Release v0.9.6 #33

Workflow file for this run

.github/workflows/build-packages.yml at 94fb805

	name: Release
	run-name: Release ${{ github.ref_name }}

	on:
	push:
	tags:
	- "v*"

	jobs:
	package:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	outputs:
	version: ${{ steps.meta.outputs.version }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install build dependencies
	run: \|
	sudo apt-get update
	sudo apt-get install -y \
	build-essential \
	pkg-config \
	libwayland-dev \
	libxkbcommon-dev \
	libcairo2-dev \
	libpango1.0-dev \
	libgtk-3-dev \
	libssl-dev \
	libxcb-shape0-dev \
	libxcb-xfixes0-dev \
	libxcb-render0-dev \
	libxcb1-dev \
	libx11-dev

	- name: Set up Rust
	uses: dtolnay/[email protected]

	- name: Install nfpm
	run: \|
	NFPM_VERSION=2.43.4
	curl -sSfL "https://github.com/goreleaser/nfpm/releases/download/v${NFPM_VERSION}/nfpm_${NFPM_VERSION}_Linux_x86_64.tar.gz" \
	\| tar -xz nfpm
	sudo mv nfpm /usr/local/bin/
	nfpm --version

	- name: Cache cargo
	uses: Swatinem/rust-cache@v2
	with:
	workspaces: \|
	.
	configurator

	- name: Read crate version
	id: meta
	run: \|
	VERSION=$(cargo metadata --no-deps --format-version 1 \| jq -r '.packages[] \| select(.name=="wayscriber") \| .version')
	echo "version=${VERSION}" >> "$GITHUB_OUTPUT"

	- name: Pre-fetch Cargo dependencies (locked)
	env:
	CARGO_TARGET_DIR: target
	run: \|
	cargo fetch --locked --target x86_64-unknown-linux-gnu
	if [ -f configurator/Cargo.toml ]; then
	cargo fetch --locked --manifest-path configurator/Cargo.toml --target x86_64-unknown-linux-gnu
	fi

	- name: Build & package (tar/deb/rpm)
	env:
	VERSION: ${{ steps.meta.outputs.version }}
	FORMATS: tar,deb,rpm
	ARTIFACT_ROOT: dist
	CARGO_TARGET_DIR: target
	run: \|
	./tools/package.sh

	- name: Upload tarball
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-${{ steps.meta.outputs.version }}-tar
	path: dist/wayscriber-v${{ steps.meta.outputs.version }}-linux-x86_64.tar.gz

	- name: Upload configurator tarball
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-configurator-${{ steps.meta.outputs.version }}-tar
	path: dist/wayscriber-configurator-v${{ steps.meta.outputs.version }}-linux-x86_64.tar.gz

	- name: Upload deb
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-${{ steps.meta.outputs.version }}-deb
	path: dist/wayscriber-amd64.deb

	- name: Upload configurator deb
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-configurator-${{ steps.meta.outputs.version }}-deb
	path: dist/wayscriber-configurator-amd64.deb

	- name: Upload rpm
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-${{ steps.meta.outputs.version }}-rpm
	path: dist/wayscriber-x86_64.rpm

	- name: Upload configurator rpm
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-configurator-${{ steps.meta.outputs.version }}-rpm
	path: dist/wayscriber-configurator-x86_64.rpm

	- name: Upload manifests
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-${{ steps.meta.outputs.version }}-manifest
	path: \|
	dist/checksums.txt
	dist/manifest.json

	package-repos:
	name: Build apt/dnf repositories
	needs: package
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	permissions:
	contents: read
	env:
	GPG_PRIVATE_KEY_B64: ${{ secrets.PACKAGE_REPO_GPG_PRIVATE_KEY_B64 }}
	GPG_PASSPHRASE: ${{ secrets.PACKAGE_REPO_GPG_PASSPHRASE }}
	GPG_KEY_ID: ${{ secrets.PACKAGE_REPO_GPG_KEY_ID }}
	PACKAGE_REPO_REMOTE_HOST: ${{ secrets.PACKAGE_REPO_REMOTE_HOST }}
	PACKAGE_REPO_REMOTE_PATH: ${{ secrets.PACKAGE_REPO_REMOTE_PATH }}
	PACKAGE_REPO_REMOTE_USER: ${{ secrets.PACKAGE_REPO_REMOTE_USER }}
	PACKAGE_REPO_SSH_KEY: ${{ secrets.PACKAGE_REPO_SSH_KEY }}
	PACKAGE_REPO_SSH_KNOWN_HOSTS: ${{ secrets.PACKAGE_REPO_SSH_KNOWN_HOSTS }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install repo tooling
	run: \|
	sudo apt-get update
	sudo apt-get install -y \
	apt-utils \
	dpkg-dev \
	rpm \
	createrepo-c \
	rsync \
	gnupg

	- name: Download packaged artifacts
	uses: actions/download-artifact@v4
	with:
	path: dist
	merge-multiple: true

	- name: Build apt + rpm repositories
	env:
	ARTIFACT_ROOT: dist
	OUTPUT_ROOT: repo-out
	DEB_SUITE: stable
	DEB_COMPONENT: main
	DEB_ARCH: amd64
	RPM_ARCH: x86_64
	REPO_ORIGIN: Wayscriber
	REPO_LABEL: Wayscriber
	SIGN_RPMS: 1
	run: \|
	chmod +x tools/build-package-repos.sh
	tools/build-package-repos.sh

	- name: Upload repo bundle
	uses: actions/upload-artifact@v4
	with:
	name: wayscriber-${{ needs.package.outputs.version }}-repos
	path: \|
	repo-out/apt
	repo-out/rpm
	repo-out/WAYSCRIBER-GPG-KEY.asc

	- name: Deploy to website host (rsync)
	if: ${{ env.PACKAGE_REPO_REMOTE_HOST != '' && env.PACKAGE_REPO_REMOTE_PATH != '' && env.PACKAGE_REPO_SSH_KEY != '' }}
	env:
	DEPLOY_HOST: ${{ env.PACKAGE_REPO_REMOTE_HOST }}
	DEPLOY_PATH: ${{ env.PACKAGE_REPO_REMOTE_PATH }}
	DEPLOY_USER: ${{ env.PACKAGE_REPO_REMOTE_USER }}
	run: \|
	mkdir -p ~/.ssh
	echo "$PACKAGE_REPO_SSH_KEY" > ~/.ssh/repo_key
	chmod 600 ~/.ssh/repo_key
	if [ -n "$PACKAGE_REPO_SSH_KNOWN_HOSTS" ]; then
	echo "$PACKAGE_REPO_SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
	else
	ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
	fi
	DEPLOY_USER="${DEPLOY_USER:-root}"
	ssh -i ~/.ssh/repo_key -o StrictHostKeyChecking=yes "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p '${DEPLOY_PATH}/apt' '${DEPLOY_PATH}/rpm'"
	rsync -av --delete -e "ssh -i ~/.ssh/repo_key -o StrictHostKeyChecking=yes" repo-out/apt/ "${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}/apt/"
	rsync -av --delete -e "ssh -i ~/.ssh/repo_key -o StrictHostKeyChecking=yes" repo-out/rpm/ "${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}/rpm/"
	if [ -f repo-out/WAYSCRIBER-GPG-KEY.asc ]; then
	rsync -av -e "ssh -i ~/.ssh/repo_key -o StrictHostKeyChecking=yes" repo-out/WAYSCRIBER-GPG-KEY.asc "${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}/"
	fi

	release:
	needs: package
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	permissions:
	contents: write
	steps:
	- name: Download packaged artifacts
	uses: actions/download-artifact@v4
	with:
	path: dist
	merge-multiple: true

	- name: Publish GitHub release (auto notes)
	uses: softprops/action-gh-release@v2
	with:
	files: dist/*/
	generate_release_notes: true

	aur:
	needs: package
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	env:
	AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
	AUR_SSH_KNOWN_HOSTS: ${{ secrets.AUR_SSH_KNOWN_HOSTS }}
	AUR_SSH_PASSPHRASE: ${{ secrets.AUR_SSH_PASSPHRASE }}
	steps:
	- name: Fail if AUR secret missing
	if: env.AUR_SSH_PRIVATE_KEY == ''
	run: \|
	echo "AUR secrets not set; failing AUR job."
	exit 1

	- name: Configure SSH for AUR (and test)
	run: \|
	mkdir -p ~/.ssh
	echo "$AUR_SSH_PRIVATE_KEY" > ~/.ssh/aur
	chmod 600 ~/.ssh/aur
	{
	echo "Host aur.archlinux.org"
	echo " HostName aur.archlinux.org"
	echo " User aur"
	echo " IdentityFile ~/.ssh/aur"
	echo " StrictHostKeyChecking yes"
	} >> ~/.ssh/config
	if [ -n "$AUR_SSH_KNOWN_HOSTS" ]; then
	echo "$AUR_SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
	else
	ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
	fi
	SSH_CMD="ssh -i ~/.ssh/aur -o StrictHostKeyChecking=yes"
	if [ -n "$AUR_SSH_PASSPHRASE" ]; then
	cat <<'EOS' > /tmp/aur-askpass.sh
	#!/usr/bin/env bash
	printf '%s\n' "${AUR_SSH_PASSPHRASE:-}"
	EOS
	chmod +x /tmp/aur-askpass.sh
	export SSH_ASKPASS=/tmp/aur-askpass.sh
	export SSH_ASKPASS_REQUIRE=force
	export DISPLAY=:0
	eval "$(ssh-agent -s)"
	if ! setsid -w env SSH_ASKPASS=$SSH_ASKPASS SSH_ASKPASS_REQUIRE=$SSH_ASKPASS_REQUIRE DISPLAY=$DISPLAY ssh-add ~/.ssh/aur </dev/null; then
	echo "ssh-add failed; ensure AUR_SSH_PASSPHRASE is set correctly if the key is encrypted."
	exit 1
	fi
	SSH_CMD="ssh -o StrictHostKeyChecking=yes"
	{
	echo "SSH_ASKPASS=$SSH_ASKPASS"
	echo "SSH_ASKPASS_REQUIRE=$SSH_ASKPASS_REQUIRE"
	echo "DISPLAY=$DISPLAY"
	echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
	echo "SSH_AGENT_PID=$SSH_AGENT_PID"
	} >> "$GITHUB_ENV"
	else
	echo "No AUR_SSH_PASSPHRASE provided; using key directly with -i."
	fi
	echo "GIT_SSH_COMMAND=$SSH_CMD" >> "$GITHUB_ENV"
	ls -l ~/.ssh
	echo "ssh config:"
	cat ~/.ssh/config
	ssh-add -l \|\| true
	echo "Key fingerprint:"
	ssh-keygen -lf ~/.ssh/aur \|\| true
	echo "Testing SSH connectivity..."
	GIT_SSH_COMMAND="$SSH_CMD" git ls-remote ssh://[email protected]/wayscriber.git HEAD

	- name: Checkout repo
	uses: actions/checkout@v4

	- name: Install helpers
	run: \|
	sudo apt-get update
	sudo apt-get install -y jq

	- name: Download packaged artifacts
	uses: actions/download-artifact@v4
	with:
	path: dist
	merge-multiple: true

	- name: Set git identity for AUR
	env:
	AUR_GIT_USERNAME: ${{ secrets.AUR_GIT_USERNAME }}
	AUR_GIT_EMAIL: ${{ secrets.AUR_GIT_EMAIL }}
	run: \|
	if [ -z "$AUR_GIT_USERNAME" ] \|\| [ -z "$AUR_GIT_EMAIL" ]; then
	echo "AUR_GIT_USERNAME and AUR_GIT_EMAIL secrets must be set."
	exit 1
	fi
	git config --global user.name "$AUR_GIT_USERNAME"
	git config --global user.email "$AUR_GIT_EMAIL"

	- name: Clone AUR repos
	run: \|
	GIT_SSH_COMMAND="ssh -i ~/.ssh/aur -o StrictHostKeyChecking=yes" git clone ssh://[email protected]/wayscriber.git aur-wayscriber
	GIT_SSH_COMMAND="ssh -i ~/.ssh/aur -o StrictHostKeyChecking=yes" git clone ssh://[email protected]/wayscriber-bin.git aur-wayscriber-bin
	GIT_SSH_COMMAND="ssh -i ~/.ssh/aur -o StrictHostKeyChecking=yes" git clone ssh://[email protected]/wayscriber-configurator.git aur-wayscriber-configurator \|\| true

	- name: Update AUR from manifest
	env:
	PUSH: "1"
	run: \|
	VERSION=$(jq -r '.version' dist/manifest.json)
	chmod +x tools/update-aur-from-manifest.sh
	./tools/update-aur-from-manifest.sh \
	--version "$VERSION" \
	--manifest dist/manifest.json \
	--source-dir aur-wayscriber \
	--bin-dir aur-wayscriber-bin \
	--config-dir aur-wayscriber-configurator \
	--push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Release v0.9.6 #33

Workflow file

Release v0.9.6 #33

Uh oh!

Workflow file for this run