diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6c50a8ec..27080f20 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -99,6 +99,7 @@ jobs:
codesign: '-'
codesign-prefix: 'com.example.'
codesign-options: 'runtime'
+ upx: ${{ startsWith(matrix.os, 'ubuntu-') && matrix.target != 'x86_64-pc-windows-gnu' && (matrix.target != 'aarch64-unknown-linux-gnu' || matrix.build_tool == 'cargo') }}
- name: Check action outputs
run: |
printf 'outputs.archive should not be empty\n'
@@ -121,6 +122,17 @@ jobs:
printf 'outputs.md5 should be a file\n'
test -f "${{ steps.upload-rust-binary-action.outputs.md5 }}"
+ - name: Check UPX
+ if: |
+ startsWith(matrix.os, 'ubuntu-') &&
+ matrix.target != 'x86_64-pc-windows-gnu' &&
+ (matrix.target != 'aarch64-unknown-linux-gnu' || matrix.build_tool == 'cargo')
+ run: |
+ printf 'binary should be compressed with UPX\n'
+ target_dir="./test-crate/target/release"
+ tar -C "$target_dir" -xf "${{ steps.upload-rust-binary-action.outputs.tar }}"
+ target_file="$target_dir/test-crate"
+ test -n "$(file "$target_file" | grep 'no section header')"
- name: Check b2 output
if: ${{ contains(matrix.checksums || 'b2,sha256,sha512,sha1,md5', 'b2') }}
run: |
diff --git a/README.md b/README.md
index e559327f..923f8ba3 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,7 @@ Currently, this action is basically intended to be used in combination with an a
| codesign | false | Sign build products using `codesign` on macOS | String | |
| codesign-prefix | false | Prefix for the `codesign` identifier on macOS | String | |
| codesign-options | false | Specifies a set of option flags to be embedded in the code signature on macOS. See the `codesign` manpage for details. | String | |
+| upx | false | Compress binaries using [UPX](https://upx.github.io) on some platforms | Boolean | `false` |
\[1] Required one of `token` input option or `GITHUB_TOKEN` environment variable. Not required when `dry-run` input option is set to `true`.
\[2] This is optional but it is recommended that this always be set to clarify which target you are building for if macOS is included in the matrix because GitHub Actions changed the default architecture of macos-latest since macos-14.
diff --git a/action.yml b/action.yml
index 716017cd..5e781f5e 100644
--- a/action.yml
+++ b/action.yml
@@ -112,6 +112,10 @@ inputs:
codesign_options:
description: Alias for 'codesign-options'
required: false
+ upx:
+ description: Compress binaries using UPX on some platforms
+ required: false
+ default: 'false'
outputs:
archive:
@@ -171,3 +175,4 @@ runs:
INPUT_CODESIGN: ${{ inputs.codesign }}
INPUT_CODESIGN_PREFIX: ${{ inputs.codesign-prefix || inputs.codesign_prefix }}
INPUT_CODESIGN_OPTIONS: ${{ inputs.codesign-options || inputs.codesign_options }}
+ INPUT_UPX: ${{ inputs.upx }}
diff --git a/main.sh b/main.sh
index 96d33a5c..07bcbb0a 100755
--- a/main.sh
+++ b/main.sh
@@ -101,6 +101,13 @@ case "${build_locked}" in
*) bail "'locked' input option must be 'true' or 'false': '${build_locked}'" ;;
esac
+upx="${INPUT_UPX:-}"
+case "${upx}" in
+ true) upx=1 ;;
+ false) upx='' ;;
+ *) bail "'upx' input option must be 'true' or 'false': '${upx}'" ;;
+esac
+
bin_name="${INPUT_BIN:?}"
bin_names=()
if [[ -n "${bin_name}" ]]; then
@@ -340,6 +347,7 @@ build() {
*) bail "unrecognized build tool '${build_tool}'" ;;
esac
}
+
do_codesign() {
if [[ -n "${INPUT_CODESIGN:-}" ]]; then
local codesign_options=(--sign "${INPUT_CODESIGN}")
@@ -384,6 +392,36 @@ case "${INPUT_TARGET:-}" in
;;
esac
+# Compress binaries with UPX
+if [[ -n "${upx}" ]]; then
+ compress_binaries() {
+ for bin_exe in "${bins[@]}"; do
+ x upx --best "${target_dir}/${bin_exe}"
+ done
+ }
+
+ case "${host_os}" in
+ windows)
+ if ! type -P upx >/dev/null; then
+ choco install upx -y
+ fi
+ compress_binaries
+ ;;
+ linux)
+ if ! type -P upx >/dev/null; then
+ sudo apt-get install -y upx-ucl
+ fi
+ compress_binaries
+ ;;
+ macos)
+ # macOS is not currently supported by UPX
+ ;;
+ *)
+ warn "UPX is not available on ${host_os}"
+ ;;
+ esac
+fi
+
case "${host_os}" in
macos)
if type -P codesign >/dev/null; then