Skip to content

use musl builder

use musl builder #128

Workflow file for this run

name: Release
# on:
# release:
# types: [created]
on:
push:
branches:
- master
- dev2
jobs:
build:
name: Build CLI
strategy:
matrix:
platform:
- os_name: Linux-x86_64
os: ubuntu-latest
target: x86_64-unknown-linux-musl
cargo_command: cargo
# - os_name: Linux-x86_64
# os: ubuntu-20.04
# target: x86_64-unknown-linux-gnu
# cargo_command: cargo
- os_name: macOS-x86_64
os: macOS-latest
target: x86_64-apple-darwin
cargo_command: cargo
# matrix:
# target: [
# # x86_64-pc-windows-gnu,
# # x86_64-unknown-linux-musl,
# x86_64-apple-darwin,
# x86_64-unknown-linux-gnu,
# ]
package: [libs/cli]
runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@master
- uses: arduino/setup-protoc@v2
with:
version: "24.x"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: jetli/wasm-pack-action@v0.4.0
with:
version: "latest"
- name: Install toolchain if not cross-compiling
uses: dtolnay/rust-toolchain@stable
with:
toolchain: nightly
override: true
targets: ${{ matrix.platform.target }}
- uses: actions/setup-node@v3
with:
node-version: "20.x"
- run: yarn install
- run: rustup target add ${{ matrix.platform.target }}
- run: yarn build
- run: ${{ matrix.platform.cargo_command }} build --release --locked
if: matrix.platform.os_name == 'macOS-x86_64'
- uses: stevenleadbeater/rust-musl-builder@master
with:
args: /bin/bash -c "cargo build --release --locked --target=${{ matrix.platform.target }}"
if: matrix.platform.os_name == 'Linux-x86_64'
- name: Sign Mac OS binary
if: matrix.platform.target == 'x86_64-apple-darwin'
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
# Turn our base64-encoded certificate back to a regular .p12 file
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
# We need to create a new keychain, otherwise using the certificate will prompt
# with a UI dialog asking for the certificate password, which we can't
# use in a headless CI environment
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
# print for debugging
security find-certificate -a
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime target/release/paperclip_cli -v
- name: Notaize Mac OS binary
if: matrix.platform.target == 'x86_64-apple-darwin'
env:
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
run: |
# Store the notarization credentials so that we can prevent a UI password dialog
# from blocking the CI
echo "Create keychain profile"
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
# We can't notarize an app bundle directly, but we need to compress it as an archive.
# Therefore, we create a zip file containing our app bundle, so that we can send it to the
# notarization service
echo "Creating temp notarization archive"
mkdir -p dist
cp target/release/paperclip_cli dist
DMG_NAME="${{ matrix.platform.target }}-paperclip_cli.dmg"
hdiutil create $DMG_NAME -ov -volname "RecitalInstall" -fs HFS+ -srcfolder "dist"
ditto -c -k $DMG_NAME "notarization.zip"
# Here we send the notarization request to the Apple's Notarization service, waiting for the result.
# This typically takes a few seconds inside a CI environment, but it might take more depending on the App
# characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
# you're curious
echo "Notarize app"
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
# Finally, we need to "attach the staple" to our executable, which will allow our app to be
# validated by macOS even when an internet connection is not available.
echo "Attach staple"
xcrun stapler staple "$DMG_NAME"
- name: Upload Mac OS binary to release
if: matrix.platform.target == 'x86_64-apple-darwin'
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ matrix.platform.target }}-paperclip_cli.dmg
asset_name: ${{ matrix.asset_name }}
tag: ${{ github.ref }}
- name: Compress other binaries
if: matrix.platform.target != 'x86_64-apple-darwin'
run: cd target/release && tar -czvf ${{ matrix.platform.target }}-paperclip_cli.tar.gz paperclip_cli
- name: Upload other binaries to release
if: matrix.platform.target != 'x86_64-apple-darwin'
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: target/release/${{ matrix.platform.target }}-paperclip_cli.tar.gz
asset_name: ${{ matrix.asset_name }}
tag: ${{ github.ref }}
publish:
needs: build
name: Publish packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: arduino/setup-protoc@v1
with:
version: "3.x"
- uses: jetli/wasm-pack-action@v0.4.0
with:
version: "latest"
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly
override: true
- uses: actions/setup-node@v3
with:
node-version: "20.x"
registry-url: "https://registry.npmjs.org"
- run: yarn install
- run: yarn build
- run: lerna publish from-package --yes
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}