forked from trustification/trustify
-
Notifications
You must be signed in to change notification settings - Fork 0
211 lines (173 loc) · 6.58 KB
/
build-binary.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
name: Build binaries
on:
workflow_call:
inputs:
version:
required: true
type: string
jobs:
build:
name: Build
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
edition: [ "", "-pm" ]
target:
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu
- x86_64-unknown-linux-musl
- aarch64-unknown-linux-musl
- x86_64-apple-darwin
- aarch64-apple-darwin
- x86_64-pc-windows-msvc
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-22.04
install: |
sudo apt install -y libssl-dev
- target: aarch64-unknown-linux-gnu
os: ubuntu-22.04
cross: "true"
# Cross' Ubuntu container is based on 20.04. Its OpenSSL version is too old for us.
args: --features vendored
- target: x86_64-unknown-linux-musl
os: ubuntu-22.04
args: --features vendored
install: |
sudo apt install -y musl-tools
- target: aarch64-unknown-linux-musl
os: ubuntu-22.04
cross: "true"
args: --features vendored
- target: x86_64-apple-darwin
os: macos-13
- target: aarch64-apple-darwin
os: macos-14
- target: x86_64-pc-windows-msvc
os: windows-2022
ext: ".exe"
archive: zip
install: |
git config --system core.longpaths true
echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
vcpkg install openssl:x64-windows-static-md
env:
# name of the binary output by the build
output_binary_name: "trustd"
# name of the binary available for download
download_binary_name: "trustd${{ matrix.edition }}"
dirname: "trustd${{ matrix.edition }}-${{ inputs.version }}-${{ matrix.target }}"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup | Cache
uses: Swatinem/rust-cache@v2
with:
shared-key: ${{ matrix.target }}-${{ matrix.edition }}
- name: Export GitHub Actions cache environment variables for vcpkg
uses: actions/github-script@v7
if: runner.os == 'Windows'
with:
script: |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
core.exportVariable('VCPKG_BINARY_SOURCES', 'clear;x-gha,readwrite');
- name: Install dependencies
if: matrix.install != ''
run: ${{ matrix.install }}
- name: Disable rustup self-update
# workaround for: https://github.com/rust-lang/rustup/issues/3709
run: |
rustup set auto-self-update disable
- name: Setup Rust target
run: |
rustup target add ${{ matrix.target }}
- name: Setup cargo-binstall (Linux)
if: runner.os != 'Windows'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
- name: Setup cargo-binstall (Windows)
if: runner.os == 'Windows'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
Set-ExecutionPolicy Unrestricted -Scope Process; iex (iwr "https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.ps1").Content
- name: Setup Cross
if: matrix.cross == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cargo binstall cross -y --force
- run: mkdir -p upload
- name: Build | Build
shell: bash
env:
POSTGRESQL_VERSION: 16
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for retrieving postgres
run: |
set -x
if [[ "${{ matrix.xcode }}" == "true" ]]; then
export SDKROOT=$(xcrun -sdk macosx --show-sdk-path)
export MACOSX_DEPLOYMENT_TARGET=$(xcrun -sdk macosx --show-sdk-platform-version)
fi
CMD="cargo"
if [[ -n "${{ matrix.cross }}" ]]; then
CMD="cross"
fi
# build options
OPTS="--no-default-features --release"
if [[ "${{ matrix.edition }}" == "-pm" ]]; then
OPTS="$OPTS --features pm"
fi
OPTS="$OPTS ${{ matrix.args }}"
if [[ -n "${{ matrix.target }}" ]]; then
OPTS="$OPTS --target=${{ matrix.target }}"
fi
${CMD} build ${OPTS}
- name: Install cargo-cyclonedx
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cargo binstall -y cargo-cyclonedx --force
- name: Create SBOM
shell: bash
run: |
cargo cyclonedx -v --spec-version 1.5 --format json --describe binaries --target "${{ matrix.target }}"
mv trustd/trustd_bin.cdx.json "upload/${{ env.dirname }}.cdx.json"
- name: Move binary
shell: bash
run: |
mkdir -p "pack/$dirname"
# if we have an alternate target, there is a sub-directory
if [[ -f "target/release/${output_binary_name}${{ matrix.ext }}" ]]; then
SRC="target/release/${output_binary_name}${{ matrix.ext }}"
elif [[ -f "target/${{ matrix.target }}/release/${output_binary_name}${{ matrix.ext }}" ]]; then
SRC="target/${{ matrix.target }}/release/${output_binary_name}${{ matrix.ext }}"
else
echo "Unable to find output"
find target
false # stop build
fi
# stage for upload
mv -v "${SRC}" "pack/${dirname}/${download_binary_name}${{ matrix.ext }}"
cp LICENSE "pack/${dirname}/"
- name: Archive (zip)
if: matrix.archive == 'zip'
working-directory: pack
run: |
7z a ../upload/${{ env.dirname }}.zip .
- name: Archive (tar.gz)
if: matrix.archive != 'zip'
working-directory: pack
run: |
tar czvf ../upload/${{ env.dirname }}.tar.gz .
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: trustd${{ matrix.edition }}-${{ matrix.target }}
path: upload/*
if-no-files-found: error