d97afb63ec
Keep-a-Changelog format. 12 sections: [Unreleased] + 11 real
releases v0.8.0..v0.15.0, every bullet with real git SHA pulled
via git log --no-merges. 150 LOC.
.github/workflows/release.yml — 3 jobs, triggered on tag push:
build-release: 4-platform matrix
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu (continue-on-error)
- x86_64-apple-darwin
- aarch64-apple-darwin
Builds entire _primitives/_rust workspace, emits tar.gz +
sha256 per target via portable executable-discovery loop.
release: downloads artifacts, runs local
kei-changelog --from <prev-tag> --to <tag>, publishes via
softprops/action-gh-release@v2.
npm-publish: graceful skip when NPM_TOKEN secret absent
(steps.have_token.outputs.present gate + || warning wrap
so one failing package doesn't kill the job).
Companion install support: install/lib-rust.sh gains
have_prebuilt_binaries() + KEI_SKIP_RUST_BUILD=1 guard (shipped
as part of install-split bundle). Users can download tarball
instead of compiling Rust from source.
release.yml validated via yaml.safe_load: 3 jobs parse cleanly,
matrix expands 4-wide, jobs = [build-release, release, npm-publish].
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
220 lines
6.8 KiB
YAML
220 lines
6.8 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
build-release:
|
|
name: Build ${{ matrix.target }}
|
|
runs-on: ${{ matrix.os }}
|
|
continue-on-error: ${{ matrix.experimental }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- os: ubuntu-latest
|
|
target: x86_64-unknown-linux-gnu
|
|
experimental: false
|
|
- os: ubuntu-latest
|
|
target: aarch64-unknown-linux-gnu
|
|
experimental: true
|
|
- os: macos-latest
|
|
target: x86_64-apple-darwin
|
|
experimental: false
|
|
- os: macos-latest
|
|
target: aarch64-apple-darwin
|
|
experimental: false
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
targets: ${{ matrix.target }}
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: _primitives/_rust
|
|
|
|
- name: Install aarch64 cross-linker (Linux only)
|
|
if: matrix.target == 'aarch64-unknown-linux-gnu'
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y gcc-aarch64-linux-gnu
|
|
mkdir -p .cargo
|
|
printf '[target.aarch64-unknown-linux-gnu]\nlinker = "aarch64-linux-gnu-gcc"\n' \
|
|
> _primitives/_rust/.cargo/config.toml
|
|
|
|
- name: Build workspace (release)
|
|
working-directory: _primitives/_rust
|
|
run: cargo build --workspace --release --target ${{ matrix.target }}
|
|
|
|
- name: Package binaries
|
|
id: package
|
|
working-directory: _primitives/_rust/target/${{ matrix.target }}/release
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
# Collect every Cargo-built executable (Linux + macOS: no ext, mode +x).
|
|
# Portable across GNU + BSD find: iterate, test executability in shell.
|
|
BINS=()
|
|
for f in *; do
|
|
[ -f "$f" ] || continue
|
|
case "$f" in
|
|
*.d|*.rlib|*.rmeta|*.so|*.dylib|*.dSYM) continue ;;
|
|
esac
|
|
if [ -x "$f" ]; then
|
|
BINS+=("$f")
|
|
fi
|
|
done
|
|
if [ "${#BINS[@]}" -eq 0 ]; then
|
|
echo "::error::no release binaries produced for ${{ matrix.target }}"
|
|
exit 1
|
|
fi
|
|
echo "Binaries found: ${BINS[*]}"
|
|
ARCHIVE="keisei-${{ matrix.target }}.tar.gz"
|
|
tar czf "$GITHUB_WORKSPACE/$ARCHIVE" "${BINS[@]}"
|
|
cd "$GITHUB_WORKSPACE"
|
|
if command -v sha256sum >/dev/null 2>&1; then
|
|
sha256sum "$ARCHIVE" > "$ARCHIVE.sha256"
|
|
else
|
|
shasum -a 256 "$ARCHIVE" > "$ARCHIVE.sha256"
|
|
fi
|
|
echo "archive=$ARCHIVE" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: binaries-${{ matrix.target }}
|
|
path: |
|
|
keisei-${{ matrix.target }}.tar.gz
|
|
keisei-${{ matrix.target }}.tar.gz.sha256
|
|
if-no-files-found: error
|
|
|
|
release:
|
|
name: Publish GitHub Release
|
|
needs: build-release
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install Rust toolchain
|
|
uses: dtolnay/rust-toolchain@stable
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: _primitives/_rust
|
|
|
|
- name: Build kei-changelog
|
|
working-directory: _primitives/_rust
|
|
run: cargo build --release -p kei-changelog
|
|
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
path: dist/
|
|
|
|
- name: Flatten artifacts
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p release-assets
|
|
find dist -type f \( -name '*.tar.gz' -o -name '*.sha256' \) \
|
|
-exec mv {} release-assets/ \;
|
|
ls -la release-assets
|
|
|
|
- name: Generate release notes (kei-changelog)
|
|
id: notes
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${GITHUB_REF_NAME}"
|
|
PREV="$(git tag --sort=-creatordate | grep -v "^${TAG}$" | head -n1 || true)"
|
|
echo "Current tag: ${TAG}"
|
|
echo "Previous tag: ${PREV:-<none>}"
|
|
if [ -n "${PREV}" ]; then
|
|
NOTES="$(./_primitives/_rust/target/release/kei-changelog \
|
|
--from "${PREV}" --to "${TAG}" --version "${TAG}")"
|
|
else
|
|
NOTES="$(./_primitives/_rust/target/release/kei-changelog \
|
|
--to "${TAG}" --version "${TAG}")"
|
|
fi
|
|
if [ -z "${NOTES}" ]; then
|
|
NOTES="Release ${TAG}. No conventional-commit entries found in range."
|
|
fi
|
|
{
|
|
echo 'notes<<KEISEI_NOTES_EOF'
|
|
echo "${NOTES}"
|
|
echo 'KEISEI_NOTES_EOF'
|
|
} >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Publish GitHub Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
name: ${{ github.ref_name }}
|
|
tag_name: ${{ github.ref_name }}
|
|
body: ${{ steps.notes.outputs.notes }}
|
|
files: |
|
|
release-assets/*.tar.gz
|
|
release-assets/*.sha256
|
|
fail_on_unmatched_files: false
|
|
|
|
npm-publish:
|
|
name: Publish npm packages (optional)
|
|
needs: release
|
|
runs-on: ubuntu-latest
|
|
# Graceful skip: if NPM_TOKEN secret is not configured, the first step
|
|
# reports "skipped" and exits 0 — Rust-binary release above still succeeds.
|
|
steps:
|
|
- name: Check NPM_TOKEN presence
|
|
id: have_token
|
|
env:
|
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: |
|
|
if [ -n "${NPM_TOKEN:-}" ]; then
|
|
echo "present=1" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "present=0" >> "$GITHUB_OUTPUT"
|
|
echo "::notice::NPM_TOKEN not set — skipping npm publish gracefully"
|
|
fi
|
|
|
|
- uses: actions/checkout@v4
|
|
if: steps.have_token.outputs.present == '1'
|
|
|
|
- uses: actions/setup-node@v4
|
|
if: steps.have_token.outputs.present == '1'
|
|
with:
|
|
node-version: '20'
|
|
registry-url: 'https://registry.npmjs.org'
|
|
|
|
- name: Install deps
|
|
if: steps.have_token.outputs.present == '1'
|
|
working-directory: _ts_packages
|
|
run: npm ci
|
|
|
|
- name: Build workspaces
|
|
if: steps.have_token.outputs.present == '1'
|
|
working-directory: _ts_packages
|
|
run: npm run build --workspaces --if-present
|
|
|
|
- name: Publish each package
|
|
if: steps.have_token.outputs.present == '1'
|
|
working-directory: _ts_packages
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: |
|
|
set -euo pipefail
|
|
for pkg in packages/*/; do
|
|
if [ -f "$pkg/package.json" ]; then
|
|
echo "::group::publish $pkg"
|
|
( cd "$pkg" && npm publish --access public ) \
|
|
|| echo "::warning::publish failed for $pkg (continuing)"
|
|
echo "::endgroup::"
|
|
fi
|
|
done
|