From fa6acb63b488bf9d5e69b6758bb46a8aff18e49c Mon Sep 17 00:00:00 2001
From: simonsan <14062932+simonsan@users.noreply.github.com>
Date: Mon, 11 Sep 2023 11:06:01 +0200
Subject: [PATCH] ci: nightly builds

---
 .github/workflows/nightly.yml | 199 ++++++++++++++++++++++++++++++++++
 1 file changed, 199 insertions(+)
 create mode 100644 .github/workflows/nightly.yml

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
new file mode 100644
index 0000000..da25482
--- /dev/null
+++ b/.github/workflows/nightly.yml
@@ -0,0 +1,199 @@
+name: Continuous Deployment
+
+on:
+  workflow_dispatch:
+  schedule:
+    # “At 00:10.”
+    # https://crontab.guru/#10_0_*_*_*
+    - cron: "10 0 * * *"
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  publish:
+    name: Publishing ${{ matrix.job.target }}
+    runs-on: ${{ matrix.job.os }}
+    if: ${{ github.ref == 'refs/heads/main' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        rust: [stable]
+        job:
+          - os: windows-latest
+            os-name: windows
+            target: x86_64-pc-windows-msvc
+            architecture: x86_64
+            binary-postfix: ".exe"
+            use-cross: false
+          - os: macos-latest
+            os-name: macos
+            target: x86_64-apple-darwin
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: false
+          - os: macos-latest
+            os-name: macos
+            target: aarch64-apple-darwin
+            architecture: arm64
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: linux
+            target: x86_64-unknown-linux-gnu
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: false
+          - os: ubuntu-latest
+            os-name: linux
+            target: x86_64-unknown-linux-musl
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: false
+          - os: ubuntu-latest
+            os-name: linux
+            target: aarch64-unknown-linux-gnu
+            architecture: arm64
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: linux
+            target: i686-unknown-linux-gnu
+            architecture: i686
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: netbsd
+            target: x86_64-unknown-netbsd
+            architecture: x86_64
+            binary-postfix: ""
+            use-cross: true
+          - os: ubuntu-latest
+            os-name: linux
+            target: armv7-unknown-linux-gnueabihf
+            architecture: armv7
+            binary-postfix: ""
+            use-cross: true
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        with:
+          fetch-depth: 0
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1
+        with:
+          toolchain: ${{ matrix.rust }}
+          profile: minimal
+          override: true
+          target: ${{ matrix.job.target }}
+      - name: install compiler
+        shell: bash
+        run: |
+          if [[ ${{ matrix.job.target }} == x86_64-unknown-linux-musl ]]; then
+              sudo apt update
+              sudo apt-get install -y musl-tools
+          fi
+      - name: install cargo-auditable for non-cross builds
+        shell: bash
+        if: ${{ matrix.job.use_cross != true}}
+        run: |
+          cargo install cargo-auditable cargo-audit
+      - uses: Swatinem/rust-cache@e207df5d269b42b69c8bc5101da26f7d31feddb4 # v2
+        with:
+          key: ${{ matrix.job.target }}
+      - name: Set Version
+        shell: bash
+        run: echo "PROJECT_VERSION=$(git describe --tags)" >> $GITHUB_ENV
+      - name: Cargo build
+        uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1
+        if: ${{ matrix.job.use-cross == true }}
+        with:
+          command: build
+          use-cross: ${{ matrix.job.use-cross }}
+          toolchain: ${{ matrix.rust }}
+          args: --release --target ${{ matrix.job.target }}
+      - name: Cargo auditable build
+        uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1
+        if: ${{ matrix.job.use-cross == false }}
+        with:
+          command: auditable
+          use-cross: ${{ matrix.job.use-cross }}
+          toolchain: ${{ matrix.rust }}
+          args: build --release --target ${{ matrix.job.target }}
+      - name: Packaging final binary
+        shell: bash
+        id: package-binary
+        run: |
+          cp -a config target/${{ matrix.job.target }}/release/config
+          cd target/${{ matrix.job.target }}/release
+
+          ########## create tar.gz ##########
+
+          # accounting for main branch and therefore nightly builds
+          if [[ ${{ github.ref }} = refs/heads/main ]]; then
+              RELEASE_NAME=rustic-server-nightly-${{ matrix.job.target}}.tar.gz
+          elif [[ ${{ github.ref }} = refs/tags/* ]]; then
+              RELEASE_NAME=rustic-server-${{ github.ref_name }}-${{ matrix.job.target}}.tar.gz
+          else    
+              RELEASE_NAME=rustic-server-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.job.target}}.tar.gz 
+          fi
+
+          tar czvf $RELEASE_NAME rustic-server${{ matrix.job.binary-postfix }} config/
+
+          ########## create sha256 ##########
+          if [[ ${{ runner.os }} == 'Windows' ]]; then
+            certutil -hashfile $RELEASE_NAME sha256 | grep -E [A-Fa-f0-9]{64} > $RELEASE_NAME.sha256
+          else
+            shasum -a 256 $RELEASE_NAME > $RELEASE_NAME.sha256
+          fi
+
+          echo "release_name=$RELEASE_NAME" >> $GITHUB_OUTPUT
+      - name: Storing binary as artefact
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
+        with:
+          name: binary-${{ matrix.job.target}}
+          path: target/${{ matrix.job.target }}/release/${{ steps.package-binary.outputs.release_name }}*
+
+  publish-nightly:
+    name: Publishing nightly builds
+    needs: publish
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all workflow run artifacts
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
+      - name: Releasing nightly builds
+        shell: bash
+        run: |
+          # set up some directories
+          WORKING_DIR=$(mktemp -d)
+          DEST_DIR=rustic_server
+
+          # set up the github deploy key
+          mkdir -p ~/.ssh
+          echo "${{ secrets.NIGHTLY_RELEASE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+
+          # set up git
+          git config --global user.name "${{ github.actor }}"
+          git config --global user.email "${{ github.actor }}"
+          ssh-keyscan -H github.com > ~/.ssh/known_hosts
+          GIT_SSH='ssh -i ~/.ssh/id_ed25519 -o UserKnownHostsFile=~/.ssh/known_hosts'
+
+          # clone the repo into our working directory
+          GIT_SSH_COMMAND=$GIT_SSH git clone git@github.com:rustic-rs/nightly.git $WORKING_DIR
+
+          # ensure destination directory exists
+          mkdir -p $WORKING_DIR/$DEST_DIR
+
+          # do the copy
+          for i in binary-*; do cp -a $i/* $WORKING_DIR/$DEST_DIR; done
+
+          # create the commit
+          cd $WORKING_DIR
+          git add .
+          git commit -m "${{ github.job }} from https://github.com/${{ github.repository }}/commit/${{ github.sha }}" || echo
+          GIT_SSH_COMMAND=$GIT_SSH git pull --rebase
+          GIT_SSH_COMMAND=$GIT_SSH git push