build(deps): bump curve25519-dalek from 4.1.2 to 4.1.3 #361

Workflow file for this run

	name: wrpc

	on:
	merge_group:
	pull_request:
	push:
	branches:
	- main
	tags:
	- 'runtime-wasmtime-v[0-9].[0-9]+.[0-9]+'
	- 'runtime-wasmtime-v[0-9].[0-9]+.[0-9]+-*'
	- 'transport-nats-v[0-9].[0-9]+.[0-9]+'
	- 'transport-nats-v[0-9].[0-9]+.[0-9]+-*'
	- 'transport-v[0-9].[0-9]+.[0-9]+'
	- 'transport-v[0-9].[0-9]+.[0-9]+-*'
	- 'v[0-9].[0-9]+.[0-9]+'
	- 'v[0-9].[0-9]+.[0-9]+-*'
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	build-bin:
	strategy:
	matrix:
	config:
	- target: aarch64-unknown-linux-musl
	test-bin: \|
	nix profile install --inputs-from . 'nixpkgs#qemu'
	qemu-aarch64 ./result/bin/wit-bindgen-wrpc --version
	test-oci: docker load < ./result
	# TODO: Run aarch64 binary within OCI

	- target: aarch64-apple-darwin
	test-bin: file ./result/bin/wit-bindgen-wrpc
	test-oci: docker load < ./result

	- target: aarch64-linux-android
	test-bin: file ./result/bin/wit-bindgen-wrpc
	test-oci: docker load < ./result

	- target: riscv64gc-unknown-linux-gnu-fhs
	test-bin: \|
	nix build -L '.#wrpc-riscv64gc-unknown-linux-gnu'
	nix shell --inputs-from . 'nixpkgs#qemu' -c qemu-riscv64 ./result/bin/wit-bindgen-wrpc --version

	- target: x86_64-apple-darwin
	test-bin: file ./result/bin/wit-bindgen-wrpc
	test-oci: docker load < ./result

	- target: x86_64-pc-windows-gnu
	test-bin: \|
	nix profile install --inputs-from . 'nixpkgs#wine64'
	wine64 ./result/bin/wit-bindgen-wrpc.exe --version
	test-oci: docker load < ./result
	# TODO: Run win64 binary within OCI

	- target: x86_64-unknown-linux-musl
	test-bin: ./result/bin/wit-bindgen-wrpc --version
	test-oci: \|
	docker load < ./result
	docker run --rm wrpc:$(nix eval --raw .#wrpc-x86_64-unknown-linux-musl-oci.imageTag) wit-bindgen-wrpc --version

	name: wrpc-${{ matrix.config.target }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4.1.7
	- uses: ./.github/actions/install-nix
	with:
	cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
	- uses: ./.github/actions/build-nix
	with:
	package: wrpc-${{ matrix.config.target }}
	- run: ${{ matrix.config.test-bin }}
	- uses: ./.github/actions/build-nix
	if: ${{ !endsWith(matrix.config.target, 'fhs') }}
	with:
	package: wrpc-${{ matrix.config.target }}-oci
	- run: ${{ matrix.config.test-oci }}
	if: ${{ !endsWith(matrix.config.target, 'fhs') }}

	build-lipo:
	name: wrpc-universal-darwin
	needs: build-bin
	runs-on: macos-latest
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: wrpc-aarch64-apple-darwin
	path: aarch64
	- uses: actions/download-artifact@v4
	with:
	name: wrpc-x86_64-apple-darwin
	path: x86_64

	- run: chmod +x ./x86_64/bin/*
	- run: ./x86_64/bin/wit-bindgen-wrpc --version

	- run: mkdir -p ./artifact/bin
	- run: lipo -create ./aarch64/bin/wit-bindgen-wrpc ./x86_64/bin/wit-bindgen-wrpc -output ./artifact/bin/wit-bindgen-wrpc

	- run: chmod +x ./artifact/bin/wit-bindgen-wrpc
	- run: ./artifact/bin/wit-bindgen-wrpc --version

	- uses: actions/upload-artifact@v4.3.3
	with:
	name: wrpc-universal-darwin
	path: artifact

	test-linux:
	runs-on: ubuntu-latest
	needs: build-bin
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: wrpc-x86_64-unknown-linux-musl
	- run: chmod +x ./bin/wit-bindgen-wrpc
	- run: ./bin/wit-bindgen-wrpc --version

	test-windows:
	runs-on: windows-latest
	needs: build-bin
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: wrpc-x86_64-pc-windows-gnu
	- run: .\bin\wit-bindgen-wrpc.exe --version

	cargo:
	strategy:
	matrix:
	check:
	- audit
	- fmt
	- clippy
	- nextest

	name: cargo ${{ matrix.check }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4.1.7
	- uses: ./.github/actions/install-nix
	with:
	cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
	- run: go work vendor -e -v
	if: ${{ matrix.check }} == "nextest"
	- run: git add .
	if: ${{ matrix.check }} == "nextest"
	- run: nix build -L .#checks.x86_64-linux.${{ matrix.check }}

	build-doc:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4.1.7
	- uses: ./.github/actions/install-nix
	with:
	cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
	- run: nix build -L .#checks.x86_64-linux.doc
	- run: cp --no-preserve=mode -R ./result/share/doc ./doc
	- run: rm -f doc/.lock
	- name: Create `.nojekyll`
	run: touch doc/.nojekyll
	- name: Write `index.html`
	run: \|
	cat <<EOF > doc/index.html
	<!DOCTYPE html>
	<meta charset="utf-8">
	<title>Redirecting to wrpc/index.html</title>
	<meta http-equiv="refresh" content="0; URL=wrpc/index.html">
	<link rel="canonical" href="https://${{ github.repository_owner }}.github.io/wrpc/wrpc/index.html">
	EOF
	- uses: actions/upload-pages-artifact@v3.0.1
	with:
	path: doc

	deploy-doc:
	runs-on: ubuntu-latest
	needs: build-doc
	permissions:
	pages: write
	id-token: write
	environment:
	name: github-pages
	url: ${{ steps.deployment.outputs.page_url }}
	if: github.ref == 'refs/heads/main'
	steps:
	- uses: actions/deploy-pages@v4.0.5
	id: deployment

	oci:
	runs-on: ubuntu-latest
	permissions:
	packages: write
	needs:
	- build-bin
	- test-linux
	steps:
	- uses: actions/checkout@v4.1.7
	- uses: ./.github/actions/install-nix
	with:
	cachixAuthToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

	- name: Extract tag context
	id: ctx
	run: \|
	echo "owner=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"
	echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"

	version=${GITHUB_REF_NAME#${{ matrix.prefix }}v}
	echo "version=${version}" >> "$GITHUB_OUTPUT"
	echo "version is ${version}"
	if [[ $version == "-" ]]; then
	echo "version ${version} is a pre-release"
	echo "prerelease=true" >> "$GITHUB_OUTPUT"
	fi

	- name: Login to GitHub Container Registry
	if: startswith(github.ref, format('refs/tags/{0}v', matrix.prefix)) \|\| github.ref == 'refs/heads/main'
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Install `buildah`
	run: nix profile install --inputs-from . 'nixpkgs#buildah'

	- name: Build `wrpc` image
	run: nix run -L .#build-wrpc-oci wrpc

	- name: Test `wrpc` image
	run: \|
	buildah push wrpc:$(nix eval --raw .#wrpc-x86_64-unknown-linux-musl-oci.imageTag) docker-daemon:wrpc:test
	docker run --rm wrpc:test wit-bindgen-wrpc --version

	- name: Push `wrpc` commit rev tag
	if: startswith(github.ref, format('refs/tags/{0}v', matrix.prefix)) \|\| github.ref == 'refs/heads/main'
	run: \|
	buildah manifest push --all --format 'v2s2' wrpc docker://ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:${{ github.sha }}
	buildah manifest push --all --format 'v2s2' wrpc docker://ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:${{ steps.ctx.outputs.sha_short }}

	docker run --rm ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:${{ github.sha }} wit-bindgen-wrpc --version
	docker run --rm ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:${{ steps.ctx.outputs.sha_short }} wit-bindgen-wrpc --version

	- name: Push `wrpc` version tag
	if: startswith(github.ref, format('refs/tags/{0}v', matrix.prefix))
	continue-on-error: ${{ github.repository_owner != 'wrpc' }}
	run: \|
	buildah manifest push --all --format 'v2s2' wrpc docker://ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:${{ steps.ctx.outputs.version }}
	docker run --rm ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:${{ steps.ctx.outputs.version }} wit-bindgen-wrpc --version

	- name: Push `wrpc` `latest` tag
	if: startswith(github.ref, format('refs/tags/{0}v', matrix.prefix)) && !steps.ctx.outputs.prerelease
	continue-on-error: ${{ github.repository_owner != 'wrpc' }}
	run: \|
	buildah manifest push --all --format 'v2s2' wrpc docker://ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:latest
	docker run --rm ghcr.io/${{ steps.ctx.outputs.owner }}/wrpc:latest wit-bindgen-wrpc --version

	release:
	if: startsWith(github.ref, 'refs/tags/v')
	needs:
	- build-bin
	- build-doc
	- build-lipo
	- cargo
	- oci
	- test-linux
	- test-windows
	runs-on: ubuntu-latest
	permissions:
	contents: write
	steps:
	- uses: actions/checkout@v4.1.7
	- uses: actions/download-artifact@v4
	with:
	path: artifacts
	- run: \|
	for dir in ./artifacts/wrpc-*; do
	target=${dir#./artifacts/wrpc-}
	for bin_path in $(find ${dir}/bin -type f); do
	chmod +x ${bin_path}
	bin=$(basename ${bin_path})
	case "$bin" in
	*.exe)
	bin="${bin%.exe}"
	mkdir -p ./${bin}
	mv ${bin_path} ./${bin}/${bin}-${target}.exe
	;;
	*)
	mkdir -p ./${bin}
	mv ${bin_path} ./${bin}/${bin}-${target%-fhs}
	;;
	esac
	done
	done

	- uses: softprops/action-gh-release@v2
	if: startsWith(github.ref, 'refs/tags/v')
	with:
	draft: true
	prerelease: true
	generate_release_notes: true
	files: \|
	./wit-bindgen-wrpc/*
	./wrpc-wasmtime-nats/*

	crates:
	strategy:
	matrix:
	include:
	- crate: introspect

	- crate: runtime-wasmtime
	workspace-dependencies: true

	- crate: transport
	workspace-dependencies: true

	- crate: transport-nats
	workspace-dependencies: true

	name: publish ${{ matrix.crate }} to crates.io
	needs: cargo
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4.1.7

	- name: Extract tag context
	id: ctx
	run: \|
	version=${GITHUB_REF_NAME#${{ matrix.crate }}-v}
	echo "version is ${version}"
	if [[ $version == "-" ]]; then
	echo "version ${version} is a pre-release"
	echo "prerelease=true" >> "$GITHUB_OUTPUT"
	fi

	- name: dry-run publish ${{ matrix.crate }} to crates.io
	if: ${{ !startsWith(github.ref, 'refs/tags/') }}
	continue-on-error: ${{ matrix.workspace-dependencies }} # publish may fail due to workspace crates not being published yet
	run: cargo publish --dry-run
	working-directory: ./crates/${{ matrix.crate }}

	- name: publish ${{ matrix.crate }} to crates.io
	if: startsWith(github.ref, format('refs/tags/{0}-v', matrix.crate)) && !steps.ctx.outputs.prerelease
	continue-on-error: ${{ github.repository_owner != 'wrpc' }}
	run: cargo publish --token ${{ secrets.CRATES_PUBLISH_TOKEN }}
	working-directory: ./crates/${{ matrix.crate }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump curve25519-dalek from 4.1.2 to 4.1.3 #361

Workflow file

build(deps): bump curve25519-dalek from 4.1.2 to 4.1.3 #361

Jobs

Run details

Workflow file for this run