claude@clouddev1
89b9392c25
- Run cargo test before the build so a tag never publishes untested code. - Pin shell: bash on the scripted steps; the runner defaults to dash, which rejected `set -o pipefail` and failed run 22's package step. - Swap `file` (absent in the slim image) for `ls -l`.
77 lines
3.0 KiB
YAML
77 lines
3.0 KiB
YAML
# Release: on a version tag, build the static Linux binary (D2) and publish it
|
|
# to a Gitea release with a checksum. Runs in the same prebuilt CI image as the
|
|
# gate, so the pinned toolchain + musl target/cc are already warm.
|
|
#
|
|
# Scope: x86_64-unknown-linux-musl only, for now. The rest of the D1 matrix
|
|
# (aarch64, macOS, Windows) and the D3 package-manager manifests layer on later,
|
|
# step by step.
|
|
#
|
|
# Tests run here before the build so a tag can never publish untested code,
|
|
# even one pointing at a commit that was never gated on a branch.
|
|
name: release
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: ci-public
|
|
container:
|
|
image: git.lazyeval.net/oli/rdbms-playground-ci:latest
|
|
env:
|
|
TARGET: x86_64-unknown-linux-musl
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: test
|
|
run: nix develop -c cargo test --no-fail-fast
|
|
|
|
- name: build static binary
|
|
run: nix develop -c cargo build --release --target "$TARGET"
|
|
|
|
- name: package artifacts
|
|
# Pin bash: the runner defaults scripted steps to dash, which rejects
|
|
# `set -o pipefail`. bash is in the CI image.
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
BIN="target/$TARGET/release/rdbms-playground"
|
|
ls -l "$BIN"
|
|
OUT="rdbms-playground-${{ github.ref_name }}-$TARGET"
|
|
mkdir -p dist
|
|
cp "$BIN" "dist/$OUT"
|
|
( cd dist && sha256sum "$OUT" > "$OUT.sha256" )
|
|
ls -l dist
|
|
|
|
- name: publish gitea release + assets
|
|
shell: bash
|
|
env:
|
|
# Auto-provided by Gitea Actions; has repo write (release) scope.
|
|
TOKEN: ${{ secrets.GITEA_TOKEN }}
|
|
API: ${{ github.server_url }}/api/v1
|
|
REPO: ${{ github.repository }}
|
|
TAG: ${{ github.ref_name }}
|
|
run: |
|
|
set -euo pipefail
|
|
# Create the release for this tag; if it already exists, look it up.
|
|
created=$(curl -sS -X POST "$API/repos/$REPO/releases" \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"tag_name\":\"$TAG\",\"name\":\"$TAG\",\"body\":\"Automated release for $TAG.\"}")
|
|
id=$(printf '%s' "$created" | node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{try{const o=JSON.parse(s);process.stdout.write(String(o.id||""))}catch(e){}})')
|
|
if [ -z "$id" ]; then
|
|
id=$(curl -sS "$API/repos/$REPO/releases/tags/$TAG" \
|
|
-H "Authorization: token $TOKEN" \
|
|
| node -e 'let s="";process.stdin.on("data",d=>s+=d).on("end",()=>{process.stdout.write(String(JSON.parse(s).id))})')
|
|
fi
|
|
echo "release id: $id"
|
|
for f in dist/*; do
|
|
name=$(basename "$f")
|
|
echo "uploading $name"
|
|
curl -sS -X POST "$API/repos/$REPO/releases/$id/assets?name=$name" \
|
|
-H "Authorization: token $TOKEN" \
|
|
-F "attachment=@$f" > /dev/null
|
|
done
|
|
echo "published $TAG"
|