Skip to content

Publish crate tauri-cli 2.2.2 from #2092 #77

Publish crate tauri-cli 2.2.2 from #2092

Publish crate tauri-cli 2.2.2 from #2092 #77

name: tauri-cli stable build
on:
push:
branches: [ trigger/stable ]
workflow_dispatch:
permissions: { }
env:
INDEX: https://github.com/cargo-prebuilt/index/releases/download/stable-index/
CRATE: tauri-cli
VERSION: 2.2.2
DL: https://static.crates.io/crates/tauri-cli/tauri-cli-2.2.2.crate
CHECKSUM: e26f9b57908989df04bff2f7e79e44790987c13c7cb35ee1dab35bb58feaddef
GIT: https://github.com/tauri-apps/tauri
BINS: cargo-tauri
FILE: ./crates/tauri-cli.toml
CARGO_TERM_COLOR: always
python-version: "3.13"
jobs:
setup:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Cache
uses: actions/cache@v4
id: cache
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
- name: Create Folder
if: ${{ !steps.cache.outputs.cache-hit }}
run: mkdir -p ./build
- name: Download crate and check hash
if: ${{ !steps.cache.outputs.cache-hit }}
run: |
wget "${DL}"
echo "${CHECKSUM} ${CRATE}-${VERSION}.crate" | sha256sum -c
tar -xf "${CRATE}-${VERSION}.crate"
mv "${CRATE}-${VERSION}"/* ./build
- name: Update Rust
if: ${{ !steps.cache.outputs.cache-hit }}
run: |
rustup update
rustc --version
- name: Generated lockfile if needed
if: ${{ !steps.cache.outputs.cache-hit }}
working-directory: ./build
run: test -f Cargo.lock || cargo +stable generate-lockfile --verbose
reports:
runs-on: ubuntu-latest
outputs:
crate-license: ${{ steps.get_toml.outputs.license }}
crate-description: ${{ steps.get_toml.outputs.description }}
needs: [ setup ]
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get deps and crates from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- name: Cache Advisory DB
uses: actions/cache@v4
with:
path: |
~/.cargo/advisory-db
key: stable-advisory-db
- name: Update Rust
run: |
rustup update
rustc --version
- uses: cargo-prebuilt/cargo-prebuilt-action@v4
with:
prebuilt-verify: minisign
pkgs: cargo-audit
- name: Get license and desc
id: get_toml
working-directory: ./build
run: |
echo "license=$(python ../scripts/crate-info.py 'license')" >> "${GITHUB_OUTPUT}"
{
echo 'description<<EOF'
python ../scripts/crate-info.py 'description'
echo EOF
} >> "${GITHUB_OUTPUT}"
- name: Generate license report
working-directory: ./build
env:
LICENSE: ${{ steps.get_toml.outputs.license }}
run: |
echo "Generated on: $(date --utc)" > ../license.report && echo "Crates.io license metadata: ${LICENSE}" >> ../license.report
echo "Found license texts:" >> ../license.report
tail -n +1 ./*LICENSE* >> ../license.report || true
tail -n +1 ./*license* >> ../license.report || true
tail -n +1 ./*License* >> ../license.report || true
- name: Generate deps report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../deps.report && cargo +stable tree --verbose --locked -e normal,build >> ../deps.report
- name: Generate audit report
working-directory: ./build
run: |
echo "Generated on: $(date --utc)" > ../audit.report && cargo audit >> ../audit.report || true
- name: Output reports
run: |
{
echo "### License:"
echo "\`\`\`"
cat license.report
echo "\`\`\`"
echo "### Deps:"
echo "\`\`\`"
cat deps.report
echo "\`\`\`"
echo "### Audit:"
echo "\`\`\`"
cat audit.report
echo "\`\`\`"
} >> "${GITHUB_STEP_SUMMARY}"
- name: Store reports
uses: actions/upload-artifact@v4
with:
name: reports
retention-days: 1
path: "*.report"
t1-cross:
strategy:
fail-fast: false
matrix:
target: [ x86_64-unknown-linux-gnu, x86_64-unknown-linux-musl, aarch64-unknown-linux-gnu, aarch64-unknown-linux-musl ]
runs-on: ubuntu-latest
needs: [ setup ]
env:
TARGET: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.CRATE }}-${{ env.VERSION }}"
- name: Build with ink cross
run: |
docker run --rm \
--userns host --user "$(id -u):$(id -g)" \
-v "$HOME/.cargo/registry:/usr/local/cargo/registry" \
-v ./build:/project \
"ghcr.io/cargo-prebuilt/ink-cross:stable-${TARGET}" \
auditable build --verbose --release --locked --target "${TARGET}"
- name: Collect
run: python ./scripts/collect.py "${TARGET}" "./build/target/${TARGET}/release" "${BINS}"
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t1-apple-darwin:
strategy:
fail-fast: false
matrix:
target: [ x86_64-apple-darwin, aarch64-apple-darwin ]
runs-on: macos-latest
needs: [ setup ]
env:
TARGET: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.CRATE }}-${{ env.VERSION }}"
- name: Update Rust and Add Target
run: |
rustup update
rustc --version
rustup target add "${TARGET}"
- uses: cargo-prebuilt/cargo-prebuilt-action@v4
with:
prebuilt-verify: minisign
pkgs: cargo-auditable
- name: Build crate
working-directory: ./build
run: cargo +stable auditable build --verbose --release --locked --target "${TARGET}"
- name: Collect
run: python ./scripts/collect.py "${TARGET}" "./build/target/${TARGET}/release" "${BINS}"
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t2-cross:
if: true
strategy:
fail-fast: false
matrix:
target: [ riscv64gc-unknown-linux-gnu,s390x-unknown-linux-gnu,powerpc64le-unknown-linux-gnu,armv7-unknown-linux-gnueabihf,armv7-unknown-linux-musleabihf ]
runs-on: ubuntu-latest
needs: [ setup ]
env:
TARGET: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.CRATE }}-${{ env.VERSION }}"
- name: Build with ink cross
run: |
docker run --rm \
--userns host --user "$(id -u):$(id -g)" \
-v "$HOME/.cargo/registry:/usr/local/cargo/registry" \
-v ./build:/project \
"ghcr.io/cargo-prebuilt/ink-cross:stable-${TARGET}" \
auditable build --verbose --release --locked --target "${TARGET}"
- name: Collect
run: python ./scripts/collect.py "${TARGET}" "./build/target/${TARGET}/release" "${BINS}"
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t2-pc-windows-msvc:
if: true
strategy:
fail-fast: false
matrix:
target: [ x86_64-pc-windows-msvc,aarch64-pc-windows-msvc ]
runs-on: windows-latest
needs: [ setup ]
env:
TARGET: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.CRATE }}-${{ env.VERSION }}"
- name: Update Rust and Add Target
run: |
rustup update
rustc --version
rustup target add "${Env:TARGET}"
- uses: cargo-prebuilt/cargo-prebuilt-action@v4
with:
prebuilt-verify: minisign
pkgs: cargo-auditable
- name: Build crate
working-directory: ./build
run: cargo +stable auditable build --verbose --release --locked --target "${Env:TARGET}"
- name: Collect
run: python ./scripts/collect.py "${Env:TARGET}" "./build/target/${Env:TARGET}/release" "${Env:BINS}"
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
t3-cross:
if: true
strategy:
fail-fast: false
matrix:
target: [ powerpc64-unknown-linux-gnu ]
runs-on: ubuntu-latest
needs: [ setup ]
env:
TARGET: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Get crate from cache
uses: actions/cache@v4
with:
path: |
build
key: ${{ env.CRATE }}-${{ env.VERSION }}-stable-crate
enableCrossOsArchive: true
fail-on-cache-miss: true
- uses: Swatinem/rust-cache@v2
if: ${{ !true }}
with:
workspaces: "./build -> target"
prefix-key: "v0-rust-${{ matrix.target }}-${{ env.CRATE }}-${{ env.VERSION }}"
- name: Build with ink cross
run: |
docker run --rm \
--userns host --user "$(id -u):$(id -g)" \
-v "$HOME/.cargo/registry:/usr/local/cargo/registry" \
-v ./build:/project \
"ghcr.io/cargo-prebuilt/ink-cross:stable-${TARGET}" \
auditable build --verbose --release --locked --target "${TARGET}"
- name: Collect
run: python ./scripts/collect.py "${TARGET}" "./build/target/${TARGET}/release" "${BINS}"
- name: Artifact
uses: actions/upload-artifact@v4
with:
name: target-${{ matrix.target }}
retention-days: 1
path: |
${{ matrix.target }}.tar.gz
${{ matrix.target }}.hashes.json
push-index:
if: ${{ always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && !contains(needs.t1-cross.result, 'failure') && !contains(needs.t1-apple-darwin.result, 'failure') && !contains(needs.t2-cross.result, 'failure') && !contains(needs.t2-pc-windows-msvc.result, 'failure') }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: ${{ env.python-version }}
- name: Rust Version Guess
run: |
rustup update
echo "RUSTC_VERSION=$(rustc --version)" >> "${GITHUB_ENV}"
- uses: actions/download-artifact@v4
- name: DBG - List Structure
run: ls -R
- name: Merge hashes
shell: bash
run: |
set -euxo pipefail
echo -n "" > hashes.sha256
for D in ./target-*; do
if [ -d "${D}" ]; then
echo "${D}"
pushd "${D}"
echo "$(cat *.hashes.json | jq --raw-output '.archive[] | select(.type | test("sha256")) | .hash') " *.tar.gz >> ../hashes.sha256
popd
fi
done
- name: Create info.json and hashes.json
env:
CRATE_LICENSE: ${{ needs.reports.outputs.crate-license }}
CRATE_DESC: ${{ needs.reports.outputs.crate-description }}
run: python ./scripts/info.py "${FILE}" "${VERSION}" "${CRATE_LICENSE}" "${CRATE_DESC}" "${RUSTC_VERSION}"
- name: Sign info.json and hashes.json
if: ${{ true }}
env:
SIGNING_KEY: ${{ secrets.MINISIGN_SIGNING_KEY }}
run: |
set -euxo pipefail
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
brew install minisign
echo -n "${SIGNING_KEY}" | base64 --decode > ~/.minisign_secret.key
minisign -S -s ~/.minisign_secret.key -m info.json
minisign -S -s ~/.minisign_secret.key -m hashes.json
minisign -V -p ./keys/cargo-prebuilt-index.pub -m info.json
minisign -V -p ./keys/cargo-prebuilt-index.pub -m hashes.json
rm -f ~/.minisign_secret.key
- name: Artifact
if: ${{ !true }}
uses: actions/upload-artifact@v4
with:
name: final
retention-days: 1
path: |
info.json
hashes.json
hashes.sha256
reports/*.report
target-*/*.tar.gz
target-*/*.hashes.json
- name: Create and push artifacts to release
uses: ncipollo/release-action@v1
if: ${{ true }}
with:
tag: ${{ env.CRATE }}-${{ env.VERSION }}
name: ${{ env.CRATE }}-${{ env.VERSION }}
allowUpdates: true
prerelease: true
artifacts: "reports/*.report,target-*/*.tar.gz,hashes.sha256,*.minisig,hashes.json,info.json"
body: ""
- name: Create index file
if: ${{ true }}
run: echo "${VERSION}" > "${CRATE}"
- name: Push to index
uses: ncipollo/release-action@v1
if: ${{ true }}
with:
tag: stable-index
allowUpdates: true
makeLatest: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "${{ env.CRATE }}"
banned-index:
if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && !contains(needs.setup.result, 'failure') && !contains(needs.reports.result, 'failure') && (contains(needs.t1-cross.result, 'failure') || contains(needs.t1-apple-darwin.result, 'failure') || contains(needs.t2-cross.result, 'failure') || contains(needs.t2-pc-windows-msvc.result, 'failure')) }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Create index file
run: echo "${VERSION}" > "${CRATE}"
- name: Push to index
uses: ncipollo/release-action@v1
with:
tag: banned-index
allowUpdates: true
makeLatest: false
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "${{ env.CRATE }}"
track-index:
if: ${{ true && always() && !contains(needs.*.result, 'cancelled') && contains(needs.*.result, 'failure') }}
runs-on: ubuntu-latest
needs: [ setup, reports, t1-cross, t1-apple-darwin, t2-cross, t2-pc-windows-msvc, t3-cross ]
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Create index file
run: echo "${VERSION}" > "${CRATE}"
- name: Push to index
uses: ncipollo/release-action@v1
with:
tag: track-index
allowUpdates: true
makeLatest: false
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "${{ env.CRATE }}"