This repository has been archived by the owner on Mar 1, 2024. It is now read-only.
release #115
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This action enables building the executables for cli, can be triggered manually or by release creation. | |
name: release | |
on: | |
workflow_dispatch: | |
push: | |
tags: | |
- "*" | |
# Incremental compilation here isn't helpful | |
env: | |
CARGO_INCREMENTAL: 0 | |
# TODO: get rid of `production_target` variable when we have bigger RAM for aarch64 linux | |
jobs: | |
executables: | |
strategy: | |
matrix: | |
build: | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }} | |
target: x86_64-unknown-linux-gnu | |
production_target: target/x86_64-unknown-linux-gnu/production | |
suffix: ubuntu-x86_64-v2-${{ github.ref_name }} | |
rustflags: "-C target-cpu=x86-64-v2" | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }} | |
target: x86_64-unknown-linux-gnu | |
production_target: target/x86_64-unknown-linux-gnu/production | |
suffix: ubuntu-x86_64-skylake-${{ github.ref_name }} | |
rustflags: "-C target-cpu=skylake" | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "ubuntu-20.04-x86-64"]' || 'ubuntu-20.04') }} | |
target: aarch64-unknown-linux-gnu | |
production_target: target/aarch64-unknown-linux-gnu/aarch64linux | |
suffix: ubuntu-aarch64-${{ github.ref_name }} | |
rustflags: "-C linker=aarch64-linux-gnu-gcc" | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "macos-12-arm64"]' || 'macos-12') }} | |
target: x86_64-apple-darwin | |
production_target: target/x86_64-apple-darwin/production | |
suffix: macos-x86_64-${{ github.ref_name }} | |
rustflags: "" | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "macos-12-arm64"]' || 'macos-12') }} | |
target: aarch64-apple-darwin | |
production_target: target/aarch64-apple-darwin/production | |
suffix: macos-aarch64-${{ github.ref_name }} | |
rustflags: "" | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "windows-server-2022-x86-64"]' || 'windows-2022') }} | |
target: x86_64-pc-windows-msvc | |
production_target: target/x86_64-pc-windows-msvc/production | |
suffix: windows-x86_64-v2-${{ github.ref_name }} | |
rustflags: "-C target-cpu=x86-64-v2" | |
- os: ${{ fromJson(github.repository_owner == 'subspace' && '["self-hosted", "windows-server-2022-x86-64"]' || 'windows-2022') }} | |
target: x86_64-pc-windows-msvc | |
production_target: target/x86_64-pc-windows-msvc/production | |
suffix: windows-x86_64-skylake-${{ github.ref_name }} | |
rustflags: "-C target-cpu=skylake" | |
runs-on: ${{ matrix.build.os }} | |
env: | |
RUSTFLAGS: ${{ matrix.build.rustflags }} | |
# TODO: use the commented out one when this issue is resolved: https://github.com/tokio-rs/console/issues/299 | |
# RUSTFLAGS: ${{ matrix.build.rustflags }} --cfg tokio_unstable | |
steps: | |
- name: Checkout | |
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v3.1.0 | |
# On macOS, we need a proper Clang version, not Apple's custom version without wasm32 support | |
- name: Install LLVM and Clang | |
uses: KyleMayes/install-llvm-action@8852e4d5c58653ed05135c0a5d949d9c2febcb00 # v1.6.1 | |
with: | |
version: "15.0" | |
if: runner.os == 'macOS' | |
- name: Install Protoc | |
uses: arduino/setup-protoc@9b1ee5b22b0a3f1feb8c2ff99b32c89b3c3191e9 # v2.0.0 | |
with: | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
# Workaround to resolve link error with C:\msys64\mingw64\bin\libclang.dll | |
- name: Remove msys64 | |
run: Remove-Item -LiteralPath "C:\msys64\" -Force -Recurse | |
if: runner.os == 'Windows' | |
continue-on-error: true | |
- name: Linux AArch64 cross-compile packages | |
run: sudo apt-get update && sudo apt-get install -y --no-install-recommends g++-aarch64-linux-gnu gcc-aarch64-linux-gnu libc6-dev-arm64-cross | |
if: matrix.build.target == 'aarch64-unknown-linux-gnu' | |
- name: Build the executable (other than aarch64 linux) | |
uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # @v1.0.1 | |
if: matrix.build.target != 'aarch64-unknown-linux-gnu' | |
with: | |
command: build | |
args: --locked -Z build-std --target ${{ matrix.build.target }} --profile production --bin pulsar | |
# TODO: get rid of this when we have bigger RAM for aarch64 linux | |
- name: Build the executable for aarch64 linux separately | |
uses: actions-rs/cargo@ae10961054e4aa8b4aa7dffede299aaf087aa33b # @v1.0.1 | |
if: matrix.build.target == 'aarch64-unknown-linux-gnu' | |
with: | |
command: build | |
args: --locked -Z build-std --target ${{ matrix.build.target }} --profile aarch64linux --bin pulsar | |
- name: Sign and Notarize Application (macOS) | |
run: | | |
echo "Importing certificate" | |
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 | |
security create-keychain -p "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" build.keychain | |
security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" build.keychain | |
echo "Signing farmer" | |
codesign --force --options=runtime --entitlements .github/workflows/Entitlements.plist -s "${{ secrets.MACOS_IDENTITY }}" --timestamp ${{ matrix.build.production_target }}/pulsar | |
echo "Creating an archive" | |
mkdir ${{ matrix.build.production_target }}/macos-binaries | |
cp ${{ matrix.build.production_target }}/pulsar ${{ matrix.build.production_target }}/macos-binaries | |
ditto -c -k --rsrc ${{ matrix.build.production_target }}/macos-binaries subspace-binaries.zip | |
echo "Notarizing" | |
brew update | |
brew install mitchellh/gon/gon | |
cat << EOF > gon.hcl | |
source = ["subspace-binaries.zip"] | |
bundle_id = "${{ secrets.MACOS_BUNDLE_ID }}" | |
sign { | |
application_identity = "${{ secrets.MACOS_IDENTITY }}" | |
} | |
apple_id { | |
username = "${{ secrets.MACOS_APPLE_ID }}" | |
password = "${{ secrets.MACOS_APP_PASSWORD }}" | |
} | |
EOF | |
gon -log-level=info -log-json gon.hcl | |
# Notarize the ZIP using notarytool | |
xcrun notarytool submit subspace-binaries.zip --apple-id "${{ secrets.MACOS_APPLE_ID }}" --password "${{ secrets.MACOS_APP_PASSWORD }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --wait | |
# // todo stapling for macOS artifacts | |
# Staple the zip package | |
# xcrun stapler staple subspace-binaries.zip | |
echo "Done!" | |
# Allow code signing to fail on non-release builds and in non-subspace repos (forks) | |
continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }} | |
if: runner.os == 'macOS' | |
- name: Sign Application (Windows) | |
run: | | |
AzureSignTool sign --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URI }}" --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" --azure-key-vault-certificate "${{ secrets.AZURE_CERT_NAME }}" --file-digest sha512 --timestamp-rfc3161 http://timestamp.digicert.com -v "${{ matrix.build.production_target }}/pulsar.exe" | |
continue-on-error: ${{ github.repository_owner != 'subspace' || github.event_name != 'push' || github.ref_type != 'tag' }} | |
if: runner.os == 'Windows' | |
- name: Prepare executables for uploading (Ubuntu) | |
run: | | |
mkdir executables | |
mv ${{ matrix.build.production_target }}/pulsar executables/pulsar-${{ matrix.build.suffix }} | |
if: runner.os == 'Linux' | |
- name: Prepare executables for uploading (macOS) | |
run: | | |
mkdir executables | |
mv ${{ matrix.build.production_target }}/pulsar executables/pulsar-${{ matrix.build.suffix }} | |
# Zip it so that signature is not lost | |
ditto -c -k --rsrc executables/pulsar-${{ matrix.build.suffix }} executables/pulsar-${{ matrix.build.suffix }}.zip | |
rm executables/pulsar-${{ matrix.build.suffix }} | |
if: runner.os == 'macOS' | |
- name: Prepare executables for uploading (Windows) | |
run: | | |
mkdir executables | |
move ${{ matrix.build.production_target }}/pulsar.exe executables/pulsar-${{ matrix.build.suffix }}.exe | |
if: runner.os == 'Windows' | |
- name: Upload executable to artifacts | |
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # @v3.1.1 | |
with: | |
name: executables-${{ matrix.build.suffix }} | |
path: | | |
executables/* | |
if-no-files-found: error | |
- name: Upload executable to assets | |
uses: alexellis/upload-assets@259de5111cb56966d046ced998941e93f91d2c93 # @0.4.0 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
asset_paths: '["executables/*"]' | |
if: github.event_name == 'push' && github.ref_type == 'tag' |