- uses: cargo-prebuilt/cargo-prebuilt-action@v4
with:
prebuilt-verify: minisign
pkgs: cargo-auditable
- name: Build crate
working-directory: ./build
run: cargo +stable auditable build --verbose --release --locked --target ${{ matrix.target }}
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t3-cross:
if: true
strategy:
fail-fast: false
matrix:
target: [ powerpc64-unknown-linux-gnu ]
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}"
- name: Build with ink cross
run: |
docker run --rm \
--userns host --user $(id -u):$(id -g) \
-v $HOME/.cargo/registry:/usr/local/cargo/registry \
-v ./build:/project \
ghcr.io/cargo-prebuilt/ink-cross:stable-${{ matrix.target }} \
auditable build --verbose --release --locked --target ${{ matrix.target }}
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
push-index:
if: ${{ always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && !contains(needs.t1-cross.result, 'failure') && !contains(needs.t1-apple-darwin.result, 'failure') && !contains(needs.t2-cross.result, 'failure') && !contains(needs.t2-pc-windows-msvc.result, 'failure') }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Rust Version Guess
run: |
rustup update
echo "rustc_version=$(rustc --version)" >> $GITHUB_ENV
- uses: actions/download-artifact@v4
- name: DBG - List Structure
run: ls -R
- name: Merge hashes
shell: bash
run: |
set -euxo pipefail
echo -n "" > hashes.sha256
for D in target-*; do
if [ -d "${D}" ]; then
echo "${D}"
pushd "${D}"
echo "$(cat *.hashes.json | jq --raw-output '.archive[] | select(.type | test("sha256")) | .hash') " *.tar.gz >> ../hashes.sha256
popd
fi
done
- name: Create info.json and hashes.json
run: python ./scripts/info.py '${{ env.file }}' '${{ env.version }}' '${{ needs.reports.outputs.crate-license }}' '${{ needs.reports.outputs.crate-description }}' '${{ env.rustc_version }}'
- name: Sign info.json and hashes.json
if: ${{ true }}
run: |
set -euxo pipefail
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew install minisign
echo -n "$SIGNING_KEY" | base64 --decode > ~/.minisign_secret.key
minisign -S -s ~/.minisign_secret.key -m info.json
minisign -S -s ~/.minisign_secret.key -m hashes.json
minisign -V -p ./keys/cargo-prebuilt-index.pub -m info.json
minisign -V -p ./keys/cargo-prebuilt-index.pub -m hashes.json
rm -f ~/.minisign_secret.key
env:
SIGNING_KEY: ${{ secrets.MINISIGN_SIGNING_KEY }}
- name: Artifact
if: ${{ !true }}
uses: actions/upload-artifact@v4
with:
name: final
retention-days: 1
path: |
info.json
hashes.json
hashes.sha256
reports/*.report
target-*/*.tar.gz
target-*/*.hashes.json
- name: Create and push artifacts to release
uses: ncipollo/release-action@v1
if: ${{ true }}
with:
tag: ${{ env.crate }}-${{ env.version }}
name: ${{ env.crate }}-${{ env.version }}
allowUpdates: true
prerelease: true
artifacts: "reports/*.report,target-*/*.tar.gz,hashes.sha256,*.minisig,hashes.json,info.json"
body: ""
- name: Create index file
if: ${{ true }}
run: echo "${{ env.version }}" > ${{ env.crate }}
- name: Push to index
uses: ncipollo/release-action@v1
if: ${{ true }}
with:
tag: stable-index
allowUpdates: true
makeLatest: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "${{ env.crate }}"
banned-index:
if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && (contains(needs.t1-cross.result, 'failure') || contains(needs.t1-apple-darwin.result, 'failure') || contains(needs.t2-cross.result, 'failure') || contains(needs.t2-pc-windows-msvc.result, 'failure')) }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
steps:
- uses: actions/checkout@v4
- name: Create index file
run: echo "${{ env.version }}" > ${{ env.crate }}
- name: Push to index
uses: ncipollo/release-action@v1
with:
tag: banned-index
allowUpdates: true
makeLatest: false
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "${{ env.crate }}"
track-index:
if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && contains(needs.*.result, 'failure') }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
steps:
- uses: actions/checkout@v4
- name: Create index file
run: echo "${{ env.version }}" > ${{ env.crate }}
- name: Push to index
uses: ncipollo/release-action@v1
with:
tag: track-index
allowUpdates: true
makeLatest: false
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "${{ env.crate }}"