ci: drop removed feature flag #139
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| contents: write # for creating a release | |
| id-token: write # for attestations | |
| attestations: write # for attestations | |
| jobs: | |
| ci: | |
| uses: ./.github/workflows/ci.yaml | |
| # now do the actual (release) builds | |
| build: | |
| needs: | |
| - ci | |
| strategy: | |
| matrix: | |
| target: | |
| - aarch64-unknown-linux-gnu | |
| - x86_64-unknown-linux-gnu | |
| - aarch64-unknown-linux-musl | |
| - x86_64-unknown-linux-musl | |
| - x86_64-apple-darwin | |
| - aarch64-apple-darwin | |
| - x86_64-pc-windows-msvc | |
| include: | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-22.04 | |
| cross: "true" | |
| args: --features vendored,crypto-openssl,walker-common/liblzma,csaf --no-default-features | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-22.04 | |
| install: sudo apt install clang llvm pkg-config nettle-dev | |
| args: --features crypto-openssl,walker-common/liblzma,csaf --no-default-features | |
| - target: aarch64-unknown-linux-musl | |
| os: ubuntu-22.04 | |
| cross: "true" | |
| args: --features vendored,crypto-openssl,walker-common/liblzma,csaf --no-default-features | |
| - target: x86_64-unknown-linux-musl | |
| os: ubuntu-22.04 | |
| install: sudo apt install clang llvm pkg-config libssl-dev nettle-dev musl-tools | |
| args: --features vendored,crypto-openssl,walker-common/liblzma,csaf --no-default-features | |
| - target: x86_64-apple-darwin | |
| os: macos-13 | |
| args: --features vendored,crypto-openssl,walker-common/liblzma,csaf --no-default-features | |
| - target: aarch64-apple-darwin | |
| os: macos-14 | |
| args: --features vendored,crypto-openssl,walker-common/liblzma,csaf --no-default-features | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-2022 | |
| exe: ".exe" | |
| #args: --features crypto-openssl,csaf --no-default-features | |
| args: --features crypto-cng,walker-common/liblzma,csaf --no-default-features | |
| install: | | |
| echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| vcpkg install openssl:x64-windows-static-md | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: build-${{ matrix.target }} | |
| - run: rustup update stable --no-self-update | |
| - run: rustup target add ${{ matrix.target }} | |
| if: matrix.target != '' | |
| - name: Install dependencies | |
| run: ${{ matrix.install }} | |
| if: matrix.install != '' | |
| - name: Setup cargo-binstall (Linux) | |
| if: runner.os != 'Windows' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash | |
| - name: Setup cargo-binstall (Windows) | |
| if: runner.os == 'Windows' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| Set-ExecutionPolicy Unrestricted -Scope Process; iex (iwr "https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.ps1").Content | |
| - name: Prepare cross | |
| if: matrix.cross == 'true' | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cargo binstall cross -y | |
| - name: Install cargo-cyclonedx | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cargo binstall -y cargo-cyclonedx | |
| - name: Build | |
| shell: bash | |
| run: | | |
| if [[ "${{ matrix.xcode }}" == "true" ]]; then | |
| export SDKROOT=$(xcrun -sdk macosx --show-sdk-path) | |
| export MACOSX_DEPLOYMENT_TARGET=$(xcrun -sdk macosx --show-sdk-platform-version) | |
| fi | |
| OPTS="--release" | |
| if [[ -n "${{ matrix.target }}" ]]; then | |
| OPTS="$OPTS --target=${{ matrix.target }}" | |
| fi | |
| OPTS="$OPTS ${{ matrix.args }}" | |
| CMD="cargo" | |
| if [[ -n "${{ matrix.cross }}" ]]; then | |
| CMD="cross" | |
| fi | |
| env NETTLE_STATIC=yes ${CMD} build ${OPTS} | |
| - name: Create upload directory | |
| run: | | |
| mkdir -p upload | |
| - name: Create SBOM | |
| shell: bash | |
| run: | | |
| cargo cyclonedx -v --spec-version 1.5 --format json --describe binaries --target "${{ matrix.target }}" | |
| mv csaf/csaf-cli/csaf_bin.cdx.json "upload/csaf-${{ matrix.target }}.cdx.json" | |
| mv sbom/sbom-cli/sbom_bin.cdx.json "upload/sbom-${{ matrix.target }}.cdx.json" | |
| - name: List output | |
| shell: bash | |
| run: | | |
| ls -l target/ | |
| - name: Copy binary | |
| shell: bash | |
| run: | | |
| # if we have an alternate target, there is a sub-directory | |
| if [[ -f "target/release/csaf${{ matrix.exe }}" ]]; then | |
| SRC_CSAF="target/release/csaf${{ matrix.exe }}" | |
| SRC_SBOM="target/release/sbom${{ matrix.exe }}" | |
| elif [[ -f "target/${{ matrix.target }}/release/csaf${{ matrix.exe }}" ]]; then | |
| SRC_CSAF="target/${{ matrix.target }}/release/csaf${{ matrix.exe }}" | |
| SRC_SBOM="target/${{ matrix.target }}/release/sbom${{ matrix.exe }}" | |
| else | |
| echo "Unable to find output" | |
| false # stop build | |
| fi | |
| # for upload | |
| cp -pv "${SRC_CSAF}" upload/csaf-${{ matrix.target }}${{ matrix.exe }} | |
| cp -pv "${SRC_SBOM}" upload/sbom-${{ matrix.target }}${{ matrix.exe }} | |
| - name: Upload binary (csaf) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: csaf-${{ matrix.target }} | |
| path: | | |
| upload/csaf-${{ matrix.target }}${{ matrix.exe }} | |
| upload/csaf-${{ matrix.target }}.cdx.json | |
| if-no-files-found: error | |
| - name: Upload binary (sbom) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sbom-${{ matrix.target }} | |
| path: | | |
| upload/sbom-${{ matrix.target }}${{ matrix.exe }} | |
| upload/sbom-${{ matrix.target }}.cdx.json | |
| if-no-files-found: error | |
| containers: | |
| needs: | |
| - build | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| packages: write # for publishing containers | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/scm-rs/csaf-walker | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: ~/download | |
| - name: Move files | |
| run: | | |
| mv ~/download . | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| file: Containerfile | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| release: | |
| needs: | |
| - ci | |
| - build | |
| - containers | |
| uses: scm-rs/shared-workflows/.github/workflows/release.yaml@main | |
| with: | |
| copy_staging: "~/download/*/csaf-* ~/download/*/sbom-*" | |
| secrets: | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} |