cortex/.github/workflows/release.yml at main · 1337Xcode/cortex · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
name: Release

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

env:
  CARGO_TERM_COLOR: always

jobs:
  build:
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: ubuntu-latest
            target: x86_64-unknown-linux-gnu
            artifact: cortex-linux-x64
            ext: ""
          - os: macos-latest
            target: x86_64-apple-darwin
            artifact: cortex-darwin-x64
            ext: ""
          - os: macos-latest
            target: aarch64-apple-darwin
            artifact: cortex-darwin-arm64
            ext: ""
          - os: windows-latest
            target: x86_64-pc-windows-msvc
            artifact: cortex-win32-x64
            ext: ".exe"
          - os: windows-latest
            target: i686-pc-windows-msvc
            artifact: cortex-win32-ia32
            ext: ".exe"

    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@v4

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.target }}

      - name: Cache cargo
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: ${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: ${{ matrix.target }}-cargo-

      - name: Build release binary
        run: cargo build --release --target ${{ matrix.target }}

      - name: Package (Unix)
        if: runner.os != 'Windows'
        shell: bash
        run: |
          mkdir -p dist
          cp target/${{ matrix.target }}/release/cortex dist/cortex
          cd dist
          tar -czf ${{ matrix.artifact }}.tar.gz cortex
          sha256sum ${{ matrix.artifact }}.tar.gz > ${{ matrix.artifact }}.tar.gz.sha256

      - name: Package (Windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: |
          New-Item -ItemType Directory -Force -Path dist
          Copy-Item "target\${{ matrix.target }}\release\cortex.exe" "dist\cortex.exe"
          Set-Location dist
          tar -czf "${{ matrix.artifact }}.tar.gz" "cortex.exe"
          $hash = (Get-FileHash "${{ matrix.artifact }}.tar.gz" -Algorithm SHA256).Hash.ToLower()
          "$hash  ${{ matrix.artifact }}.tar.gz" | Out-File -Encoding ascii "${{ matrix.artifact }}.tar.gz.sha256"

      - name: Upload build artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.artifact }}
          path: dist/${{ matrix.artifact }}.*

  release:
    needs: build
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/')
    permissions:
      contents: write

    steps:
      - uses: actions/checkout@v4

      - name: Download all build artifacts
        uses: actions/download-artifact@v4
        with:
          path: artifacts
          merge-multiple: true

      - name: List artifacts
        run: ls -la artifacts/

      - name: Verify checksums
        shell: bash
        run: |
          echo "=== Binary Verification ==="
          echo ""
          cd artifacts
          for sha_file in *.sha256; do
            if [ -f "$sha_file" ]; then
              echo "Verifying: $sha_file"
              sha256sum -c "$sha_file"
            fi
          done
          echo ""
          echo "=== All checksums verified ==="

      - name: Extract release notes
        shell: bash
        run: |
          # Get version from tag (strip 'v' prefix)
          TAG="${GITHUB_REF#refs/tags/v}"
          echo "Looking for version: $TAG"

          # Safely extract changelog section using grep + sed (avoids awk regex issues with special chars)
          if grep -q "^## \[${TAG}\]" CHANGELOG.md; then
            # Extract from the matching header to the next ## [ header
            sed -n "/^## \[${TAG}\]/,/^## \[/{ /^## \[${TAG}\]/d; /^## \[/d; p; }" CHANGELOG.md > release_notes.md
          fi

          # If empty, use the first changelog section
          if [ ! -s release_notes.md ]; then
            echo "No exact match for $TAG, using first changelog section"
            sed -n '/^## \[/{n; :loop; /^## \[/q; p; n; b loop}' CHANGELOG.md > release_notes.md
          fi

          # If still empty, use a default
          if [ ! -s release_notes.md ]; then
            echo "Release v${TAG}" > release_notes.md
          fi

          echo "Release notes:"
          cat release_notes.md

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: artifacts/*
          body_path: release_notes.md
          draft: false
          prerelease: false
          make_latest: true

  npm-publish:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Extract version from tag
        id: version
        run: echo "version=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"

      - name: Update package.json version
        working-directory: npm
        run: |
          node -e "
            const pkg = require('./package.json');
            pkg.version = '${{ steps.version.outputs.version }}';
            require('fs').writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
          "

      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          registry-url: 'https://registry.npmjs.org'

      - name: Publish to npm
        working-directory: npm
        run: npm publish --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}