diff options
Diffstat (limited to '.github/workflows/build_releases.yml')
-rw-r--r-- | .github/workflows/build_releases.yml | 87 |
1 files changed, 61 insertions, 26 deletions
diff --git a/.github/workflows/build_releases.yml b/.github/workflows/build_releases.yml index ee5e2a81..ef030897 100644 --- a/.github/workflows/build_releases.yml +++ b/.github/workflows/build_releases.yml @@ -27,6 +27,11 @@ env: COMPLETION_DIR: "target/tmp/bottom/completion/" MANPAGE_DIR: "target/tmp/bottom/manpage/" +permissions: + id-token: write + contents: read + attestations: write + # TODO: Maybe add retry job in case of timeouts? jobs: build-binaries: @@ -39,7 +44,7 @@ jobs: matrix: info: # ======= Supported targets ======= - # Linux (x64, x86, aarch64) + # Linux (x86-64, x86, aarch64) - { os: "ubuntu-20.04", target: "x86_64-unknown-linux-gnu", @@ -48,13 +53,6 @@ jobs: } - { os: "ubuntu-20.04", - target: "x86_64-unknown-linux-gnu", - cross: false, - container: quay.io/pypa/manylinux2014_x86_64, - suffix: "2-17", - } - - { - os: "ubuntu-20.04", target: "i686-unknown-linux-gnu", cross: true, } @@ -79,10 +77,11 @@ jobs: cross: true, } - # macOS (x64), M1 is built via CirrusCI. + # macOS (x86-64 and aarch64) - { os: "macos-12", target: "x86_64-apple-darwin", cross: false } + - { os: "macos-14", target: "aarch64-apple-darwin", cross: false } - # Windows (x64, x86) + # Windows (x86-64, x86) - { os: "windows-2019", target: "x86_64-pc-windows-msvc", @@ -123,13 +122,20 @@ jobs: } steps: - name: Checkout repository + if: matrix.info.container == '' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 1 + - name: Checkout repository (non-GitHub container) + if: matrix.info.container != '' + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + fetch-depth: 1 + - name: Set up Rust toolchain if: matrix.info.container == '' - uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d + uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 with: toolchain: ${{ matrix.info.rust || 'stable' }} target: ${{ matrix.info.target }} @@ -176,6 +182,11 @@ jobs: tar -czvf bottom_${{ matrix.info.target }}${{ matrix.info.suffix }}.tar.gz btm completion echo "ASSET=bottom_${{ matrix.info.target }}${{ matrix.info.suffix }}.tar.gz" >> $GITHUB_ENV + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ env.ASSET }} + - name: Create release directory for artifact, move file shell: bash run: | @@ -204,15 +215,16 @@ jobs: cp ./desktop/bottom.desktop release/ - name: Save release as artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: retention-days: 3 - name: release + name: "release-${{ matrix.info.target }}${{ matrix.info.suffix }}" path: release build-msi: name: "Build MSI installer" runs-on: "windows-2019" + timeout-minutes: 30 steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -224,12 +236,12 @@ jobs: run: Install-WindowsFeature Net-Framework-Core - name: Install wixtoolset - uses: crazy-max/ghaction-chocolatey@5a5864861ce2c988001531e48993aa687c51f6c8 # 2.2.0 + uses: crazy-max/ghaction-chocolatey@0e015857dd851f84fcb7fb53380eb5c4c8202333 # v3.0.0 with: args: install -y wixtoolset - name: Set up Rust toolchain - uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d + uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 with: toolchain: stable target: x86_64-pc-windows-msvc @@ -243,6 +255,11 @@ jobs: cargo wix init cargo wix + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: "bottom_x86_64_installer.msi" + - name: Create release directory for artifact, move files shell: bash run: | @@ -250,15 +267,16 @@ jobs: mv bottom_x86_64_installer.msi release/ - name: Save release as artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: retention-days: 3 - name: release + name: "release-build-msi" path: release build-cirrus: name: "Build using Cirrus CI" runs-on: "ubuntu-latest" + timeout-minutes: 30 steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -281,16 +299,22 @@ jobs: fi python ./scripts/cirrus/build.py "$BRANCH" "release/" "${{ inputs.caller }}" + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: "release/**/*.tar.gz" + - name: Save release as artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: retention-days: 3 - name: release + name: release-build-cirrus path: release build-deb: name: "Build .deb software packages" runs-on: "ubuntu-20.04" + timeout-minutes: 30 strategy: fail-fast: false matrix: @@ -328,7 +352,7 @@ jobs: fetch-depth: 1 - name: Set up Rust toolchain - uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d + uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 with: toolchain: ${{ matrix.info.rust || 'stable' }} target: ${{ matrix.info.target }} @@ -360,7 +384,7 @@ jobs: env: BTM_GENERATE: true run: | - cargo install cargo-deb --version 1.41.3 --locked + cargo install cargo-deb --version 2.2.0 --locked cargo deb --no-build --target ${{ matrix.info.target }} cp ./target/${{ matrix.info.target }}/debian/bottom_*.deb . @@ -396,6 +420,11 @@ jobs: sudo chown $USER ./target/${{ matrix.info.target }}/debian/ 2>/dev/null || true rm -r ./target/${{ matrix.info.target }}/debian/ + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ steps.verify.outputs.DEB_FILE }} + - name: Create release directory for artifact, move file shell: bash run: | @@ -403,16 +432,17 @@ jobs: mv ${{ steps.verify.outputs.DEB_FILE }} release/ - name: Save release as artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: retention-days: 3 - name: release + name: release-build-deb-${{ matrix.info.target }} path: release build-rpm: name: "Build .rpm software packages" runs-on: ubuntu-latest container: ghcr.io/clementtsang/almalinux-8 + timeout-minutes: 30 strategy: fail-fast: false matrix: @@ -426,7 +456,7 @@ jobs: fetch-depth: 1 - name: Set up Rust toolchain - uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d + uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 with: toolchain: ${{ matrix.info.rust || 'stable' }} target: ${{ matrix.info.target }} @@ -480,6 +510,11 @@ jobs: sudo chown $USER ./target/${{ matrix.info.target }}/generate-rpm/ 2>/dev/null || true rm -r ./target/${{ matrix.info.target }}/generate-rpm/ + - name: Generate artifact attestation for file + uses: actions/attest-build-provenance@v1 + with: + subject-path: ${{ steps.verify.outputs.RPM_FILE }} + - name: Create release directory for artifact, move file shell: bash run: | @@ -487,8 +522,8 @@ jobs: mv ${{ steps.verify.outputs.RPM_FILE }} release/ - name: Save release as artifact - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 with: retention-days: 3 - name: release + name: release-build-rpm-${{ matrix.info.target }} path: release |