-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate release builds with github actions #337
Conversation
Thank you! This definitely looks much closer to what I had originally proposed in #66 than any other attempt so far. I'll review it in more depth when I have time. |
To answer your questions:
|
Looks like softprops' v1 is actually a tag (which is different from the 0.1.5 tag), but is not listed as a release. I've asked for clarification. |
I've switched the naming scheme around (swapped version and target) so it's compatible out of the box with tools like cargo-binstall. |
Perhaps I've been misunderstanding how GitHub Actions work, but I thought releases were handled via the Actions Marketplace: https://github.com/marketplace/actions/gh-release?version=v0.1.5 Are you saying that the tag in the repo may not correspond to what they released? |
Oh, hmm. I'm not entirely sure how that works. But the version that's set in the workflow currently (and which I also use elsewhere) is clearly v1, and yet the latest on the actions page is "0.1.5". The 0.1.5 tag is about two weeks before the v1 tag. I don't know precisely how github actions version resolution works, but this page seems to suggests it's based on tags and commits, not restricted to anything published via marketplace: That page also recommends pinning via commit SHAs, I could do that |
Sounds good |
I've pinned with SHAs so that's no longer a concern anyway, but for completeness softprops has confirmed that the v1 tag is an actual release (i.e. won't change to another commit). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general I'd say this looks good and I'm interested in giving it a try.
I can try tagging a v0.14.1
release to test it out.
Edit: okay, spotted one small nit after I approved it 😉
I'll more thoroughly review the We already extensively make use of |
Co-authored-by: Tony Arcieri <bascule@gmail.com>
@passcod well, it ran for the first time. Seems it had some trouble linking with OpenSSL on Linux: https://github.com/RustSec/cargo-audit/runs/2467228358?check_suite_focus=true
I guess there's a tricky question here of how to link OpenSSL. I've never statically linked with the I'm guessing the root cause of this actual problem though is the |
No, it likely is installed, but not for cross compiling. The x86-64 linux gnu build has compiled openssl-sys just fine. Depends what you want to do, but perhaps vendoring openssl for the arm and musl targets is a good idea? |
Yes, that's fine |
@passcod seems there are still problems with this: |
Submitted for consideration re #66
Obviously not end-to-end tested against this repo.
Some choices/questions:
I've named the Windows and macOS sections with their isa (x86-64) even though that's currently the only option, in the optic that perhaps there would eventually be builds for Windows ARM or Apple Silicon.
I've selected tar.gz as the archive format (zip on windows) as it's most common but it could be xz or zstd... as you wish
I've included the readme, changelog, and license files in the archive. Maybe that's not necessary? Or should the audit.toml.example file be included as well for even more of a batteries-included ux?
Should the build be done with
--locked
to respect the lockfile?Should checksums be generated? (not sure how to do that due to the job layout / parallelism though)
Though this is a 1st party github service, some of the actions used are not (from action-rs and softprops). I'm sure it would be possible to avoid these, though that's beyond the level of effort I'm okay expending for this tbqh.