feat: Gated tag releases on the reusable authoritative live proof, scop… #56

Workflow file for this run

.github/workflows/release.yml at 904d5d7

	name: Release

	on:
	push:
	branches: [main]
	tags: ['v*']
	pull_request:

	permissions:
	contents: read

	jobs:
	build:
	name: Build (${{ matrix.target }})
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	include:
	- target: x86_64-apple-darwin
	os: macos-15-intel
	llvm_method: brew
	archive_ext: tar.gz
	- target: aarch64-apple-darwin
	os: macos-14
	llvm_method: brew
	archive_ext: tar.gz
	- target: x86_64-unknown-linux-gnu
	os: ubuntu-24.04
	llvm_method: tarball
	archive_ext: tar.gz
	- target: aarch64-unknown-linux-gnu
	os: ubuntu-24.04-arm
	llvm_method: tarball
	archive_ext: tar.gz
	- target: x86_64-unknown-linux-musl
	os: ubuntu-24.04
	llvm_method: docker
	archive_ext: tar.gz
	- target: x86_64-pc-windows-msvc
	os: windows-latest
	llvm_method: tarball
	archive_ext: zip

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	# ── LLVM 21 Installation ──────────────────────────────────────

	- name: Cache LLVM
	if: matrix.llvm_method == 'tarball'
	uses: actions/cache@v4
	id: cache-llvm
	with:
	path: ~/llvm
	key: llvm-21.1.8-v3-${{ matrix.target }}

	- name: Install LLVM 21 (Homebrew)
	if: matrix.llvm_method == 'brew'
	run: \|
	brew install llvm@21
	echo "LLVM_SYS_211_PREFIX=$(brew --prefix llvm@21)" >> "$GITHUB_ENV"

	- name: Install LLVM 21 (Linux x86_64)
	if: >-
	matrix.llvm_method == 'tarball' &&
	runner.os == 'Linux' &&
	steps.cache-llvm.outputs.cache-hit != 'true'
	run: \|
	LLVM_VERSION="21.1.8"
	LLVM_ARCHIVE="LLVM-${LLVM_VERSION}-Linux-X64.tar.xz"
	LLVM_URL="https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/${LLVM_ARCHIVE}"
	curl -sSfL "$LLVM_URL" -o llvm.tar.xz
	mkdir -p "$HOME/llvm"
	tar xf llvm.tar.xz --strip-components=1 -C "$HOME/llvm"
	rm llvm.tar.xz

	- name: Install LLVM 21 (Linux ARM64)
	if: >-
	matrix.llvm_method == 'tarball' &&
	matrix.target == 'aarch64-unknown-linux-gnu' &&
	steps.cache-llvm.outputs.cache-hit != 'true'
	run: \|
	LLVM_VERSION="21.1.3"
	LLVM_ARCHIVE="clang+llvm-${LLVM_VERSION}-aarch64-linux-gnu.tar.xz"
	LLVM_URL="https://github.com/ycm-core/llvm/releases/download/${LLVM_VERSION}/${LLVM_ARCHIVE}"
	curl -sSfL "$LLVM_URL" -o llvm.tar.xz
	mkdir -p "$HOME/llvm"
	tar xf llvm.tar.xz --strip-components=1 -C "$HOME/llvm"
	rm llvm.tar.xz

	- name: Install LLVM 21 (Windows)
	if: >-
	matrix.llvm_method == 'tarball' &&
	matrix.target == 'x86_64-pc-windows-msvc' &&
	steps.cache-llvm.outputs.cache-hit != 'true'
	shell: pwsh
	run: \|
	$LLVM_VERSION = "21.1.8"
	$LLVM_DIR = "$env:USERPROFILE\llvm"
	# Use the clang+llvm tarball which includes llvm-config, headers, and static libs
	$LLVM_URL = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${LLVM_VERSION}/clang+llvm-${LLVM_VERSION}-x86_64-pc-windows-msvc.tar.xz"
	Invoke-WebRequest -Uri $LLVM_URL -OutFile llvm.tar.xz
	7z x llvm.tar.xz
	7z x llvm.tar -o"$env:USERPROFILE"
	Rename-Item "$env:USERPROFILE\clang+llvm-${LLVM_VERSION}-x86_64-pc-windows-msvc" $LLVM_DIR
	Remove-Item llvm.tar.xz, llvm.tar -Force

	- name: Set LLVM prefix (Linux tarball)
	if: matrix.llvm_method == 'tarball' && runner.os == 'Linux'
	run: echo "LLVM_SYS_211_PREFIX=$HOME/llvm" >> "$GITHUB_ENV"

	- name: Set LLVM prefix (Windows tarball)
	if: matrix.llvm_method == 'tarball' && runner.os == 'Windows'
	shell: pwsh
	run: echo "LLVM_SYS_211_PREFIX=$env:USERPROFILE\llvm" >> $env:GITHUB_ENV

	# ── Platform dependencies ─────────────────────────────────────

	- name: Install libxml2 (Windows)
	if: runner.os == 'Windows'
	shell: pwsh
	run: \|
	vcpkg install libxml2:x64-windows-static
	$libdir = "$env:VCPKG_INSTALLATION_ROOT\installed\x64-windows-static\lib"
	# LLVM expects libxml2s.lib (static suffix), vcpkg produces libxml2.lib
	Copy-Item "$libdir\libxml2.lib" "$libdir\libxml2s.lib"
	echo "LIB=$libdir;$env:LIB" >> $env:GITHUB_ENV

	# ── Rust Toolchain ────────────────────────────────────────────

	- name: Install Rust
	if: matrix.llvm_method != 'docker'
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: ${{ matrix.target }}

	- name: Cargo cache
	if: matrix.llvm_method != 'docker'
	uses: Swatinem/rust-cache@v2
	with:
	key: ${{ matrix.target }}

	# ── Build ─────────────────────────────────────────────────────

	- name: Build meshc (Alpine/musl)
	if: matrix.llvm_method == 'docker'
	run: \|
	docker run --rm \
	-v "$GITHUB_WORKSPACE:/workspace" \
	-w /workspace \
	alpine:3.23 sh -c '
	apk add --no-cache \
	llvm21-dev llvm21-static \
	musl-dev gcc g++ make cmake perl \
	zlib-dev zlib-static zstd-dev zstd-static \
	libffi-dev libxml2-dev libxml2-static \
	openssl-dev openssl-libs-static \
	linux-headers curl git &&
	curl --proto "=https" --tlsv1.2 -sSf https://sh.rustup.rs \| sh -s -- -y --default-toolchain stable &&
	source "$HOME/.cargo/env" &&
	export LLVM_SYS_211_PREFIX=/usr/lib/llvm21 &&
	cargo build --release --target x86_64-unknown-linux-musl
	'
	sudo chown -R $(id -u):$(id -g) target/

	- name: Build meshc (Unix)
	if: runner.os != 'Windows' && matrix.llvm_method != 'docker'
	run: cargo build --release --target ${{ matrix.target }}
	env:
	LLVM_SYS_211_PREFIX: ${{ env.LLVM_SYS_211_PREFIX }}

	- name: Build meshc (Windows)
	if: runner.os == 'Windows'
	run: cargo build --release --target ${{ matrix.target }}
	env:
	LLVM_SYS_211_PREFIX: ${{ env.LLVM_SYS_211_PREFIX }}
	RUSTFLAGS: -Clink-args=/FORCE:MULTIPLE

	# ── Strip & Package ───────────────────────────────────────────

	- name: Determine version
	id: version
	shell: bash
	run: \|
	if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
	echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT"
	else
	echo "version=dev" >> "$GITHUB_OUTPUT"
	fi

	- name: Strip binary (Unix)
	if: runner.os != 'Windows'
	run: strip target/${{ matrix.target }}/release/meshc

	- name: Package (tar.gz)
	if: matrix.archive_ext == 'tar.gz'
	run: \|
	tar czf "meshc-v${{ steps.version.outputs.version }}-${{ matrix.target }}.tar.gz" \
	-C "target/${{ matrix.target }}/release" meshc

	- name: Package (zip)
	if: matrix.archive_ext == 'zip'
	shell: pwsh
	run: \|
	Compress-Archive `
	-Path "target/${{ matrix.target }}/release/meshc.exe" `
	-DestinationPath "meshc-v${{ steps.version.outputs.version }}-${{ matrix.target }}.zip"

	- name: Upload artifact
	uses: actions/upload-artifact@v4
	with:
	name: meshc-${{ matrix.target }}
	path: meshc-v${{ steps.version.outputs.version }}-${{ matrix.target }}.${{ matrix.archive_ext }}

	# ── Build meshpkg ────────────────────────────────────────────────────

	build-meshpkg:
	name: Build meshpkg (${{ matrix.target }})
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	include:
	- target: x86_64-apple-darwin
	os: macos-15-intel
	- target: aarch64-apple-darwin
	os: macos-14
	- target: x86_64-unknown-linux-gnu
	os: ubuntu-24.04
	- target: aarch64-unknown-linux-gnu
	os: ubuntu-24.04-arm

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install Rust
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: ${{ matrix.target }}

	- name: Cargo cache
	uses: Swatinem/rust-cache@v2
	with:
	key: meshpkg-${{ matrix.target }}

	- name: Determine version
	id: version
	shell: bash
	run: \|
	if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
	echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT"
	else
	echo "version=dev" >> "$GITHUB_OUTPUT"
	fi

	- name: Build meshpkg
	run: cargo build --release -p meshpkg --target ${{ matrix.target }}

	- name: Strip binary
	run: strip target/${{ matrix.target }}/release/meshpkg

	- name: Package (tar.gz)
	run: \|
	tar czf "meshpkg-v${{ steps.version.outputs.version }}-${{ matrix.target }}.tar.gz" \
	-C "target/${{ matrix.target }}/release" meshpkg

	- name: Upload artifact
	uses: actions/upload-artifact@v4
	with:
	name: meshpkg-${{ matrix.target }}
	path: meshpkg-v${{ steps.version.outputs.version }}-${{ matrix.target }}.tar.gz

	# ── Authoritative live proof ───────────────────────────────────────

	authoritative-live-proof:
	name: Authoritative live proof
	if: startsWith(github.ref, 'refs/tags/v')
	uses: ./.github/workflows/authoritative-live-proof.yml
	secrets:
	MESH_PUBLISH_OWNER: ${{ secrets.MESH_PUBLISH_OWNER }}
	MESH_PUBLISH_TOKEN: ${{ secrets.MESH_PUBLISH_TOKEN }}

	# ── Release ─────────────────────────────────────────────────────────

	release:
	name: Create Release
	needs: [build, build-meshpkg, authoritative-live-proof]
	if: startsWith(github.ref, 'refs/tags/v')
	runs-on: ubuntu-latest
	permissions:
	contents: write
	steps:
	- name: Download all artifacts
	uses: actions/download-artifact@v4
	with:
	path: artifacts/
	merge-multiple: true

	- name: Generate SHA256SUMS
	run: \|
	cd artifacts/
	sha256sum .tar.gz .zip > SHA256SUMS
	cat SHA256SUMS

	- name: Create GitHub Release
	uses: softprops/action-gh-release@v2
	with:
	files: artifacts/*
	generate_release_notes: false
	draft: false
	prerelease: false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Gated tag releases on the reusable authoritative live proof, scop… #56

Workflow file

feat: Gated tag releases on the reusable authoritative live proof, scop… #56

Uh oh!

Workflow file for this run