Skip to content

Publish from #1147

Publish from #1147 #23

Workflow file for this run

name: cargo stable build
on:
push:
branches: [ trigger/stable ]
workflow_dispatch:
env:
index: https://github.com/cargo-prebuilt/index/releases/download/stable-index/
crate: cargo
version: 0.74.0
license: MIT OR Apache-2.0
description: '{"description": "Cargo, a package manager for Rust.\n"}'
dl: https://static.crates.io/crates/cargo/cargo-0.74.0.crate
checksum: 244574fb9c19dfe9b9d11cd6398f718aca7d11fb4f0d46f22cd867876a6c4c56
git: https://github.com/rust-lang/cargo
bins: cargo
file: ./crates/cargo.toml
CARGO_TERM_COLOR: always
jobs:
setup:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Cache
uses: actions/cache@v3
id: cache
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
- name: Create Folder
if: ${{ !steps.cache.outputs.cache-hit }}
run: mkdir -p ./build
- name: Download crate and check hash
if: ${{ !steps.cache.outputs.cache-hit }}
run: |
wget ${{ env.dl }}
echo "${{ env.checksum }} ${{ env.crate }}-${{ env.version }}.crate" | sha256sum -c
tar -xf ${{ env.crate }}-${{ env.version }}.crate
mv ${{ env.crate }}-${{ env.version }}/* ./build
- name: Update Rust
if: ${{ !steps.cache.outputs.cache-hit }}
run: |
rustup update
rustc --version
- name: Generated lockfile if needed
if: ${{ !steps.cache.outputs.cache-hit }}
working-directory: ./build
run: test -f Cargo.lock || cargo +stable generate-lockfile --verbose
reports:
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- name: Get deps and crates from cache
uses: actions/cache@v3
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- name: Cache Advisory DB
uses: actions/cache@v3
with:
path: |
~/.cargo/advisory-db
key: stable-advisory-db
- name: Update Rust
run: |
rustup update
rustc --version
- uses: cargo-prebuilt/cargo-prebuilt-action@v3
with:
pkgs: cargo-audit
- name: Generate license report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../license.report && echo "Crates.io license metadata: ${{ env.license }}" >> ../license.report
echo "Found license texts:" >> ../license.report
tail -n +1 *LICENSE* >> ../license.report || true
tail -n +1 *license* >> ../license.report || true
tail -n +1 *License* >> ../license.report || true
- name: Generate deps report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../deps.report && cargo +stable tree --verbose --locked -e normal,build >> ../deps.report
- name: Generate audit report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../audit.report && cargo audit >> ../audit.report || true
- name: Output reports
run: |
echo "### License:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat license.report >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "### Deps:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat deps.report >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "### Audit:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
cat audit.report >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
- name: Store reports
uses: actions/upload-artifact@v3
with:
name: reports
path: "*.report"
t1-cross:
strategy:
fail-fast: false
matrix:
target: [ x86_64-unknown-linux-gnu, x86_64-unknown-linux-musl, aarch64-unknown-linux-gnu, aarch64-unknown-linux-musl ]
env:
CROSS_CONFIG: ../Cross.toml
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Get crate from cache
uses: actions/cache@v3
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
- name: Update Rust
run: |
rustup update
rustc --version
- uses: cargo-prebuilt/cargo-prebuilt-action@v3
with:
pkgs: cross
- name: Build crate
working-directory: ./build
run: cross +stable build --verbose --release --locked --target ${{ matrix.target }} --features 'vendored-openssl'
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v3
with:
name: target-${{ matrix.target }}
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t1-apple-darwin:
strategy:
fail-fast: false
matrix:
target: [ x86_64-apple-darwin, aarch64-apple-darwin ]
runs-on: macos-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Get crate from cache
uses: actions/cache@v3
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
- name: Update Rust and Add Target
run: |
rustup update
rustc --version
rustup target add ${{ matrix.target }}
- uses: cargo-prebuilt/cargo-prebuilt-action@v3
with:
pkgs: cargo-auditable
- name: Build crate
working-directory: ./build
run: cargo +stable auditable build --verbose --release --locked --target ${{ matrix.target }} --features 'vendored-openssl'
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v3
with:
name: target-${{ matrix.target }}
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t2-cross:
if: true
strategy:
fail-fast: false
matrix:
target: [ riscv64gc-unknown-linux-gnu,s390x-unknown-linux-gnu,armv7-unknown-linux-gnueabihf,armv7-unknown-linux-musleabihf ]
env:
CROSS_CONFIG: ../Cross.toml
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Get crate from cache
uses: actions/cache@v3
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
- name: Update Rust
run: |
rustup update
rustc --version
- uses: cargo-prebuilt/cargo-prebuilt-action@v3
with:
pkgs: cross
- name: Build crate
working-directory: ./build
run: cross +stable build --verbose --release --locked --target ${{ matrix.target }} --features 'vendored-openssl'
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v3
with:
name: target-${{ matrix.target }}
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t2-pc-windows-msvc:
if: true
strategy:
fail-fast: false
matrix:
target: [ x86_64-pc-windows-msvc ]
runs-on: windows-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Get crate from cache
uses: actions/cache@v3
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
- name: Update Rust and Add Target
run: |
rustup update
rustc --version
rustup target add ${{ matrix.target }}
- uses: cargo-prebuilt/cargo-prebuilt-action@v3
with:
pkgs: cargo-auditable
- name: Build crate
working-directory: ./build
run: cargo +stable auditable build --verbose --release --locked --target ${{ matrix.target }} --features 'vendored-openssl'
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v3
with:
name: target-${{ matrix.target }}
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t3-cross:
if: true
strategy:
fail-fast: false
matrix:
target: [ x86_64-unknown-freebsd,x86_64-unknown-netbsd,powerpc64-unknown-linux-gnu,powerpc64le-unknown-linux-gnu ]
env:
CROSS_CONFIG: ../Cross.toml
runs-on: ubuntu-latest
needs: [ setup ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Get crate from cache
uses: actions/cache@v3
with:
path: |
build
key: ${{ env.crate }}-${{ env.version }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
- name: Update Rust
run: |
rustup update
rustc --version
- uses: cargo-prebuilt/cargo-prebuilt-action@v3
with:
pkgs: cross
- name: Build crate
working-directory: ./build
run: cross +stable build --verbose --release --locked --target ${{ matrix.target }} --features 'vendored-openssl'
- name: Collect
run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }}
- name: Artifact
uses: actions/upload-artifact@v3
with:
name: target-${{ matrix.target }}
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
push-index:
if: ${{ always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && !contains(needs.t1-cross.result, 'failure') && !contains(needs.t1-apple-darwin.result, 'failure') && !contains(needs.t2-cross.result, 'failure') && !contains(needs.t2-pc-windows-msvc.result, 'failure') }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- name: Rust Version Guess
run: |
rustup update
echo "rustc_version=$(rustc --version)" >> $GITHUB_ENV
- uses: actions/download-artifact@v3
- name: DBG - List Structure
run: ls -R
- name: Merge hashes
shell: bash
run: |
echo -n "" > hashes.sha256
for D in target-*; do
if [ -d "${D}" ]; then
echo "${D}"
pushd "${D}"
echo "$(cat *.hashes.json | jq --raw-output '.archive[] | select(.type | test("sha256")) | .hash') " *.tar.gz >> ../hashes.sha256
popd
fi
done
- name: Create info.json and hashes.json
run: python ./scripts/info.py '${{ env.file }}' '${{ env.version }}' '${{ env.license }}' '${{ env.description }}' '${{ env.rustc_version }}'
- name: Sign info.json and hashes.json
if: ${{ true }}
run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew install minisign
echo -n "$SIGNING_KEY" | base64 --decode > ~/.minisign_secret.key
minisign -S -s ~/.minisign_secret.key -m info.json
minisign -S -s ~/.minisign_secret.key -m hashes.json
minisign -V -p ./keys/cargo-prebuilt-index.pub -m info.json
minisign -V -p ./keys/cargo-prebuilt-index.pub -m hashes.json
rm -f ~/.minisign_secret.key
env:
SIGNING_KEY: ${{ secrets.MINISIGN_SIGNING_KEY }}
- name: Artifact
if: ${{ !true }}
uses: actions/upload-artifact@v3
with:
name: final
path: |
info.json
hashes.json
hashes.sha256
reports/*.report
target-*/*.tar.gz
target-*/*.hashes.json
- name: Create and push artifacts to release
uses: ncipollo/release-action@v1
if: ${{ true }}
with:
tag: ${{ env.crate }}-${{ env.version }}
name: ${{ env.crate }}-${{ env.version }}
allowUpdates: true
prerelease: true
artifacts: "reports/*.report,target-*/*.tar.gz,hashes.sha256,*.minisig,hashes.json,info.json"
body: ""
- name: Create index file
if: ${{ true }}
run: echo "${{ env.version }}" > ${{ env.crate }}
- name: Push to index
uses: svenstaro/upload-release-action@2.7.0
if: ${{ true }}
with:
tag: stable-index
overwrite: true
make_latest: true
file: ${{ env.crate }}
banned-index:
if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && (contains(needs.t1-cross.result, 'failure') || contains(needs.t1-apple-darwin.result, 'failure') || contains(needs.t2-cross.result, 'failure') || contains(needs.t2-pc-windows-msvc.result, 'failure')) }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
steps:
- uses: actions/checkout@v4
- name: Create index file
run: echo "${{ env.version }}" > ${{ env.crate }}
- name: Push to index
uses: svenstaro/upload-release-action@2.7.0
with:
tag: banned-index
make_latest: false
file: ${{ env.crate }}
track-index:
if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && contains(needs.*.result, 'failure') }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
steps:
- uses: actions/checkout@v4
- name: Create index file
run: echo "${{ env.version }}" > ${{ env.crate }}
- name: Push to index
uses: svenstaro/upload-release-action@2.7.0
with:
tag: track-index
make_latest: false
file: ${{ env.crate }}