libvirt: Don't require secure boot keys #25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Keep this in sync with the code in bootc-dev/bootc | |
| name: Release | |
| on: | |
| pull_request: | |
| types: [closed] | |
| permissions: | |
| contents: write | |
| jobs: | |
| release: | |
| name: Create Release | |
| if: | | |
| (github.event_name == 'pull_request' && | |
| github.event.pull_request.merged == true && | |
| contains(github.event.pull_request.labels.*.name, 'release')) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/create-github-app-token@v2 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| # Extract version from crates/kit/Cargo.toml | |
| VERSION=$(cargo read-manifest --manifest-path crates/kit/Cargo.toml | jq -r '.version') | |
| # Validate version format | |
| if ! echo "$VERSION" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' >/dev/null; then | |
| echo "Error: Invalid version format in Cargo.toml: $VERSION" | |
| exit 1 | |
| fi | |
| echo "Extracted version: $VERSION" | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "TAG_NAME=v$VERSION" >> $GITHUB_OUTPUT | |
| - name: Import GPG key | |
| if: github.event_name != 'push' | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| git_tag_gpgsign: true | |
| - name: Create and push tag | |
| if: github.event_name != 'push' | |
| run: | | |
| VERSION="${{ steps.extract_version.outputs.version }}" | |
| TAG_NAME="v$VERSION" | |
| if git rev-parse "$TAG_NAME" >/dev/null 2>&1; then | |
| echo "Tag $TAG_NAME already exists" | |
| exit 0 | |
| fi | |
| git tag -s -m "Release $VERSION" "$TAG_NAME" | |
| git push origin "$TAG_NAME" | |
| echo "Successfully created and pushed tag $TAG_NAME" | |
| git checkout "$TAG_NAME" | |
| - name: Install dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y just pkg-config go-md2man libssl-dev | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache build artifacts | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: release-build | |
| - name: Install additional dependencies | |
| run: | | |
| # Install cargo-vendor-filterer for creating vendor archives | |
| cargo install cargo-vendor-filterer --locked | |
| - name: Build binaries and create archives | |
| run: | | |
| # Build release binaries | |
| just build | |
| # Create binary archives (existing functionality) | |
| just archive | |
| # Create source and vendor archives for distribution | |
| cargo xtask package | |
| env: | |
| CARGO_PROFILE_RELEASE_LTO: true | |
| CARGO_PROFILE_RELEASE_CODEGEN_UNITS: 1 | |
| - name: Create release | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| VERSION="${{ steps.extract_version.outputs.version }}" | |
| TAG_NAME="${{ steps.extract_version.outputs.TAG_NAME }}" | |
| PRERELEASE="" | |
| if [[ "$VERSION" == *"-"* ]]; then | |
| PRERELEASE="--prerelease" | |
| fi | |
| gh release create "$TAG_NAME" \ | |
| --draft \ | |
| --title "Release $TAG_NAME" \ | |
| --notes "Release $TAG_NAME | |
| ## Installation | |
| Download the appropriate binary for your platform from the assets below. | |
| ### Linux x86_64 (glibc) | |
| \`\`\`bash | |
| curl -LO https://github.com/${{ github.repository }}/releases/download/$TAG_NAME/bcvk-x86_64-unknown-linux-gnu.tar.gz | |
| tar xzf bcvk-x86_64-unknown-linux-gnu.tar.gz | |
| sudo mv bcvk-x86_64-unknown-linux-gnu /usr/local/bin/bcvk | |
| \`\`\` | |
| ## Checksums | |
| Verify the integrity of your download with the provided SHA256 checksums. | |
| " \ | |
| $PRERELEASE | |
| - name: Upload to release | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| cd target | |
| # Upload binary archives and checksums | |
| for file in bcvk-*.tar.gz bcvk-*.tar.gz.sha256; do | |
| echo "Uploading binary archive: $file" | |
| gh release upload "${{ steps.extract_version.outputs.TAG_NAME }}" "$file" --clobber | |
| done | |
| # Upload source and vendor archives | |
| for file in bcvk-*.tar.zstd; do | |
| echo "Uploading source archive: $file" | |
| gh release upload "${{ steps.extract_version.outputs.TAG_NAME }}" "$file" --clobber | |
| done |