Publish release #124

Workflow file for this run

.github/workflows/make_release.yml at 158e695

	# Publish new release of tfhe-rs on various platform.
	name: Publish release

	on:
	workflow_dispatch:
	inputs:
	dry_run:
	description: "Dry-run"
	type: boolean
	default: true
	push_to_crates:
	description: "Push to crate"
	type: boolean
	default: true
	push_web_package:
	description: "Push web js package"
	type: boolean
	default: true
	push_node_package:
	description: "Push node js package"
	type: boolean
	default: true
	npm_latest_tag:
	description: "Set NPM tag as latest"
	type: boolean
	default: false

	env:
	ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
	NPM_TAG: ""

	jobs:
	checks:
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	steps:
	- name: Get commit details
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	{
	echo "COMMITTER_LOGIN=$(gh api repos/${{ github.repository }}/commits/${{ github.sha }} --jq '.commit.committer.login')";
	echo "VERIFICATION_STATUS=$(gh api repos/${{ github.repository }}/commits/${{ github.sha }} --jq '.commit.verification.verified')";
	} >> "${GITHUB_ENV}"

	- name: Author verification
	uses: morfien101/actions-authorized-user@4a3cfbf0bcb3cafe4a71710a278920c5d94bb38b
	with:
	username: ${{ env.COMMITTER_LOGIN }}
	org: ${{ github.repository_owner }}
	team: ${{ secrets.RELEASE_TEAM }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Commit verification
	run: \|
	if [ ${{ env.VERIFICATION_STATUS }} = "true" ]; then
	echo "Commit is verified"
	else
	echo "Commit is not verified"
	exit 1
	fi

	package:
	runs-on: ubuntu-latest
	needs: checks
	outputs:
	hash: ${{ steps.hash.outputs.hash }}
	steps:
	- name: Checkout
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
	with:
	fetch-depth: 0
	- name: Prepare package
	run: \|
	cargo package -p tfhe
	- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
	with:
	name: crate
	path: target/package/*.crate
	- name: generate hash
	id: hash
	run: cd target/package && echo "hash=$(sha256sum ./*.crate \| base64 -w0)" >> "${GITHUB_OUTPUT}"

	provenance:
	if: ${{ !inputs.dry_run }}
	needs: [package]
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
	permissions:
	# Needed to detect the GitHub Actions environment
	actions: read
	# Needed to create the provenance via GitHub OIDC
	id-token: write
	# Needed to upload assets/artifacts
	contents: write
	with:
	# SHA-256 hashes of the Crate package.
	base64-subjects: ${{ needs.package.outputs.hash }}

	publish_release:
	name: Publish Release
	needs: [package] # for comparing hashes
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Checkout
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
	with:
	fetch-depth: 0
	- name: Create NPM version tag
	if: ${{ inputs.npm_latest_tag }}
	run: \|
	echo "NPM_TAG=latest" >> "${GITHUB_ENV}"
	- name: Download artifact
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
	with:
	name: crate
	path: target/package
	- name: Publish crate.io package
	if: ${{ inputs.push_to_crates }}
	env:
	CRATES_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
	DRY_RUN: ${{ inputs.dry_run && '--dry-run' \|\| '' }}
	run: \|
	cargo publish -p tfhe --token ${{ env.CRATES_TOKEN }} ${{ env.DRY_RUN }}

	- name: Generate hash
	id: published_hash
	run: cd target/package && echo "pub_hash=$(sha256sum ./*.crate \| base64 -w0)" >> "${GITHUB_OUTPUT}"

	- name: Slack notification (hashes comparison)
	if: ${{ needs.package.outputs.hash != steps.published_hash.outputs.pub_hash }}
	continue-on-error: true
	uses: rtCamp/action-slack-notify@65e6fc1ce697e2df8149d9ae9909acc5ec5599ce
	env:
	SLACK_COLOR: failure
	SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
	SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png
	SLACK_MESSAGE: "SLSA tfhe crate - hash comparison failure: (${{ env.ACTION_RUN_URL }})"
	SLACK_USERNAME: ${{ secrets.BOT_USERNAME }}
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

	- name: Build web package
	if: ${{ inputs.push_web_package }}
	run: \|
	make build_web_js_api_parallel

	- name: Publish web package
	if: ${{ inputs.push_web_package }}
	uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c
	with:
	token: ${{ secrets.NPM_TOKEN }}
	package: tfhe/pkg/package.json
	dry-run: ${{ inputs.dry_run }}
	tag: ${{ env.NPM_TAG }}
	provenance: true

	- name: Build Node package
	if: ${{ inputs.push_node_package }}
	run: \|
	rm -rf tfhe/pkg

	make build_node_js_api
	sed -i 's/"tfhe"/"node-tfhe"/g' tfhe/pkg/package.json

	- name: Publish Node package
	if: ${{ inputs.push_node_package }}
	uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c
	with:
	token: ${{ secrets.NPM_TOKEN }}
	package: tfhe/pkg/package.json
	dry-run: ${{ inputs.dry_run }}
	tag: ${{ env.NPM_TAG }}
	provenance: true

	- name: Slack Notification
	if: ${{ failure() }}
	continue-on-error: true
	uses: rtCamp/action-slack-notify@65e6fc1ce697e2df8149d9ae9909acc5ec5599ce
	env:
	SLACK_COLOR: ${{ job.status }}
	SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
	SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png
	SLACK_MESSAGE: "tfhe release failed: (${{ env.ACTION_RUN_URL }})"
	SLACK_USERNAME: ${{ secrets.BOT_USERNAME }}
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish release #124

Workflow file

Publish release #124

Jobs

Run details

Workflow file for this run