element-hq · sandhose · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -52,6 +52,55 @@ jobs:
           echo "describe=$(git describe --tags --match 'v*.*.*' --always)" >> $GITHUB_OUTPUT
           echo "timestamp=$(git log -1 --format=%ct)" >> $GITHUB_OUTPUT
 
+  build-assets:
+    name: Build assets
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout the code
+        uses: actions/[email protected]
+
+      - name: Setup OPA
+        uses: open-policy-agent/[email protected]
+        with:
+          version: 0.64.1
+
+      - name: Install frontend Node
+        uses: actions/[email protected]
+        with:
+          node-version: 20
+
+      - name: Install frontend Node dependencies
+        working-directory: ./frontend
+        run: npm ci
+
+      - name: Build frontend
+        working-directory: ./frontend
+        run: npm run build
+
+      - name: Build policies
+        working-directory: ./policies
+        run: make
+
+      - name: Prepare assets artifact
+        run: |
+          mkdir -p assets-dist/share
+          cp policies/policy.wasm assets-dist/share/policy.wasm
+          cp frontend/dist/manifest.json assets-dist/share/manifest.json
+          cp -r frontend/dist/ assets-dist/share/assets
+          cp -r templates/ assets-dist/share/templates
+          cp -r translations/ assets-dist/share/translations
+          cp LICENSE assets-dist/LICENSE
+          chmod -R u=rwX,go=rX assets-dist/
+
+      - name: Upload assets
+        uses: actions/[email protected]
+        with:
+          name: assets
+          path: assets-dist
 
   build-binaries:
     name: Build binaries
@@ -60,6 +109,12 @@ jobs:
     needs:
       - compute-version
 
+    strategy:
+      matrix:
+        include:
+          - target: x86_64-unknown-linux-gnu
+          - target: aarch64-unknown-linux-gnu
+
     env:
       VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }}
       SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }}
@@ -71,17 +126,11 @@ jobs:
       - name: Checkout the code
         uses: actions/[email protected]
 
-      - name: Setup OPA
-        uses: open-policy-agent/[email protected]
-        with:
-          version: 0.64.1
-
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
         with:
           targets: |
-            x86_64-unknown-linux-gnu
-            aarch64-unknown-linux-gnu
+            ${{ matrix.target }}
 
       - name: Setup sccache
         uses: mozilla-actions/[email protected]
@@ -96,62 +145,74 @@ jobs:
         with:
           tool: cargo-zigbuild
 
-      - name: Install frontend Node
-        uses: actions/[email protected]
-        with:
-          node-version: 20
-
-      - name: Install frontend Node dependencies
-        working-directory: ./frontend
-        run: npm ci
-
-      - name: Build frontend
-        working-directory: ./frontend
-        run: npm run build
-
-      - name: Build policies
-        working-directory: ./policies
-        run: make
-
       - name: Build the binary
         run: |
           cargo zigbuild \
             --release \
-            --target x86_64-unknown-linux-gnu.2.17 \
-            --target aarch64-unknown-linux-gnu.2.17 \
+            --target ${{ matrix.target }}.2.17 \
             --no-default-features \
             --features dist \
             -p mas-cli
 
-      - name: Create one archive per architecture
+      - name: Upload binary artifact
+        uses: actions/[email protected]
+        with:
+          name: binary-${{ matrix.target }}
+          path: target/${{ matrix.target }}/release/mas-cli
+
+  assemble-archives:
+    name: Assemble release archives
+    runs-on: ubuntu-22.04
+
+    needs:
+      - build-assets
+      - build-binaries
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Download assets
+        uses: actions/download-artifact@v4
+        with:
+          name: assets
+          path: assets-dist
+
+      - name: Download binary x86_64
+        uses: actions/download-artifact@v4
+        with:
+          name: binary-x86_64-unknown-linux-gnu
+          path: binary-x86_64
+
+      - name: Download binary aarch64
+        uses: actions/download-artifact@v4
+        with:
+          name: binary-aarch64-unknown-linux-gnu
+          path: binary-aarch64
+
+      - name: Create final archives
         run: |
           for arch in x86_64 aarch64; do
-            # Create one directory per architecture
-            mkdir -p dist/${arch}/share/
-            # Copy the artifacts to the right place
-            cp policies/policy.wasm dist/${arch}/share/policy.wasm
-            cp frontend/dist/manifest.json dist/${arch}/share/manifest.json
-            cp -r frontend/dist/ dist/${arch}/share/assets
-            cp -r templates/ dist/${arch}/share/templates
-            cp -r translations/ dist/${arch}/share/translations
-            cp LICENSE dist/${arch}/LICENSE
+            mkdir -p dist/${arch}/share
+            cp -r assets-dist/share/* dist/${arch}/share/
+            cp assets-dist/LICENSE dist/${arch}/LICENSE
+            cp binary-$arch/mas-cli dist/${arch}/mas-cli
             chmod -R u=rwX,go=rX dist/${arch}/
-
-            # Copy the binary to the right place
-            cp target/${arch}-unknown-linux-gnu/release/mas-cli dist/${arch}/
             chmod u=rwx,go=rx dist/${arch}/mas-cli
-
-            # Create the archive
             tar -czvf mas-cli-${arch}-linux.tar.gz --owner=0 --group=0 -C dist/${arch}/ .
           done
 
-      - name: Upload the artifacts
+      - name: Upload aarch64 archive
+        uses: actions/[email protected]
+        with:
+          name: mas-cli-aarch64-linux
+          path: mas-cli-aarch64-linux.tar.gz
+
+      - name: Upload x86_64 archive
         uses: actions/[email protected]
         with:
-          name: binaries
-          path: |
-            mas-cli-aarch64-linux.tar.gz
-            mas-cli-x86_64-linux.tar.gz
+          name: mas-cli-x86_64-linux
+          path: mas-cli-x86_64-linux.tar.gz
 
   build-image:
     name: Build and push Docker image
@@ -327,15 +388,16 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     needs:
-      - build-binaries
+      - assemble-archives
       - build-image
       - syn2mas
     steps:
       - name: Download the artifacts from the previous job
         uses: actions/download-artifact@v4
         with:
-          name: binaries
+          pattern: mas-cli-*
           path: artifacts
+          merge-multiple: true
 
       - name: Prepare a release
         uses: softprops/action-gh-release@v2
@@ -389,19 +451,19 @@ jobs:
     name: Update the unstable release
     runs-on: ubuntu-24.04
     needs:
-      - build-binaries
+      - assemble-archives
       - build-image
     if: github.ref == 'refs/heads/main'
 
     permissions:
       contents: write
-
     steps:
       - name: Download the artifacts from the previous job
         uses: actions/download-artifact@v4
         with:
-          name: binaries
+          pattern: mas-cli-*
           path: artifacts
+          merge-multiple: true
 
       - name: Update unstable git tag
         uses: actions/[email protected]