Handle Release #34

# to view logs

Workflow file for this run

.github/workflows/release.yml at 6a9db9f

	name: Handle Release
	on:
	workflow_dispatch:
	inputs:
	do_github_release:
	description: "Perform a GitHub release?"
	required: true
	type: boolean
	default: false
	do_crates_release:
	description: "Perform a crates.io release?"
	required: true
	type: boolean
	default: false

	push:
	tags:
	- "v*"

	env:
	CARGO_TERM_COLOR: always

	jobs:
	build-windows:
	runs-on: windows-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	- name: Build
	run: \|
	cargo build --release --bin aplang
	- name: Upload build artifact
	uses: actions/upload-artifact@v4
	with:
	name: windows-binary
	path: target/release/aplang.exe

	build-macos:
	runs-on: macos-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	- name: Add Targets
	run: \|
	rustup target add aarch64-apple-darwin
	rustup target add x86_64-apple-darwin
	- name: Build x86_64
	run: \|
	cargo build --release --bin aplang --target x86_64-apple-darwin
	- name: Build aarch64
	run: \|
	cargo build --release --bin aplang --target aarch64-apple-darwin
	- name: Create Fat Binary
	run: \|
	mkdir -p out
	lipo -create -output out/aplang target/x86_64-apple-darwin/release/aplang target/aarch64-apple-darwin/release/aplang
	- name: Upload build artifact
	uses: actions/upload-artifact@v4
	with:
	name: macos-binary
	path: out/aplang

	# --- JOB: create-pkg ---
	create-pkg:
	name: Create MacOS `.pkg`
	runs-on: macos-latest
	needs: build-macos
	steps:
	- name: Install Apple Certificates to Keychain
	env:
	APPLICATION_CERT_BASE64: ${{ secrets.APPLE_APPLICATION_CERT }}
	INSTALLER_CERT_BASE64: ${{ secrets.APPLE_INSTALLER_CERT }}
	CERT_PASSWORD: ${{ secrets.CERT_PASSWORD }}
	TEMP_KEYCHAIN_PASSWORD: temp_password
	run: \|
	echo "$APPLICATION_CERT_BASE64" \| base64 --decode > application_cert.p12
	echo "$INSTALLER_CERT_BASE64" \| base64 --decode > installer_cert.p12

	# Create a temporary keychain with a temporary password
	security create-keychain -p "$TEMP_KEYCHAIN_PASSWORD" temp.keychain
	security unlock-keychain -p "$TEMP_KEYCHAIN_PASSWORD" temp.keychain

	# Set temp.keychain as default keychain
	security default-keychain -s temp.keychain

	# Import certificates into the temporary keychain
	security import application_cert.p12 -k temp.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign
	security import installer_cert.p12 -k temp.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign

	# Set the key partition list with explicit unlocking
	security set-key-partition-list -S apple-tool:,apple: -s -k "$TEMP_KEYCHAIN_PASSWORD" temp.keychain

	- name: List Certs
	run: \|
	security find-identity -v temp.keychain

	- name: Download macOS binary
	uses: actions/download-artifact@v4
	with:
	name: macos-binary
	path: package-root/

	- name: Setup Build
	run: \|
	mkdir -p package-root/
	chmod +x package-root/aplang
	TAG_VERSION="${GITHUB_REF_NAME#v}"
	TAG_VERSION="${TAG_VERSION:-0.0.0}"
	echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV

	- name: Sign Application Binary
	run: \|
	codesign --keychain temp.keychain --sign "Developer ID Application: Patrick Unick (423YZUTX3G)" --options runtime --deep --force package-root/aplang

	- name: Create `.pkg` Installer
	run: \|
	pkgbuild --root package-root --keychain temp.keychain --sign "Developer ID Installer: Patrick Unick (423YZUTX3G)" --identifier snowfoxsh.aplang --version "$TAG_VERSION" --install-location /usr/local/bin aplang.pkg

	- name: Notarize the package
	env:
	APPLE_ID_EMAIL: ${{ secrets.APPLE_ID_EMAIL }}
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}

	run: \|
	# Submit notary
	xcrun notarytool submit aplang.pkg --apple-id "$APPLE_ID_EMAIL" --team-id "423YZUTX3G" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait
	# Staple the notary
	xcrun stapler staple aplang.pkg

	- name: Upload `.pkg` Artifact
	uses: actions/upload-artifact@v4
	with:
	name: macos-pkg
	path: aplang.pkg

	release:
	name: Create GitHub Release
	if: ${{ github.event_name == 'push' \|\| (github.event_name == 'workflow_dispatch' && github.event.inputs.do_github_release == 'true') }}

	runs-on: ubuntu-latest
	needs: [build-windows, build-macos, create-pkg]
	steps:
	- name: Download Windows binary
	uses: actions/download-artifact@v4
	with:
	name: windows-binary
	path: artifacts/windows/

	- name: Download macOS binary
	uses: actions/download-artifact@v4
	with:
	name: macos-binary
	path: artifacts/macos/

	- name: List Downloaded Files
	run: ls -R artifacts
	- name: Download macOS binary
	uses: actions/download-artifact@v4
	with:
	name: macos-pkg
	path: artifacts/macos

	- name: Create GitHub Release
	uses: softprops/action-gh-release@v2
	with:
	prerelease: true
	generate_release_notes: true
	draft: ${{ github.event_name != 'push' }}
	files: \|
	artifacts/windows/aplang.exe
	artifacts/macos/aplang
	artifacts/macos/aplang.pkg


	cargo-publish:
	name: Publish to Crates.io
	runs-on: ubuntu-latest
	if: ${{ startsWith(github.ref, 'refs/tags/v') \|\| (github.event_name == 'workflow_dispatch' && github.event.inputs.do_crates_release == 'true') }}

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Read version from Cargo.toml
	id: cargo_toml_version
	uses: SebRollen/toml-action@v1.2.0
	with:
	file: Cargo.toml
	field: package.version

	- name: Ensure Cargo.toml version matches tag
	if: startsWith(github.ref, 'refs/tags/v')
	run: \|
	TAG_VERSION="${GITHUB_REF_NAME#v}"
	CARGO_VERSION="${{ steps.cargo_toml_version.outputs.value }}"
	if [ "$TAG_VERSION" != "$CARGO_VERSION" ]; then
	echo "Error: Tag version ($TAG_VERSION) does not match Cargo.toml version ($CARGO_VERSION)"
	exit 1
	fi

	- name: Publish to crates.io
	env:
	CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
	# allow dirty is to make sure the Cargo.lock is always submited
	run: cargo publish --allow-dirty

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle Release #34

Workflow file

Handle Release #34

Jobs

Run details

Workflow file for this run