Fix GitHub release permissions by adding explicit contents: write per… #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "[0-9]+.[0-9]+.[0-9]+*" | |
| - "[0-9]+.[0-9]+.[0-9]+-alpha*" | |
| - "[0-9]+.[0-9]+.[0-9]+-beta*" | |
| - "[0-9]+.[0-9]+.[0-9]+-rc*" | |
| workflow_dispatch: | |
| env: | |
| RUST_VERSION: 1.89.0 | |
| RELEASE_DIR: dist | |
| jobs: | |
| build-linux-gnu: | |
| name: linux-gnu (php ${{ matrix.php-version }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php-version: ["8.2", "8.3", "8.4"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install system dependencies | |
| run: sudo apt-get update && sudo apt-get install -y libssl-dev pkg-config zip | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php-version }} | |
| tools: phpize, php-config, composer | |
| coverage: none | |
| - name: Resolve php-config | |
| id: php | |
| run: echo "php_config=$(command -v php-config)" >> "$GITHUB_OUTPUT" | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| - name: Install PHP test dependencies | |
| working-directory: php/tests | |
| run: composer install --no-interaction --no-progress | |
| - name: Build extension | |
| env: | |
| EXT_PHP_RS_PHP_CONFIG: ${{ steps.php.outputs.php_config }} | |
| run: cargo build --release --locked | |
| - name: Package artifact | |
| run: | | |
| mkdir -p "${RELEASE_DIR}" | |
| ref="${GITHUB_REF_NAME:-$GITHUB_SHA}" | |
| short="${ref:0:7}" | |
| ARCH="$(uname -m)" | |
| scripts/package-extension.sh \ | |
| "target/release/librabbit_rs.so" \ | |
| "${{ matrix.php-version }}" \ | |
| "linux-gnu-${ARCH}" \ | |
| "${short}" \ | |
| "${RELEASE_DIR}" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-gnu-php${{ matrix.php-version }} | |
| path: | | |
| ${{ env.RELEASE_DIR }}/rabbit_rs-linux-gnu-*.zip | |
| ${{ env.RELEASE_DIR }}/rabbit_rs-linux-gnu-*.sha256 | |
| build-macos: | |
| name: macOS (php ${{ matrix.php-version }} | ${{ matrix.runner }}) | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php-version: ["8.2", "8.3", "8.4"] | |
| runner: ["macos-14"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: ${{ matrix.php-version }} | |
| tools: phpize, php-config, composer | |
| coverage: none | |
| - name: Resolve php-config | |
| id: php | |
| run: echo "php_config=$(command -v php-config)" >> "$GITHUB_OUTPUT" | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| - name: Install PHP test dependencies | |
| working-directory: php/tests | |
| run: composer install --no-interaction --no-progress | |
| - name: Build extension | |
| env: | |
| EXT_PHP_RS_PHP_CONFIG: ${{ steps.php.outputs.php_config }} | |
| run: cargo build --release --locked | |
| - name: Package artifact | |
| run: | | |
| mkdir -p "${RELEASE_DIR}" | |
| ref="${GITHUB_REF_NAME:-$GITHUB_SHA}" | |
| short="${ref:0:7}" | |
| ARCH="$(uname -m)" | |
| scripts/package-extension.sh \ | |
| "target/release/librabbit_rs.dylib" \ | |
| "${{ matrix.php-version }}" \ | |
| "darwin-${ARCH}" \ | |
| "${short}" \ | |
| "${RELEASE_DIR}" | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: darwin-${{ matrix.runner }}-php${{ matrix.php-version }} | |
| path: | | |
| ${{ env.RELEASE_DIR }}/rabbit_rs-darwin-*.zip | |
| ${{ env.RELEASE_DIR }}/rabbit_rs-darwin-*.sha256 | |
| publish: | |
| needs: | |
| - build-linux-gnu | |
| - build-macos | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: aggregated-artifacts | |
| - name: Collate checksums | |
| run: | | |
| cd aggregated-artifacts | |
| find . -name '*.sha256' -print0 | sort -z | xargs -0 cat > SHA256SUMS | |
| - name: Publish GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| aggregated-artifacts/**/*.zip | |
| aggregated-artifacts/**/*.sha256 | |
| aggregated-artifacts/SHA256SUMS | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |