feat: introduce a secret key for encryption type into context identity #2152
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Upload Meroctl for MacOS | |
on: | |
push: | |
branches: | |
- "**" | |
paths: | |
- Cargo.toml | |
- Cargo.lock | |
- "crates/**" | |
pull_request: | |
types: [closed] | |
jobs: | |
build: | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
target: [x86_64-apple-darwin, aarch64-apple-darwin] | |
outputs: | |
artifact_path: ${{ steps.compress.outputs.artifact_path }} | |
target: ${{ matrix.target }} | |
version: ${{ steps.extract_version.outputs.version }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# Install Node.js (version 20) and pnpm | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '20' | |
- name: Install pnpm | |
run: npm install -g pnpm | |
# Install and build node-ui | |
- name: Install node-ui dependencies with pnpm | |
run: pnpm install --prefix ./node-ui | |
- name: Build node-ui | |
run: pnpm --filter ./node-ui run build | |
- name: Install rustup and Rust toolchain | |
run: | | |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
source $HOME/.cargo/env | |
rustup toolchain install stable | |
rustup default stable | |
- name: Setup rust toolchain | |
run: rustup toolchain install stable --profile minimal | |
- name: Setup rust cache | |
uses: Swatinem/rust-cache@v2 | |
with: | |
key: ${{ runner.os }}-meroctl-${{ matrix.target }} | |
- name: Install target for ${{ matrix.target }} | |
run: rustup target add ${{ matrix.target }} | |
- name: Build meroctl binary | |
run: cargo build -p meroctl --release --target ${{ matrix.target }} | |
- name: Extract version | |
id: extract_version | |
run: | | |
VERSION=$(cargo metadata --format-version 1 --no-deps | jq -r '.packages[] | select(.name == "meroctl") | .version') | |
echo "version=$VERSION" >> $GITHUB_OUTPUT | |
- name: Compress artifact using gzip | |
id: compress | |
run: | | |
mkdir -p release | |
cp target/${{ matrix.target }}/release/meroctl release/ | |
tar -czf meroctl_${{ matrix.target }}.tar.gz -C release meroctl | |
echo "artifact_path=meroctl_${{ matrix.target }}.tar.gz" >> $GITHUB_OUTPUT | |
echo "target=${{ matrix.target }}" >> $GITHUB_OUTPUT | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: meroctl_${{ matrix.target }}.tar.gz | |
path: meroctl_${{ matrix.target }}.tar.gz | |
retention-days: 2 | |
upload_branch_artifact: | |
runs-on: ubuntu-latest | |
needs: build | |
strategy: | |
matrix: | |
target: [x86_64-apple-darwin, aarch64-apple-darwin] | |
if: ${{ github.ref != 'refs/heads/master' }} | |
steps: | |
- name: Download Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: meroctl_${{ matrix.target }}.tar.gz | |
- name: Sanitize ref name | |
id: sanitize | |
run: | | |
sanitized_ref_name=$(echo "${GITHUB_REF_NAME}" | sed 's/[^a-zA-Z0-9_-]/-/g; s/^-*//; s/-*$//') | |
echo "sanitized_ref_name=${sanitized_ref_name}" >> $GITHUB_OUTPUT | |
create_release: | |
runs-on: ubuntu-latest | |
needs: build | |
strategy: | |
matrix: | |
target: [x86_64-apple-darwin, aarch64-apple-darwin] | |
if: ${{ github.ref == 'refs/heads/master' || (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master') }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Check if release exists | |
id: check_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
VERSION=${{ needs.build.outputs.version }} | |
if gh release view "v$VERSION" >/dev/null 2>&1; then | |
echo "release_exists=true" >> $GITHUB_ENV | |
else | |
echo "release_exists=false" >> $GITHUB_ENV | |
fi | |
- name: Create release if it does not exist | |
if: env.release_exists == 'false' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
VERSION=${{ needs.build.outputs.version }} | |
gh release create "v$VERSION" --title "Release v$VERSION" --notes "Release for version $VERSION" | |
upload_release_artifact: | |
runs-on: ubuntu-latest | |
needs: [build, create_release] | |
strategy: | |
matrix: | |
target: [x86_64-apple-darwin, aarch64-apple-darwin] | |
if: ${{ github.ref == 'refs/heads/master' || (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master') }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: meroctl_${{ matrix.target }}.tar.gz | |
- name: Check if artifact exists in release | |
id: check_artifact | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
VERSION=${{ needs.build.outputs.version }} | |
TARGET=${{ matrix.target }} | |
ARTIFACT_NAME="meroctl_${TARGET}.tar.gz" | |
ASSET_ID=$(gh api \ | |
-H "Authorization: token $GITHUB_TOKEN" \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
/repos/${{ github.repository }}/releases/tags/v$VERSION \ | |
| jq -r ".assets[] | select(.name == \"$ARTIFACT_NAME\") | .id") | |
echo "ASSET_ID=$ASSET_ID" | |
if [[ -n "$ASSET_ID" ]]; then | |
echo "exists=true" >> $GITHUB_OUTPUT | |
else | |
echo "exists=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Upload artifact to release | |
if: steps.check_artifact.outputs.exists == 'false' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
VERSION=${{ needs.build.outputs.version }} | |
TARGET=${{ matrix.target }} | |
gh release upload "v$VERSION" meroctl_${TARGET}.tar.gz |