chore(release): bump version to 0.1.12 #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| build: | |
| name: Build ${{ matrix.target }} | |
| # Binary matrix runs only on tag push — manual dispatch is for | |
| # docker-publish smoke tests and shouldn't create GitHub releases. | |
| if: github.event_name == 'push' | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| ext: tar.gz | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| ext: zip | |
| - target: x86_64-apple-darwin | |
| os: macos-latest | |
| platform: macos | |
| arch: x86_64 | |
| ext: tar.gz | |
| - target: aarch64-apple-darwin | |
| os: macos-latest | |
| platform: macos | |
| arch: aarch64 | |
| ext: tar.gz | |
| # Native aarch64 Linux runner avoids the `cross` tool entirely. | |
| # Previous attempts with `cross` failed on the rusqlite bundled | |
| # SQLite compile because the default docker image lacked the | |
| # necessary aarch64 C toolchain pieces. GitHub's `ubuntu-24.04-arm` | |
| # runner (free for public repos) builds natively — faster, simpler, | |
| # and rusqlite/aes-gcm/sha2/etc. compile against the system gcc | |
| # without any cross-toolchain configuration. | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| ext: tar.gz | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Build release binary | |
| run: cargo build --release --target ${{ matrix.target }} | |
| shell: bash | |
| - name: Package (Unix) | |
| if: matrix.platform != 'windows' | |
| run: | | |
| cd target/${{ matrix.target }}/release | |
| tar czf ../../../opensentry-cloudnode-${{ matrix.platform }}-${{ matrix.arch }}.tar.gz opensentry-cloudnode | |
| cd ../../.. | |
| - name: Package (Windows) | |
| if: matrix.platform == 'windows' | |
| shell: pwsh | |
| run: | | |
| cd target/${{ matrix.target }}/release | |
| Compress-Archive -Path opensentry-cloudnode.exe -DestinationPath ../../../opensentry-cloudnode-${{ matrix.platform }}-${{ matrix.arch }}.zip | |
| cd ../../.. | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: opensentry-cloudnode-${{ matrix.platform }}-${{ matrix.arch }} | |
| path: opensentry-cloudnode-${{ matrix.platform }}-${{ matrix.arch }}.${{ matrix.ext }} | |
| release: | |
| name: Create Release | |
| # Same gating as the matrix — manual dispatch skips GitHub release creation. | |
| if: github.event_name == 'push' | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| generate_release_notes: true | |
| files: artifacts/**/* | |
| docker-publish: | |
| name: Publish Docker image (multi-arch → GHCR) | |
| # Runs on both tag push and manual dispatch. Independent of the binary | |
| # matrix — rebuilds from source inside Docker, so no dependency on | |
| # `build` and can run in parallel. | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # QEMU is only used for cross-arch emulation (arm64 on x86 runner). | |
| # Rust compilation for arm64 under QEMU adds ~10 min vs native; still | |
| # well under GitHub's 6-hour job limit and acceptable for release cadence. | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # metadata-action auto-lowercases the image name, so | |
| # `SourceBox-LLC/OpenSentry-CloudNode` → `sourcebox-llc/opensentry-cloudnode`. | |
| # `latest=auto` tags :latest only on stable semver tag pushes. | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,prefix=sha- | |
| flavor: | | |
| latest=auto | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| pull: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # GHA cache disabled for this release to flush stale layers | |
| # from the rust:1.75-alpine era. Re-enable after a clean | |
| # build populates fresh cache: | |
| # cache-from: type=gha | |
| # cache-to: type=gha,mode=max | |
| no-cache: true |