Nightly Builder #1467
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Nightly Builder | |
| "on": | |
| push: | |
| tags: | |
| - "*" | |
| schedule: | |
| - cron: "0 0 * * *" # build nightly! | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: Release tag | |
| required: true | |
| name: | |
| description: Release name | |
| required: true | |
| jobs: | |
| create-release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Create artifacts directory | |
| run: mkdir artifacts | |
| - name: Get the release version from the tag | |
| id: release_version | |
| run: | | |
| if [[ "${{ github.event_name }}" == "schedule" ]]; then | |
| release_name="nightly-$(date '+%Y-%m-%d')" | |
| release_tag="$release_name" | |
| elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| release_name=${{ github.event.inputs.name }} | |
| release_tag=${{ github.event.inputs.tag }} | |
| else | |
| release_name="$(basename "${{ github.ref }}")" | |
| release_tag="$release_name" | |
| fi | |
| echo "Release name is: ${release_name}" | |
| echo "Release version is: ${release_tag}" | |
| echo "name=${release_name}" >> $GITHUB_OUTPUT | |
| echo "tag=${release_tag}" >> $GITHUB_OUTPUT | |
| - name: Clone Artichoke | |
| uses: actions/checkout@v4.1.4 | |
| with: | |
| repository: artichoke/artichoke | |
| path: artichoke | |
| - name: Set latest_commit | |
| id: latest_commit | |
| working-directory: artichoke | |
| run: | | |
| artichoke_head=$(git rev-parse HEAD) | |
| echo "Artichoke HEAD commit is: ${artichoke_head}" | |
| echo "commit=${artichoke_head}" >> $GITHUB_OUTPUT | |
| - name: Create GitHub release | |
| id: release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_version.outputs.tag }} | |
| draft: true | |
| prerelease: false | |
| name: ${{ steps.release_version.outputs.name }} | |
| body: artichoke/artichoke@${{ steps.latest_commit.outputs.commit }} | |
| - name: Save release commit hash to artifact | |
| run: echo "${{ steps.latest_commit.outputs.commit }}" > artifacts/release-commit-hash | |
| - name: Save release ID to artifact | |
| run: echo "${{ steps.release.outputs.id }}" > artifacts/release-id | |
| - name: Save release upload URL to artifact | |
| run: echo "${{ steps.release.outputs.upload_url }}" > artifacts/release-upload-url | |
| - name: Save version number to artifact | |
| run: echo "${{ steps.release_version.outputs.tag }}" > artifacts/release-version | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4.3.3 | |
| with: | |
| name: artifacts | |
| path: artifacts | |
| build-release: | |
| name: Build Release | |
| needs: ["create-release"] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: | |
| - linux-x64 | |
| - linux-x64-musl | |
| - linux-arm64 | |
| - macos-x64 | |
| - macos-arm64 | |
| - windows-x64 | |
| include: | |
| - build: linux-x64 | |
| os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| - build: linux-x64-musl | |
| os: ubuntu-latest | |
| target: x86_64-unknown-linux-musl | |
| - build: linux-arm64 | |
| os: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| - build: macos-x64 | |
| os: macos-latest | |
| target: x86_64-apple-darwin | |
| - build: macos-arm64 | |
| os: macos-latest | |
| target: aarch64-apple-darwin | |
| - build: windows-x64 | |
| os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| env: | |
| RUST_BACKTRACE: 1 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4.1.4 | |
| - name: Get release download URL | |
| uses: actions/download-artifact@v4.1.7 | |
| with: | |
| name: artifacts | |
| path: artifacts | |
| - name: Set release upload URL and release version | |
| shell: bash | |
| id: release_info | |
| run: | | |
| release_upload_url="$(cat artifacts/release-upload-url)" | |
| release_version="$(cat artifacts/release-version)" | |
| release_commit="$(cat artifacts/release-commit-hash)" | |
| echo "Release upload url: ${release_upload_url}" | |
| echo "Release version: ${release_version}" | |
| echo "Release commit: ${release_commit}" | |
| echo "upload_url=${release_upload_url}" >> $GITHUB_OUTPUT | |
| echo "version=${release_version}" >> $GITHUB_OUTPUT | |
| echo "commit=${release_commit}" >> $GITHUB_OUTPUT | |
| - name: Generate THIRDPARTY license listing | |
| uses: artichoke/generate_third_party@v1.13.0 | |
| with: | |
| artichoke_ref: ${{ steps.release_info.outputs.commit }} | |
| target_triple: ${{ matrix.target }} | |
| output_file: ${{ github.workspace }}/THIRDPARTY.txt | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Clone Artichoke | |
| uses: actions/checkout@v4.1.4 | |
| with: | |
| repository: artichoke/artichoke | |
| path: artichoke | |
| ref: ${{ steps.release_info.outputs.commit }} | |
| # Fetch all history. | |
| # | |
| # The Artichoke release metadata build script calculates Ruby | |
| # constants like `RUBY_REVISION` by walking the git history. | |
| fetch-depth: 0 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5.1.0 | |
| with: | |
| python-version-file: ".python-version" | |
| - name: Set Artichoke Rust toolchain version | |
| id: rust_toolchain | |
| working-directory: artichoke | |
| shell: python | |
| run: | | |
| import os | |
| import tomllib | |
| with open("rust-toolchain.toml", "rb") as f: | |
| data = tomllib.load(f) | |
| toolchain = data["toolchain"]["channel"] | |
| print(f"Rust toolchain version: {toolchain}") | |
| with open(os.environ["GITHUB_OUTPUT"], "a") as f: | |
| print(f"version={toolchain}", file=f) | |
| - name: Install Rust toolchain | |
| uses: artichoke/setup-rust/build-and-test@v1.11.0 | |
| with: | |
| toolchain: ${{ steps.rust_toolchain.outputs.version }} | |
| target: ${{ matrix.target }} | |
| - name: Setup Python | |
| uses: actions/setup-python@v5.1.0 | |
| with: | |
| python-version-file: ".python-version" | |
| # ``` | |
| # $ gpg --fingerprint --with-subkey-fingerprints codesign@artichokeruby.org | |
| # pub ed25519 2021-01-03 [SC] | |
| # C983 8F10 4021 F59E E6F6 BCBE B199 D034 7FDA 14A4 | |
| # uid [ultimate] Code signing for Artichoke Ruby <codesign@artichokeruby.org> | |
| # sub cv25519 2021-01-03 [E] | |
| # 7719 1B6D 83B2 F4E8 5197 125B A9A3 F70E 710A 15AA | |
| # sub ed25519 2021-01-03 [S] | |
| # 1C4A 856A CF86 EC1E E841 180F AF57 A37C AC06 1452 | |
| # ``` | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }} | |
| fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452 | |
| - name: List keys | |
| run: gpg -K | |
| - name: Install musl x86_64 | |
| if: matrix.build == 'linux-x64-musl' | |
| run: | | |
| sudo apt update | |
| sudo apt install musl-tools | |
| - name: Install gcc aarch64 cross compiler | |
| if: matrix.build == 'linux-arm64' | |
| run: | | |
| sudo apt update | |
| sudo apt install gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu | |
| # https://github.com/rust-lang/rust-bindgen/issues/1229 | |
| echo 'BINDGEN_EXTRA_CLANG_ARGS=--sysroot=/usr/aarch64-linux-gnu' >> $GITHUB_ENV | |
| # https://github.com/rust-lang/rust/issues/28924 | |
| echo 'CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc' >> $GITHUB_ENV | |
| - name: Build release artifacts | |
| working-directory: artichoke | |
| run: cargo build --verbose --release --target ${{ matrix.target }} | |
| - name: Install Python dependencies | |
| if: runner.os == 'macOS' | |
| run: | | |
| python3 -m venv --upgrade-deps venv | |
| ./venv/bin/pip install --upgrade pip wheel | |
| ./venv/bin/pip install --require-hashes -r requirements.txt | |
| # This will codesign binaries in place which means that the tarballed | |
| # binaries will be codesigned as well. | |
| - name: Run Apple Codesigning and Notarization | |
| id: apple_codesigning | |
| if: runner.os == 'macOS' | |
| run: | | |
| ./venv/bin/python3 macos_sign_and_notarize.py "artichoke-nightly-${{ matrix.target }}" \ | |
| --binary "artichoke/target/${{ matrix.target }}/release/artichoke" \ | |
| --binary "artichoke/target/${{ matrix.target }}/release/airb" \ | |
| --resource artichoke/LICENSE \ | |
| --resource artichoke/README.md \ | |
| --resource THIRDPARTY.txt \ | |
| --dmg-icon-url "https://artichoke.github.io/logo/Artichoke-dmg.icns" | |
| env: | |
| MACOS_NOTARIZE_APP_PASSWORD: ${{ secrets.MACOS_NOTARIZE_APP_PASSWORD }} | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PASSPHRASE: ${{ secrets.MACOS_CERTIFICATE_PASSPHRASE }} | |
| - name: GPG sign Apple DMG | |
| id: apple_codesigning_gpg | |
| if: runner.os == 'macOS' | |
| run: | | |
| python3 gpg_sign.py "artichoke-nightly-${{ matrix.target }}" \ | |
| --artifact "${{ steps.apple_codesigning.outputs.asset }}" | |
| - name: Upload release archive | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| if: runner.os == 'macOS' | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_info.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| artifacts: ${{ steps.apple_codesigning.outputs.asset }} | |
| artifactContentType: ${{ steps.apple_codesigning.outputs.content_type }} | |
| - name: Upload release signature | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| if: runner.os == 'macOS' | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_info.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| artifacts: ${{ steps.apple_codesigning_gpg.outputs.signature }} | |
| artifactContentType: "text/plain" | |
| - name: Build archive | |
| shell: bash | |
| id: build | |
| run: | | |
| staging="artichoke-nightly-${{ matrix.target }}" | |
| mkdir -p "$staging"/ | |
| cp artichoke/{README.md,LICENSE} THIRDPARTY.txt "$staging/" | |
| if [ "${{ runner.os }}" = "Windows" ]; then | |
| cp "artichoke/target/${{ matrix.target }}/release/artichoke.exe" "$staging/" | |
| cp "artichoke/target/${{ matrix.target }}/release/airb.exe" "$staging/" | |
| 7z a "$staging.zip" "$staging" | |
| echo "asset=$staging.zip" >> $GITHUB_OUTPUT | |
| echo "content_type=application/zip" >> $GITHUB_OUTPUT | |
| else | |
| cp "artichoke/target/${{ matrix.target }}/release/artichoke" "$staging/" | |
| cp "artichoke/target/${{ matrix.target }}/release/airb" "$staging/" | |
| tar czf "$staging.tar.gz" "$staging" | |
| echo "asset=$staging.tar.gz" >> $GITHUB_OUTPUT | |
| echo "content_type=application/gzip" >> $GITHUB_OUTPUT | |
| fi | |
| - name: GPG sign archive | |
| id: gpg_signing | |
| run: python3 gpg_sign.py "artichoke-nightly-${{ matrix.target }}" --artifact "${{ steps.build.outputs.asset }}" | |
| - name: Upload release archive | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_info.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| artifacts: ${{ steps.build.outputs.asset }} | |
| artifactContentType: ${{ steps.build.outputs.content_type }} | |
| - name: Upload release signature | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_info.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| artifacts: ${{ steps.gpg_signing.outputs.signature }} | |
| artifactContentType: "text/plain" | |
| package-source-archive: | |
| name: Package Source Archive | |
| needs: ["create-release"] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| archive: | |
| - tar.gz | |
| - zip | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4.1.4 | |
| - name: Get release download URL | |
| uses: actions/download-artifact@v4.1.7 | |
| with: | |
| name: artifacts | |
| path: artifacts | |
| - name: Set release upload URL and release version | |
| shell: bash | |
| id: release_info | |
| run: | | |
| release_upload_url="$(cat artifacts/release-upload-url)" | |
| release_version="$(cat artifacts/release-version)" | |
| release_commit="$(cat artifacts/release-commit-hash)" | |
| echo "Release upload url: ${release_upload_url}" | |
| echo "Release version: ${release_version}" | |
| echo "Release commit: ${release_commit}" | |
| echo "upload_url=${release_upload_url}" >> $GITHUB_OUTPUT | |
| echo "version=${release_version}" >> $GITHUB_OUTPUT | |
| echo "commit=${release_commit}" >> $GITHUB_OUTPUT | |
| - name: Clone Artichoke | |
| uses: actions/checkout@v4.1.4 | |
| with: | |
| repository: artichoke/artichoke | |
| path: artichoke | |
| ref: ${{ steps.release_info.outputs.commit }} | |
| - name: Setup Python | |
| uses: actions/setup-python@v5.1.0 | |
| with: | |
| python-version-file: ".python-version" | |
| # ``` | |
| # $ gpg --fingerprint --with-subkey-fingerprints codesign@artichokeruby.org | |
| # pub ed25519 2021-01-03 [SC] | |
| # C983 8F10 4021 F59E E6F6 BCBE B199 D034 7FDA 14A4 | |
| # uid [ultimate] Code signing for Artichoke Ruby <codesign@artichokeruby.org> | |
| # sub cv25519 2021-01-03 [E] | |
| # 7719 1B6D 83B2 F4E8 5197 125B A9A3 F70E 710A 15AA | |
| # sub ed25519 2021-01-03 [S] | |
| # 1C4A 856A CF86 EC1E E841 180F AF57 A37C AC06 1452 | |
| # ``` | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }} | |
| fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452 | |
| - name: List keys | |
| run: gpg -K | |
| - name: Build source archive | |
| run: | | |
| git -C artichoke archive \ | |
| --format ${{ matrix.archive }} \ | |
| -9 \ | |
| --output=`pwd`/artichoke-nightly.source.${{ matrix.archive }} \ | |
| ${{ steps.release_info.outputs.commit }} | |
| - name: Install Python dependencies | |
| if: runner.os == 'macOS' | |
| run: | | |
| python3 -m venv --upgrade-deps venv | |
| ./venv/bin/pip install --upgrade pip wheel | |
| ./venv/bin/pip install --require-hashes -r requirements.txt | |
| - name: Build archive | |
| shell: bash | |
| id: build | |
| run: | | |
| if [ "${{ matrix.archive }}" = "zip" ]; then | |
| echo "asset=artichoke-nightly.source.zip" >> $GITHUB_OUTPUT | |
| echo "content_type=application/zip" >> $GITHUB_OUTPUT | |
| else | |
| echo "asset=artichoke-nightly.source.tar.gz" >> $GITHUB_OUTPUT | |
| echo "content_type=application/gzip" >> $GITHUB_OUTPUT | |
| fi | |
| - name: GPG sign archive | |
| id: gpg_signing | |
| run: python3 gpg_sign.py "artichoke-nightly-${{ matrix.archive }}" --artifact "${{ steps.build.outputs.asset }}" | |
| - name: Upload release archive | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_info.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| artifacts: ${{ steps.build.outputs.asset }} | |
| artifactContentType: ${{ steps.build.outputs.content_type }} | |
| - name: Upload release signature | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.release_info.outputs.version }} | |
| draft: true | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| artifacts: ${{ steps.gpg_signing.outputs.signature }} | |
| artifactContentType: "text/plain" | |
| finalize-release: | |
| name: Publish Release | |
| needs: ["build-release", "package-source-archive"] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get release download URL | |
| uses: actions/download-artifact@v4.1.7 | |
| with: | |
| name: artifacts | |
| path: artifacts | |
| - name: Set publish_info | |
| id: publish_info | |
| run: echo "release_tag=$(cat artifacts/release-version)" >> $GITHUB_OUTPUT | |
| - name: Publish release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ steps.publish_info.outputs.release_tag }} | |
| draft: false | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| omitNameDuringUpdate: true | |
| omitPrereleaseDuringUpdate: true | |
| - uses: eregon/keep-last-n-releases@c662ecf90e35b1070a4894539d8804a286e55151 # v1 | |
| if: github.event_name == 'schedule' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| n: 7 |