Publish crate cargo-bom 0.6.8 from #1647 #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cargo-bom stable build | |
| on: | |
| push: | |
| branches: [ trigger/stable ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| env: | |
| index: https://github.com/cargo-prebuilt/index/releases/download/stable-index/ | |
| crate: cargo-bom | |
| version: 0.6.8 | |
| dl: https://static.crates.io/crates/cargo-bom/cargo-bom-0.6.8.crate | |
| checksum: 1a46719e2581dd5ff1cc2d785979f0c7c835e023f627d323ecbb03f202d2b51a | |
| git: https://github.com/sensorfu/cargo-bom | |
| bins: cargo-bom | |
| file: ./crates/cargo-bom.toml | |
| CARGO_TERM_COLOR: always | |
| python-version: "3.12" | |
| jobs: | |
| setup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| - name: Create Folder | |
| if: ${{ !steps.cache.outputs.cache-hit }} | |
| run: mkdir -p ./build | |
| - name: Download crate and check hash | |
| if: ${{ !steps.cache.outputs.cache-hit }} | |
| run: | | |
| wget ${{ env.dl }} | |
| echo "${{ env.checksum }} ${{ env.crate }}-${{ env.version }}.crate" | sha256sum -c | |
| tar -xf ${{ env.crate }}-${{ env.version }}.crate | |
| mv ${{ env.crate }}-${{ env.version }}/* ./build | |
| - name: Update Rust | |
| if: ${{ !steps.cache.outputs.cache-hit }} | |
| run: | | |
| rustup update | |
| rustc --version | |
| - name: Generated lockfile if needed | |
| if: ${{ !steps.cache.outputs.cache-hit }} | |
| working-directory: ./build | |
| run: test -f Cargo.lock || cargo +stable generate-lockfile --verbose | |
| reports: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| crate-license: ${{ steps.get_toml.outputs.license }} | |
| crate-description: ${{ steps.get_toml.outputs.description }} | |
| needs: [ setup ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Get deps and crates from cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - name: Cache Advisory DB | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/advisory-db | |
| key: stable-advisory-db | |
| - name: Update Rust | |
| run: | | |
| rustup update | |
| rustc --version | |
| - uses: cargo-prebuilt/cargo-prebuilt-action@v3 | |
| with: | |
| pkgs: cargo-audit | |
| - name: Get license and desc | |
| id: get_toml | |
| working-directory: ./build | |
| run: | | |
| echo "license=$(python ../scripts/crate-info.py 'license')" >> $GITHUB_OUTPUT | |
| { | |
| echo 'description<<EOF' | |
| python ../scripts/crate-info.py 'description' | |
| echo EOF | |
| } >> $GITHUB_OUTPUT | |
| - name: Generate license report | |
| working-directory: ./build | |
| run: | | |
| echo "Generated on: $(date --utc)" > ../license.report && echo "Crates.io license metadata: ${{ steps.get_toml.outputs.license }}" >> ../license.report | |
| echo "Found license texts:" >> ../license.report | |
| tail -n +1 *LICENSE* >> ../license.report || true | |
| tail -n +1 *license* >> ../license.report || true | |
| tail -n +1 *License* >> ../license.report || true | |
| - name: Generate deps report | |
| working-directory: ./build | |
| run: | | |
| echo "Generated on: $(date --utc)" > ../deps.report && cargo +stable tree --verbose --locked -e normal,build >> ../deps.report | |
| - name: Generate audit report | |
| working-directory: ./build | |
| run: | | |
| echo "Generated on: $(date --utc)" > ../audit.report && cargo audit >> ../audit.report || true | |
| - name: Output reports | |
| run: | | |
| echo "### License:" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| cat license.report >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "### Deps:" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| cat deps.report >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "### Audit:" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| cat audit.report >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| - name: Store reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: reports | |
| path: "*.report" | |
| t1-cross: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [ x86_64-unknown-linux-gnu, x86_64-unknown-linux-musl, aarch64-unknown-linux-gnu, aarch64-unknown-linux-musl ] | |
| env: | |
| CROSS_CONFIG: ../Cross.toml | |
| runs-on: ubuntu-latest | |
| needs: [ setup ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Get crate from cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: Swatinem/rust-cache@v2 | |
| if: ${{ !true }} | |
| with: | |
| workspaces: "./build -> target" | |
| prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}" | |
| - name: Build with ink cross | |
| run: | | |
| docker run --rm \ | |
| --userns host --user $(id -u):$(id -g) \ | |
| -v $HOME/.cargo/registry:/usr/local/cargo/registry \ | |
| -v ./build:/project \ | |
| ghcr.io/cargo-prebuilt/ink-cross:stable-${{ matrix.target }} \ | |
| auditable build --verbose --release --locked --target ${{ matrix.target }} --features 'cargo/vendored-openssl' | |
| - name: Collect | |
| run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }} | |
| - name: Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: target-${{ matrix.target }} | |
| path: | | |
| ${{ matrix.target }}.tar.gz | |
| ${{ matrix.target }}.hashes.json | |
| t1-apple-darwin: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [ x86_64-apple-darwin, aarch64-apple-darwin ] | |
| runs-on: macos-14 | |
| needs: [ setup ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Get crate from cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: Swatinem/rust-cache@v2 | |
| if: ${{ !true }} | |
| with: | |
| workspaces: "./build -> target" | |
| prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}" | |
| - name: Update Rust and Add Target | |
| run: | | |
| rustup update | |
| rustc --version | |
| rustup target add ${{ matrix.target }} | |
| - uses: cargo-prebuilt/cargo-prebuilt-action@v3 | |
| with: | |
| pkgs: cargo-auditable | |
| - name: Build crate | |
| working-directory: ./build | |
| run: cargo +stable auditable build --verbose --release --locked --target ${{ matrix.target }} --features 'cargo/vendored-openssl' | |
| - name: Collect | |
| run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }} | |
| - name: Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: target-${{ matrix.target }} | |
| path: | | |
| ${{ matrix.target }}.tar.gz | |
| ${{ matrix.target }}.hashes.json | |
| t2-cross: | |
| if: true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [ s390x-unknown-linux-gnu,powerpc64le-unknown-linux-gnu,armv7-unknown-linux-gnueabihf,armv7-unknown-linux-musleabihf ] | |
| runs-on: ubuntu-latest | |
| needs: [ setup ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Get crate from cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: Swatinem/rust-cache@v2 | |
| if: ${{ !true }} | |
| with: | |
| workspaces: "./build -> target" | |
| prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}" | |
| - name: Build with ink cross | |
| run: | | |
| docker run --rm \ | |
| --userns host --user $(id -u):$(id -g) \ | |
| -v $HOME/.cargo/registry:/usr/local/cargo/registry \ | |
| -v ./build:/project \ | |
| ghcr.io/cargo-prebuilt/ink-cross:stable-${{ matrix.target }} \ | |
| auditable build --verbose --release --locked --target ${{ matrix.target }} --features 'cargo/vendored-openssl' | |
| - name: Collect | |
| run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }} | |
| - name: Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: target-${{ matrix.target }} | |
| path: | | |
| ${{ matrix.target }}.tar.gz | |
| ${{ matrix.target }}.hashes.json | |
| t2-pc-windows-msvc: | |
| if: true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [ x86_64-pc-windows-msvc,aarch64-pc-windows-msvc ] | |
| runs-on: windows-latest | |
| needs: [ setup ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Get crate from cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: Swatinem/rust-cache@v2 | |
| if: ${{ !true }} | |
| with: | |
| workspaces: "./build -> target" | |
| prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}" | |
| - name: Update Rust and Add Target | |
| run: | | |
| rustup update | |
| rustc --version | |
| rustup target add ${{ matrix.target }} | |
| # TODO: Add back cargo-auditable once I figure out how to stop MSVC warnings as errors. | |
| # - uses: cargo-prebuilt/cargo-prebuilt-action@v3 | |
| # with: | |
| # pkgs: cargo-auditable | |
| - name: Build crate | |
| working-directory: ./build | |
| run: cargo +stable build --verbose --release --locked --target ${{ matrix.target }} --features 'cargo/vendored-openssl' | |
| - name: Collect | |
| run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }} | |
| - name: Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: target-${{ matrix.target }} | |
| path: | | |
| ${{ matrix.target }}.tar.gz | |
| ${{ matrix.target }}.hashes.json | |
| t3-cross: | |
| if: true | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [ x86_64-unknown-freebsd,x86_64-unknown-netbsd,powerpc64-unknown-linux-gnu ] | |
| env: | |
| CROSS_CONFIG: ../Cross.toml | |
| runs-on: ubuntu-latest | |
| needs: [ setup ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Get crate from cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| build | |
| key: ${{ env.crate }}-${{ env.version }}-stable-crate | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: Swatinem/rust-cache@v2 | |
| if: ${{ !true }} | |
| with: | |
| workspaces: "./build -> target" | |
| prefix-key: "v0-rust-${{ matrix.target }}-${{ env.crate }}-${{ env.version }}" | |
| - name: Update Rust | |
| run: | | |
| rustup update | |
| rustc --version | |
| - uses: cargo-prebuilt/cargo-prebuilt-action@v3 | |
| with: | |
| pkgs: cross | |
| - name: Build crate | |
| working-directory: ./build | |
| run: cross +stable build --verbose --release --locked --target ${{ matrix.target }} --features 'cargo/vendored-openssl' | |
| - name: Collect | |
| run: python ./scripts/collect.py ${{ matrix.target }} ./build/target/${{ matrix.target }}/release ${{ env.bins }} | |
| - name: Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: target-${{ matrix.target }} | |
| path: | | |
| ${{ matrix.target }}.tar.gz | |
| ${{ matrix.target }}.hashes.json | |
| push-index: | |
| if: ${{ always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && !contains(needs.t1-cross.result, 'failure') && !contains(needs.t1-apple-darwin.result, 'failure') && !contains(needs.t2-cross.result, 'failure') && !contains(needs.t2-pc-windows-msvc.result, 'failure') }} | |
| runs-on: ubuntu-latest | |
| needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.python-version }} | |
| - name: Rust Version Guess | |
| run: | | |
| rustup update | |
| echo "rustc_version=$(rustc --version)" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@v4 | |
| - name: DBG - List Structure | |
| run: ls -R | |
| - name: Merge hashes | |
| shell: bash | |
| run: | | |
| set -euxo pipefail | |
| echo -n "" > hashes.sha256 | |
| for D in target-*; do | |
| if [ -d "${D}" ]; then | |
| echo "${D}" | |
| pushd "${D}" | |
| echo "$(cat *.hashes.json | jq --raw-output '.archive[] | select(.type | test("sha256")) | .hash') " *.tar.gz >> ../hashes.sha256 | |
| popd | |
| fi | |
| done | |
| - name: Create info.json and hashes.json | |
| run: python ./scripts/info.py '${{ env.file }}' '${{ env.version }}' '${{ needs.reports.outputs.crate-license }}' '${{ needs.reports.outputs.crate-description }}' '${{ env.rustc_version }}' | |
| - name: Sign info.json and hashes.json | |
| if: ${{ true }} | |
| run: | | |
| set -euxo pipefail | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| brew install minisign | |
| echo -n "$SIGNING_KEY" | base64 --decode > ~/.minisign_secret.key | |
| minisign -S -s ~/.minisign_secret.key -m info.json | |
| minisign -S -s ~/.minisign_secret.key -m hashes.json | |
| minisign -V -p ./keys/cargo-prebuilt-index.pub -m info.json | |
| minisign -V -p ./keys/cargo-prebuilt-index.pub -m hashes.json | |
| rm -f ~/.minisign_secret.key | |
| env: | |
| SIGNING_KEY: ${{ secrets.MINISIGN_SIGNING_KEY }} | |
| - name: Artifact | |
| if: ${{ !true }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: final | |
| path: | | |
| info.json | |
| hashes.json | |
| hashes.sha256 | |
| reports/*.report | |
| target-*/*.tar.gz | |
| target-*/*.hashes.json | |
| - name: Create and push artifacts to release | |
| uses: ncipollo/release-action@v1 | |
| if: ${{ true }} | |
| with: | |
| tag: ${{ env.crate }}-${{ env.version }} | |
| name: ${{ env.crate }}-${{ env.version }} | |
| allowUpdates: true | |
| prerelease: true | |
| artifacts: "reports/*.report,target-*/*.tar.gz,hashes.sha256,*.minisig,hashes.json,info.json" | |
| body: "" | |
| - name: Create index file | |
| if: ${{ true }} | |
| run: echo "${{ env.version }}" > ${{ env.crate }} | |
| - name: Push to index | |
| uses: ncipollo/release-action@v1 | |
| if: ${{ true }} | |
| with: | |
| tag: stable-index | |
| allowUpdates: true | |
| makeLatest: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| artifacts: "${{ env.crate }}" | |
| banned-index: | |
| if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && (contains(needs.t1-cross.result, 'failure') || contains(needs.t1-apple-darwin.result, 'failure') || contains(needs.t2-cross.result, 'failure') || contains(needs.t2-pc-windows-msvc.result, 'failure')) }} | |
| runs-on: ubuntu-latest | |
| needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create index file | |
| run: echo "${{ env.version }}" > ${{ env.crate }} | |
| - name: Push to index | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: banned-index | |
| allowUpdates: true | |
| makeLatest: false | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| artifacts: "${{ env.crate }}" | |
| track-index: | |
| if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && contains(needs.*.result, 'failure') }} | |
| runs-on: ubuntu-latest | |
| needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create index file | |
| run: echo "${{ env.version }}" > ${{ env.crate }} | |
| - name: Push to index | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: track-index | |
| allowUpdates: true | |
| makeLatest: false | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| artifacts: "${{ env.crate }}" |