blob: a2f87ba4492757399c8981f38d497ed75a2ccd44 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
|
name: Deploy
on:
push:
tags:
- "v*"
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
jobs:
# Build sources for every OS
github_build:
name: Build release binaries
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
name: starship-x86_64-unknown-linux-gnu.tar.gz
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
name: starship-x86_64-unknown-linux-musl.tar.gz
- target: i686-unknown-linux-musl
os: ubuntu-latest
name: starship-i686-unknown-linux-musl.tar.gz
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
name: starship-aarch64-unknown-linux-musl.tar.gz
- target: arm-unknown-linux-musleabihf
os: ubuntu-latest
name: starship-arm-unknown-linux-musleabihf.tar.gz
- target: x86_64-apple-darwin
os: macOS-11
name: starship-x86_64-apple-darwin.tar.gz
- target: aarch64-apple-darwin
os: macOS-11
name: starship-aarch64-apple-darwin.tar.gz
- target: x86_64-pc-windows-msvc
os: windows-latest
name: starship-x86_64-pc-windows-msvc.zip
- target: i686-pc-windows-msvc
os: windows-latest
name: starship-i686-pc-windows-msvc.zip
- target: aarch64-pc-windows-msvc
os: windows-latest
name: starship-aarch64-pc-windows-msvc.zip
- target: x86_64-unknown-freebsd
os: ubuntu-latest
name: starship-x86_64-unknown-freebsd.tar.gz
runs-on: ${{ matrix.os }}
continue-on-error: true
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- name: Setup | Rust
uses: actions-rs/toolchain@v1.0.7
with:
toolchain: stable
override: true
profile: minimal
target: ${{ matrix.target }}
- name: Build | Build
uses: actions-rs/cargo@v1.0.3
with:
command: build
args: --release --locked --target ${{ matrix.target }}
use-cross: ${{ matrix.os == 'ubuntu-latest' }}
- name: Post Build | Prepare artifacts [Windows]
if: matrix.os == 'windows-latest'
run: |
cd target/${{ matrix.target }}/release
strip starship.exe
7z a ../../../${{ matrix.name }} starship.exe
cd -
- name: Post Build | Prepare artifacts [-nix]
if: matrix.os != 'windows-latest'
run: |
cd target/${{ matrix.target }}/release
# TODO: investigate better cross platform stripping
strip starship || true
tar czvf ../../../${{ matrix.name }} starship
cd -
- name: Deploy | Upload artifacts
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
# Notarize starship binaries for MacOS and build notarized pkg installers
notarize_and_pkgbuild:
runs-on: macos-latest
needs: github_build
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-apple-darwin
arch: x86_64
name: starship-x86_64-apple-darwin.tar.gz
pkgname: starship-x86_64-apple-darwin.pkg
- target: aarch64-apple-darwin
arch: aarch64
name: starship-aarch64-apple-darwin.tar.gz
pkgname: starship-aarch64-apple-darwin.pkg
env:
KEYCHAIN_FILENAME: app-signing.keychain-db
KEYCHAIN_ENTRY: AC_PASSWORD
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Notarize | Set up secrets
env:
APP_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_APPSIGNKEY_BASE64 }}
INSTALL_CERTIFICATE_BASE64: ${{ secrets.APPLEDEV_INSTALLERSIGNKEY_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLEDEV_SIGNKEY_PASS }}
APPLEID_USERNAME: ${{ secrets.APPLEDEV_ID_NAME }}
APPLEID_TEAMID: ${{ secrets.APPLEDEV_TEAM_ID }}
APPLEID_PASSWORD: ${{ secrets.APPLEDEV_PASSWORD }}
run: |
APP_CERTIFICATE_PATH="$RUNNER_TEMP/app_certificate.p12"
INSTALL_CERTIFICATE_PATH="$RUNNER_TEMP/install_certificate.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
# import certificates from secrets
echo -n "$APP_CERTIFICATE_BASE64" | base64 --decode --output $APP_CERTIFICATE_PATH
echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode --output $INSTALL_CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# import certificates to keychain
security import $APP_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Add Apple Developer ID credentials to keychain
xcrun notarytool store-credentials "$KEYCHAIN_ENTRY" --team-id "$APPLEID_TEAMID" --apple-id "$APPLEID_USERNAME" --password "$APPLEID_PASSWORD" --keychain "$KEYCHAIN_PATH"
- name: Notarize | Build docs
run: |
cd docs
npm install
npm run build
- name: Notarize | Download artifacts
uses: actions/download-artifact@v2
with:
name: ${{ matrix.name }}
path: artifacts
- name: Notarize | Unpack Binaries
run: tar xf artifacts/${{ matrix.name }}
- name: Notarize | Build, Sign, and Notarize Pkg
run: bash install/macos_packages/build_and_notarize.sh starship docs ${{ matrix.arch }} ${{ matrix.pkgname }}
- name: Notarize | Upload Notarized Flat Installer
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.pkgname }}
path: ${{ matrix.pkgname }}
- name: Notarize | Package Notarized Binary
run: tar czvf ${{ matrix.name }} starship
- name: Notarize | Upload Notarized Binary
uses: actions/upload-artifact@v2
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
- name: Cleanup Secrets
if: ${{ always() }}
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/$KEYCHAIN_FILENAME"
security delete-keychain $KEYCHAIN_PATH
# Create GitHub release with Rust build targets and release notes
github_release:
name: Create GitHub Release
needs: [github_build, notarize_and_pkgbuild]
runs-on: ubuntu-latest
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup | Go
uses: actions/setup-go@v2
with:
go-version: "1.16"
- name: Setup | Artifacts
uses: actions/download-artifact@v2
- name: Setup | Checksums
run: for file in starship-*/starship-*; do openssl dgst -sha256 -r "$file" | awk '{print $1}' > "${file}.sha256"; done
- name: Setup | Release notes
run: |
go install github.com/git-chglog/git-chglog/cmd/git-chglog@v0.15.0
git-chglog -c .github/chglog/release.yml $(git describe --tags) > RELEASE.md
- name: Build | Publish
uses: softprops/action-gh-release@v1
with:
files: starship-*/starship-*
body_path: RELEASE.md
# Publish starship to Crates.io
cargo_publish:
name: Publish Cargo Package
runs-on: ubuntu-latest
needs: github_release
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- name: Setup | Rust
uses: actions-rs/toolchain@v1.0.7
with:
toolchain: stable
profile: minimal
override: true
- name: Build | Publish
run: cargo publish --token ${{ secrets.CRATES_IO_TOKEN }}
update_brew_formula:
name: Update Brew Formula
runs-on: ubuntu-latest
needs: github_release
steps:
- uses: mislav/bump-homebrew-formula-action@v1.16
with:
formula-name: starship
env:
COMMITTER_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
publish_docs:
name: Publish docs to Netlify
runs-on: ubuntu-latest
needs: github_release
steps:
- name: Setup | Checkout
uses: actions/checkout@v3
- name: Setup | Install dependencies
run: npm install
working-directory: docs
- name: Build | Build docs site
run: npm run build
working-directory: docs
- name: Publish
uses: netlify/actions/cli@master
with:
args: deploy --prod --dir=docs/.vuepress/dist
env:
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
|
