-
Notifications
You must be signed in to change notification settings - Fork 380
111 lines (99 loc) · 3.06 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: "Nix and release"
on:
push:
branches:
- master
tags:
- "v*"
pull_request:
branches:
- master
jobs:
nixBuild:
name: Build ${{ matrix.name }} binary
timeout-minutes: ${{ matrix.timeout || 30 }}
runs-on: ${{ matrix.os }}
permissions:
contents: read
outputs:
version: ${{ steps.version.outputs.version }}
strategy:
matrix:
include:
- os: ubuntu-latest
name: Linux (x86_64)
tuple: x86_64-linux
timeout: 180
- os: macos-latest
name: macOS (x86_64)
tuple: x86_64-macos
- os: macos-latest-xlarge
name: macOS (aarch64)
tuple: aarch64-macos
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v9
- name: Configure Cachix
uses: cachix/cachix-action@v13
with:
name: trailofbits
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Configure Nix cache
if: runner.arch == 'X64'
# Unfortunately the action does not work on ARM runners
uses: DeterminateSystems/magic-nix-cache-action@v2
with:
upstream-cache: https://trailofbits.cachix.org
- name: Obtain version number
id: version
run: |
if [[ "$GIT_REF" =~ ^refs/tags/v.* ]]; then
echo "version=$(echo "$GIT_REF" | sed 's#^refs/tags/v##')" >> "$GITHUB_OUTPUT"
else
echo "version=HEAD-$(echo "$GIT_SHA" | cut -c1-7)" >> "$GITHUB_OUTPUT"
fi
env:
GIT_REF: ${{ github.ref }}
GIT_SHA: ${{ github.sha }}
- name: Build dynamic echidna
run: |
nix build .#echidna
- name: Build redistributable echidna
run: |
nix build .#echidna-redistributable --out-link redistributable
tar -czf "echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz" -C ./redistributable/bin/ echidna
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: echidna-redistributable
path: echidna-${{ steps.version.outputs.version }}-${{ matrix.tuple }}.tar.gz
release:
name: Create release
timeout-minutes: 10
needs: [nixBuild]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: echidna-redistributable
- name: Sign binaries
uses: sigstore/[email protected]
with:
inputs: ./echidna-*.tar.gz
- name: Create GitHub release and upload binaries
uses: softprops/[email protected]
with:
draft: true
name: "Echidna ${{ needs.nixBuild.outputs.version }}"
files: |
./echidna-*.tar.gz
./echidna-*.tar.gz.sigstore