Ignore derivative unmaintained advisory #1857
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Binaries | |
on: | |
release: | |
types: [published] | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_protected == 'true' && github.sha || github.ref }}-{{ github.event_name }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
id-token: write | |
contents: write | |
attestations: write | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
crate: | |
- name: stellar-cli | |
binary: stellar | |
sys: | |
- os: ubuntu-20.04 # Use 20.04 to get an older version of glibc for increased compat | |
target: x86_64-unknown-linux-gnu | |
- os: ubuntu-20.04 # Use 20.04 to get an older version of glibc for increased compat | |
target: aarch64-unknown-linux-gnu | |
- os: macos-14 | |
target: aarch64-apple-darwin | |
- os: macos-14 | |
target: x86_64-apple-darwin | |
- os: windows-latest | |
target: x86_64-pc-windows-msvc | |
ext: .exe | |
runs-on: ${{ matrix.sys.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- run: rustup update | |
- run: rustup target add ${{ matrix.sys.target }} | |
- if: matrix.sys.target == 'aarch64-unknown-linux-gnu' | |
run: sudo apt-get update && sudo apt-get -y install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libudev-dev | |
- name: Setup vars | |
run: | | |
version="$(cargo metadata --format-version 1 --no-deps | jq -r '.packages[] | select(.name == "stellar-cli") | .version')" | |
echo "VERSION=${version}" >> $GITHUB_ENV | |
echo "NAME=${{ matrix.crate.name }}-${version}-${{ matrix.sys.target }}" >> $GITHUB_ENV | |
- name: Package (release only) | |
if: github.event_name == 'release' | |
run: cargo package --no-verify --package ${{ matrix.crate.name }} | |
- name: Package Extract (release only) | |
if: github.event_name == 'release' | |
run: | | |
cd target/package | |
tar xvfz ${{ matrix.crate.name }}-$VERSION.crate | |
echo "BUILD_WORKING_DIR=target/package/${{ matrix.crate.name }}-$VERSION" >> $GITHUB_ENV | |
- name: Build | |
env: | |
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
working-directory: ${{ env.BUILD_WORKING_DIR }} | |
run: cargo build --target-dir="$GITHUB_WORKSPACE/target" --package ${{ matrix.crate.name }} --features opt --release --target ${{ matrix.sys.target }} | |
- name: Build provenance for attestation (release only) | |
if: github.event_name == 'release' | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: target/${{ matrix.sys.target }}/release/${{ matrix.crate.binary }}${{ matrix.sys.ext }} | |
- name: Compress | |
run: | | |
cd target/${{ matrix.sys.target }}/release | |
tar czvf $NAME.tar.gz ${{ matrix.crate.binary }}${{ matrix.sys.ext }} | |
- name: Upload to Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.NAME }}.tar.gz | |
path: 'target/${{ matrix.sys.target }}/release/${{ env.NAME }}.tar.gz' | |
- name: Upload to Release (release only) | |
if: github.event_name == 'release' | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const fs = require('fs'); | |
await github.rest.repos.uploadReleaseAsset({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: ${{ github.event.release.id }}, | |
name: '${{ env.NAME }}.tar.gz', | |
data: fs.readFileSync('target/${{ matrix.sys.target }}/release/${{ env.NAME }}.tar.gz'), | |
}); | |
installer: | |
needs: build | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup vars | |
run: | | |
version="$(cargo metadata --format-version 1 --no-deps | jq -r '.packages[] | select(.name == "stellar-cli") | .version')" | |
installer_basename="stellar-cli-installer-${version}-x86_64-pc-windows-msvc" | |
echo "VERSION=${version}" >> $GITHUB_ENV | |
echo "STELLAR_CLI_INSTALLER_BASENAME=${installer_basename}" >> $GITHUB_ENV | |
echo "STELLAR_CLI_INSTALLER=${installer_basename}.exe" >> $GITHUB_ENV | |
echo "ARTIFACT_NAME=stellar-cli-${version}-x86_64-pc-windows-msvc.tar.gz" >> $GITHUB_ENV | |
- name: Download Artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
- name: Uncompress Artifact | |
run: tar xvf ${{ env.ARTIFACT_NAME }} | |
- name: Build Installer | |
shell: powershell | |
run: | | |
$Env:Path += ";C:\Users\$Env:UserName\AppData\Local\Programs\Inno Setup 6" | |
$Env:STELLAR_CLI_VERSION = "${{ env.VERSION }}" | |
ISCC.exe installer.iss | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.STELLAR_CLI_INSTALLER }} | |
path: Output/stellar-installer.exe | |
- name: Build provenance for attestation (release only) | |
if: github.event_name == 'release' | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: ${{ env.STELLAR_CLI_INSTALLER }} | |
- name: Upload to Release (release only) | |
if: github.event_name == 'release' | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const fs = require('fs'); | |
await github.rest.repos.uploadReleaseAsset({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: ${{ github.event.release.id }}, | |
name: '${{ env.STELLAR_CLI_INSTALLER }}', | |
data: fs.readFileSync('Output/stellar-installer.exe'), | |
}); | |