make this a release #1454

Workflow file for this run

.github/workflows/build-all.yml at 0b90776

	# Build and test on each commit. Create a release on tagged commits.
	#
	# Binaries on each platform are stripped. This removes debug symbols.
	name: Build
	on: [push]

	jobs:
	build-all:
	name: ${{ matrix.os-name }}-build
	runs-on: ${{ matrix.os }}
	container: ${{ matrix.container }}

	defaults:
	run:
	shell: bash

	strategy:
	matrix:
	os: ['windows-latest', 'ubuntu-latest', 'macos-latest']
	include:
	- os: ubuntu-latest
	os-name: Linux
	container: fossa/haskell-static-alpine:ghc-9.0.2
	project-file: cabal.project.ci.linux
	ghc: '9.0.2'

	- os: macos-latest
	os-name: macOS
	project-file: cabal.project.ci.macos
	ghc: '9.0.2'

	- os: windows-latest
	os-name: Windows
	project-file: cabal.project.ci.windows
	ghc: '9.0.2'

	steps:
	- uses: Swatinem/rust-cache@v1.3.0

	- uses: actions/checkout@v3
	with:
	lfs: true

	- name: Install MacOS binary dependencies
	if: ${{ contains(matrix.os, 'macos') }}
	run: \|
	brew install upx jq

	# Set up Haskell.
	- uses: haskell/actions/setup@v1
	id: setup-haskell
	name: Setup ghc/cabal (non-alpine)
	if: ${{ !contains(matrix.os, 'ubuntu') }}
	with:
	ghc-version: ${{ matrix.ghc }}

	# Set up Rust.
	- uses: actions-rs/toolchain@v1
	with:
	profile: minimal
	toolchain: stable
	- uses: taiki-e/install-action@nextest

	- name: Debugging information
	run: \|
	ghc --version \|\| echo "no ghc"
	cabal --version \|\| echo "no cabal"
	ghcup --version \|\| echo "no ghcup"
	rustc -V \|\| echo "no rustc"
	cargo -V \|\| echo "no cargo"

	# Build Rust crates, which must be present when the CLI builds.
	- name: Test Rust dependencies
	run: cargo nextest run

	- name: Build Rust dependencies
	run: cargo build --release

	# Build FOSSA CLI.
	- uses: actions/cache@v2
	name: Cache cabal store
	with:
	path: ${{ steps.setup-haskell.outputs.cabal-store \|\| '~/.cabal/store' }}
	key: ${{ runner.os }}-${{ matrix.ghc }}-cabal-cache-${{ hashFiles('*/.cabal', format('{0}', matrix.project-file)) }}
	restore-keys: \|
	${{ runner.os }}-${{ matrix.ghc }}-cabal-cache-
	${{ runner.os }}-${{ matrix.ghc }}-
	${{ runner.os }}-

	- name: Update vendored binaries
	run: \|
	mkdir vendor-bins
	./vendor_download.sh
	env:
	GITHUB_TOKEN: ${{ secrets.BASIS_ACCESS_TOKEN }}

	- name: Build test data
	run: \|
	make build-test-data

	- name: Check git status
	# https://github.com/actions/checkout/issues/760#issuecomment-1099519159
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"
	git status --porcelain

	- name: Build
	# Occasionally, we run out of memory on the build process.
	# Since cabal uses incremental compilation, we can retry from where we left off
	# by simply re-running cabal if we fail.
	env:
	RUN_CMD: cabal build --project-file=${{ matrix.project-file }} all
	run: \|
	cabal update
	$RUN_CMD \|\| $RUN_CMD

	- name: Run unit tests
	run: \|
	cabal test --project-file=${{ matrix.project-file }} unit-tests

	# Save artifacts.
	- name: Find and move binaries (Windows)
	if: ${{ contains(matrix.os, 'windows') }}
	run: \|
	mkdir release
	find . -type f -path '*/fossa/fossa.exe' -exec cp {} release \;
	find . -type f -path '*/pathfinder/pathfinder.exe' -exec cp {} release \;

	- name: Find and move binaries (non-Windows)
	if: ${{ !contains(matrix.os, 'windows') }}
	run: \|
	mkdir release
	find . -type f -path '*/fossa/fossa' -exec cp {} release \;
	find . -type f -path '*/pathfinder/pathfinder' -exec cp {} release \;

	- name: Strip binaries
	run: \|
	strip release/*

	- uses: actions/upload-artifact@v2
	with:
	name: ${{ runner.os }}-binaries
	path: release

	create-release:
	name: create-release
	runs-on: ubuntu-latest
	needs: ['build-all']

	steps:
	- uses: actions/download-artifact@v2

	- name: Get version
	id: get-version
	run: \|
	case $GITHUB_REF in
	refs/tags/v*)
	# This strips the 'v' prefix from the tag.
	echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/}
	;;
	*)
	echo ::set-output name=VERSION::${GITHUB_SHA}
	;;
	esac

	- name: Check that version info was embedded correctly
	if: ${{ startsWith(github.ref, 'refs/tags/v') }}
	run: \|
	chmod +x Linux-binaries/fossa

	echo $GITHUB_REF_NAME
	echo $GITHUB_REF_TYPE
	echo $GITHUB_SHA
	echo ${GITHUB_SHA:0:12}
	echo $(Linux-binaries/fossa --version)
	echo "fossa-cli version ${{ steps.get-version.outputs.VERSION }} (revision ${GITHUB_SHA:0:12} compiled with ghc-9.0)"

	[ "$GITHUB_REF_TYPE" = "tag" ] && echo "Ref type OK"
	[ "$(Linux-binaries/fossa --version)" = "fossa-cli version ${{ steps.get-version.outputs.VERSION }} (revision ${GITHUB_SHA:0:12} compiled with ghc-9.0)" ] && echo "CLI version OK"

	# This uses names compatible with our install script.
	#
	# Originally, CLI >=2.x Linux releases were only packaged as zip files, but
	# we added tar.gz to improve compatibility. Our install script depends on
	# the unzip command, which is not installed in most Linux distributions by
	# default. To avoid breaking compatibility with older install scripts, we
	# release both formats but default to using tar.gz when installing.
	- name: Bundle binaries
	run: \|
	mkdir release

	ls -R

	chmod +x Linux-binaries/*
	zip -j release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip Linux-binaries/fossa
	zip -j release/pathfinder_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip Linux-binaries/pathfinder
	tar --create --gzip --verbose --file release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz --directory Linux-binaries fossa
	tar --create --gzip --verbose --file release/pathfinder_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz --directory Linux-binaries pathfinder

	chmod +x macOS-binaries/*
	zip -j release/fossa_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip macOS-binaries/fossa
	zip -j release/pathfinder_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip macOS-binaries/pathfinder

	chmod +x Windows-binaries/*
	zip -j release/fossa_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip Windows-binaries/fossa.exe
	zip -j release/pathfinder_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip Windows-binaries/pathfinder.exe

	- name: Create checksums
	# We have to run from within the release dir so that "release" isn't prepended to the relative path of the zip file.
	run: \|
	cd release
	sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip" > "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip.sha256"
	sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz" > "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz.sha256"
	sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip" > "fossa_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip.sha256"
	sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip" > "fossa_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip.sha256"

	echo "Sanity-checking the checksums."

	cat *.sha256 \| sha256sum --check --status

	# Uploads the generated archives (tar.gz/zip) as build artifacts to allow
	# verifying them without needing to do an actual release. This step does not
	# need to run for tagged release versions.
	- name: Upload release archives
	if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
	uses: actions/upload-artifact@v2
	with:
	name: release-archives
	path: release

	- name: Release
	if: ${{ startsWith(github.ref, 'refs/tags/v') }}
	uses: softprops/action-gh-release@v1
	with:
	files: release/*
	draft: true
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

make this a release #1454

Workflow file

make this a release #1454

Jobs

Run details

Workflow file for this run