v2.0.0-beta.1 #37
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| update_homebrew: | |
| description: 'Update Homebrew formula after build' | |
| required: false | |
| default: 'false' | |
| type: choice | |
| options: ['true','false'] | |
| release_tag: | |
| description: 'Release tag to upload artifacts to (e.g. v1.2.3)' | |
| required: false | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| name: Build ${{ matrix.target }} | |
| runs-on: ${{ matrix.os }} | |
| environment: packaging | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Linux x86_64 (glibc) | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-22.04 | |
| artifact_name: bssh | |
| asset_name: bssh-linux-x86_64 | |
| archive_ext: ".tar.gz" | |
| # Linux x86_64 (musl - static) | |
| - target: x86_64-unknown-linux-musl | |
| os: ubuntu-latest | |
| artifact_name: bssh | |
| asset_name: bssh-linux-x86_64-musl | |
| archive_ext: ".tar.gz" | |
| # Linux ARM64 (glibc) | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-22.04-arm | |
| artifact_name: bssh | |
| asset_name: bssh-linux-aarch64 | |
| archive_ext: ".tar.gz" | |
| # Linux ARM64 (musl - static) | |
| - target: aarch64-unknown-linux-musl | |
| os: ubuntu-24.04-arm | |
| artifact_name: bssh | |
| asset_name: bssh-linux-aarch64-musl | |
| archive_ext: ".tar.gz" | |
| # macOS ARM64 | |
| - target: aarch64-apple-darwin | |
| os: macos-14 | |
| artifact_name: bssh | |
| asset_name: bssh-macos-aarch64 | |
| archive_ext: ".zip" | |
| env: | |
| BIN_NAME: bssh | |
| BUNDLE_ID: ${{ vars.BUNDLE_ID }} | |
| steps: | |
| # 1) Checkout repository | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| # 2) Cache Cargo build artifacts | |
| - name: Cache cargo | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} | |
| ${{ runner.os }}-cargo-${{ matrix.target }}- | |
| # 3) Install Rust toolchain | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| # 4) Install musl tools only for aarch64 musl builds | |
| - name: Install musl tools (Linux musl only) | |
| if: contains(matrix.target, 'musl') | |
| run: | | |
| sudo apt update | |
| sudo apt install -y musl-tools | |
| # 5) Build release binaries (bssh and bssh-server) | |
| - name: Build release binaries | |
| run: cargo build --release --target ${{ matrix.target }} --locked --bin bssh --bin bssh-server | |
| # 6) macOS code signing | |
| - name: Import Distribution certificate | |
| if: runner.os == 'macOS' | |
| uses: apple-actions/import-codesign-certs@v3 | |
| with: | |
| p12-file-base64: ${{ secrets.DEV_ID_CERT_P12 }} | |
| p12-password: ${{ secrets.DEV_ID_CERT_PASSWORD }} | |
| - name: Code sign macOS binaries | |
| if: runner.os == 'macOS' | |
| run: | | |
| BIN_DIR=target/${{ matrix.target }}/release | |
| for bin in bssh bssh-server; do | |
| codesign --force --timestamp --options runtime \ | |
| --sign "Distribution" "$BIN_DIR/$bin" | |
| done | |
| # 7) Package binaries (separate packages for bssh and bssh-server) | |
| - name: Package Linux binaries (tar.gz) | |
| if: runner.os == 'Linux' | |
| run: | | |
| BIN_DIR=target/${{ matrix.target }}/release | |
| ASSET_BASE="${{ matrix.asset_name }}" | |
| SERVER_ASSET_BASE="${ASSET_BASE/bssh/bssh-server}" | |
| # Package bssh | |
| mkdir -p package-bssh | |
| cp "$BIN_DIR/bssh" package-bssh/ | |
| cp docs/man/bssh.1 package-bssh/ | |
| tar -C package-bssh -czf "${ASSET_BASE}.tar.gz" . | |
| # Package bssh-server | |
| mkdir -p package-bssh-server | |
| cp "$BIN_DIR/bssh-server" package-bssh-server/ | |
| cp docs/man/bssh-server.8 package-bssh-server/ | |
| tar -C package-bssh-server -czf "${SERVER_ASSET_BASE}.tar.gz" . | |
| - name: Package macOS binaries (zip) | |
| if: runner.os == 'macOS' | |
| run: | | |
| BIN_DIR="target/${{ matrix.target }}/release" | |
| ASSET_BASE="${{ matrix.asset_name }}" | |
| SERVER_ASSET_BASE="${ASSET_BASE/bssh/bssh-server}" | |
| # Package bssh | |
| mkdir -p package-bssh | |
| cp "$BIN_DIR/bssh" package-bssh/ | |
| cp docs/man/bssh.1 package-bssh/ | |
| ditto -c -k --sequesterRsrc package-bssh "${ASSET_BASE}.zip" | |
| # Package bssh-server | |
| mkdir -p package-bssh-server | |
| cp "$BIN_DIR/bssh-server" package-bssh-server/ | |
| cp docs/man/bssh-server.8 package-bssh-server/ | |
| ditto -c -k --sequesterRsrc package-bssh-server "${SERVER_ASSET_BASE}.zip" | |
| # 8) Generate checksums | |
| - name: Generate checksums | |
| run: | | |
| ASSET_BASE="${{ matrix.asset_name }}" | |
| SERVER_ASSET_BASE="${ASSET_BASE/bssh/bssh-server}" | |
| EXT="${{ matrix.archive_ext }}" | |
| for file in "${ASSET_BASE}${EXT}" "${SERVER_ASSET_BASE}${EXT}"; do | |
| if [[ "$RUNNER_OS" == "Linux" ]]; then | |
| sha256sum "$file" > "$file.sha256" | |
| else | |
| shasum -a 256 "$file" > "$file.sha256" | |
| fi | |
| done | |
| # 9) Upload release artifacts and checksums | |
| - name: Upload release artifacts | |
| if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| ASSET_BASE="${{ matrix.asset_name }}" | |
| SERVER_ASSET_BASE="${ASSET_BASE/bssh/bssh-server}" | |
| EXT="${{ matrix.archive_ext }}" | |
| TAG="${{ github.event.release.tag_name || github.event.inputs.release_tag }}" | |
| gh release upload "$TAG" \ | |
| "${ASSET_BASE}${EXT}" \ | |
| "${ASSET_BASE}${EXT}.sha256" \ | |
| "${SERVER_ASSET_BASE}${EXT}" \ | |
| "${SERVER_ASSET_BASE}${EXT}.sha256" \ | |
| --clobber | |
| env: | |
| GH_TOKEN: ${{ github.token }} |