-
Notifications
You must be signed in to change notification settings - Fork 423
122 lines (110 loc) · 3.68 KB
/
release.yml
File metadata and controls
122 lines (110 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: "Nix and release"
on:
push:
branches:
- master
tags:
- "v*"
pull_request:
branches:
- master
permissions: {}
jobs:
nixBuild:
name: Build ${{ matrix.name }} binary
timeout-minutes: ${{ matrix.timeout || 30 }}
runs-on: ${{ matrix.os }}
permissions:
contents: read
outputs:
version: ${{ steps.version.outputs.version }}
strategy:
matrix:
include:
- os: ubuntu-latest
name: Linux (x86_64)
tuple: x86_64-linux
system: x86_64-linux
timeout: 180
- os: ubuntu-24.04-arm
name: Linux (aarch64)
tuple: aarch64-linux
system: aarch64-linux
timeout: 180
- os: macos-14
name: macOS (x86_64)
tuple: x86_64-macos
system: x86_64-darwin
- os: macos-14
name: macOS (aarch64)
tuple: aarch64-macos
system: aarch64-darwin
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@c5a866b6ab867e88becbed4467b93592bce69f8a # v21
- name: Configure Cachix
uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c # v17
with:
name: trailofbits
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
pushFilter: "(-echidna-.+$)"
- name: Obtain version number
id: version
run: |
if [[ "$GIT_REF" =~ ^refs/tags/v.* ]]; then
echo "version=$(echo "$GIT_REF" | sed 's#^refs/tags/v##')" >> "$GITHUB_OUTPUT"
else
echo "version=HEAD-$(echo "$GIT_SHA" | cut -c1-7)" >> "$GITHUB_OUTPUT"
fi
env:
GIT_REF: ${{ github.ref }}
GIT_SHA: ${{ github.sha }}
- name: Build dynamic echidna
run: |
nix build .#echidna
- name: Build redistributable echidna
run: |
nix build ".#packages.${NIX_SYSTEM}.echidna-redistributable" --out-link redistributable
tar -czf "echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz" -C ./redistributable/bin/ echidna
env:
NIX_SYSTEM: ${{ matrix.system }}
- name: Upload artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
with:
name: echidna-redistributable-${{ matrix.tuple }}
path: echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz
release:
name: Create release
timeout-minutes: 10
needs: [nixBuild]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Download binaries
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
pattern: echidna-redistributable-*
merge-multiple: true
- name: Sign binaries
uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d # v3.2.0
with:
inputs: ./echidna-*.tar.gz
- name: Create GitHub release and upload binaries
uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
with:
draft: true
name: "Echidna ${{ needs.nixBuild.outputs.version }}"
files: |
./echidna-*.tar.gz
./echidna-*.tar.gz.sigstore.json