Continuous Deployment #489
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Deployment | |
on: | |
workflow_dispatch: | |
schedule: | |
# “At 00:15.” | |
# https://crontab.guru/#15_0_*_*_* | |
- cron: "15 0 * * *" | |
defaults: | |
run: | |
shell: bash | |
env: | |
BINARY_NAME: rustic | |
BINARY_NIGHTLY_DIR: rustic | |
jobs: | |
publish: | |
if: ${{ github.repository_owner == 'rustic-rs' && github.ref == 'refs/heads/main' }} | |
name: Publishing ${{ matrix.job.target }} | |
runs-on: ${{ matrix.job.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [stable] | |
job: | |
- os: windows-latest | |
os-name: windows | |
target: x86_64-pc-windows-msvc | |
architecture: x86_64 | |
binary-postfix: ".exe" | |
use-cross: false | |
# FIXME: `aws-lc-sys` doesn't cross compile | |
# - os: windows-latest | |
# os-name: windows | |
# target: x86_64-pc-windows-gnu | |
# architecture: x86_64 | |
# binary-postfix: ".exe" | |
# use-cross: false | |
- os: macos-13 | |
os-name: macos | |
target: x86_64-apple-darwin | |
architecture: x86_64 | |
binary-postfix: "" | |
use-cross: false | |
- os: macos-latest | |
os-name: macos | |
target: aarch64-apple-darwin | |
architecture: arm64 | |
binary-postfix: "" | |
use-cross: true | |
- os: ubuntu-latest | |
os-name: linux | |
target: x86_64-unknown-linux-gnu | |
architecture: x86_64 | |
binary-postfix: "" | |
use-cross: false | |
- os: ubuntu-latest | |
os-name: linux | |
target: x86_64-unknown-linux-musl | |
architecture: x86_64 | |
binary-postfix: "" | |
use-cross: false | |
- os: ubuntu-latest | |
os-name: linux | |
target: aarch64-unknown-linux-gnu | |
architecture: arm64 | |
binary-postfix: "" | |
use-cross: true | |
- os: ubuntu-latest | |
os-name: linux | |
target: aarch64-unknown-linux-musl | |
architecture: arm64 | |
binary-postfix: "" | |
use-cross: true | |
- os: ubuntu-latest | |
os-name: linux | |
target: i686-unknown-linux-gnu | |
architecture: i686 | |
binary-postfix: "" | |
use-cross: true | |
# FIXME: `aws-lc-sys` doesn't cross compile | |
# - os: ubuntu-latest | |
# os-name: netbsd | |
# target: x86_64-unknown-netbsd | |
# architecture: x86_64 | |
# binary-postfix: "" | |
# use-cross: true | |
# FIXME: `aws-lc-sys` doesn't cross compile | |
# - os: ubuntu-latest | |
# os-name: linux | |
# target: armv7-unknown-linux-gnueabihf | |
# architecture: armv7 | |
# binary-postfix: "" | |
# use-cross: true | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: 0 # fetch all history so that git describe works | |
- name: Create binary artifact | |
uses: rustic-rs/create-binary-artifact-action@main # dev | |
with: | |
toolchain: ${{ matrix.rust }} | |
target: ${{ matrix.job.target }} | |
use-cross: ${{ matrix.job.use-cross }} | |
describe-tag-suffix: -nightly | |
binary-postfix: ${{ matrix.job.binary-postfix }} | |
os: ${{ runner.os }} | |
binary-name: ${{ env.BINARY_NAME }} | |
package-secondary-name: nightly-${{ matrix.job.target}} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
gpg-release-private-key: ${{ secrets.GPG_RELEASE_PRIVATE_KEY }} | |
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
rsign-release-private-key: ${{ secrets.RSIGN_RELEASE_PRIVATE_KEY }} | |
rsign-passphrase: ${{ secrets.RSIGN_PASSPHRASE }} | |
github-ref: ${{ github.ref }} | |
sign-release: true | |
hash-release: true | |
use-project-version: true | |
publish-nightly: | |
if: ${{ github.repository_owner == 'rustic-rs' && github.ref == 'refs/heads/main' }} | |
name: Publishing nightly builds | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download all workflow run artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
- name: Releasing nightly builds | |
shell: bash | |
run: | | |
# set up some directories | |
WORKING_DIR=$(mktemp -d) | |
DEST_DIR=$BINARY_NIGHTLY_DIR | |
# set up the github deploy key | |
mkdir -p ~/.ssh | |
echo "${{ secrets.NIGHTLY_RELEASE_KEY }}" > ~/.ssh/id_ed25519 | |
chmod 600 ~/.ssh/id_ed25519 | |
# set up git | |
git config --global user.name "${{ github.actor }}" | |
git config --global user.email "${{ github.actor }}" | |
ssh-keyscan -H github.com > ~/.ssh/known_hosts | |
GIT_SSH='ssh -i ~/.ssh/id_ed25519 -o UserKnownHostsFile=~/.ssh/known_hosts' | |
# clone the repo into our working directory | |
# we use --depth 1 to avoid cloning the entire history | |
# and only the main branch to avoid cloning all branches | |
GIT_SSH_COMMAND=$GIT_SSH git clone [email protected]:rustic-rs/nightly.git --branch main --single-branch --depth 1 $WORKING_DIR | |
# ensure destination directory exists | |
mkdir -p $WORKING_DIR/$DEST_DIR | |
# do the copy | |
for artifact_dir in binary-*; do cp -a $artifact_dir/* $WORKING_DIR/$DEST_DIR; done | |
# create the commit | |
cd $WORKING_DIR | |
git add . | |
git commit -m "${{ github.job }} from https://github.com/${{ github.repository }}/commit/${{ github.sha }}" || echo | |
GIT_SSH_COMMAND=$GIT_SSH git pull --rebase | |
GIT_SSH_COMMAND=$GIT_SSH git push |