Skip to content
Rust

publishing release data to dl.espressif #393

Sign in to view logs

publishing release data to dl.espressif

publishing release data to dl.espressif #393

Workflow file for this run

.github/workflows/build_rust.yaml at 4cbbf6b
name: Rust
on:
push:
tags:
- "v*"
branches:
- master
pull_request:
branches:
- master
release:
types:
- created
workflow_dispatch:
jobs:
build:
name: Build for multiple platforms
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: ubuntu-latest
package_name: linux-x64
- os: windows-latest
package_name: windows-x64
- os: macos-latest
package_name: macos-aarch64
- os: macos-13
package_name: macos-x64
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Install OpenSSL (Windows)
if: runner.os == 'Windows'
shell: powershell
run: |
echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
vcpkg install openssl:x64-windows-static-md
- name: Install OpenSSL (Macos)
if: matrix.os == 'macos-latest'
run: brew install openssl
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry
restore-keys: |
${{ runner.os }}-cargo-registry
- name: Cache cargo index
uses: actions/cache@v4
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index
restore-keys: |
${{ runner.os }}-cargo-index
- name: Build
run: cargo build --release
# - name: Run tests
# run: cargo test --release
- name: Create release directory
run: mkdir -p release
- name: Create release system directory
run: mkdir -p release/${{ matrix.package_name }}
- name: Copy binary to release directory Windows
if: matrix.os == 'windows-latest'
run: cp target/release/eim.exe release/${{ matrix.package_name }}/eim.exe
- name: Sign Windows Binary
if: matrix.platform == 'windows-latest'
env:
WINDOWS_PFX_FILE: ${{ secrets.WIN_CERTIFICATE }}
WINDOWS_PFX_PASSWORD: ${{ secrets.WIN_CERTIFICATE_PWD }}
WINDOWS_SIGN_TOOL_PATH: 'C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86\signtool.exe'
run: |
echo $env:WINDOWS_PFX_FILE | Out-File -FilePath cert.b64 -Encoding ASCII
certutil -decode cert.b64 cert.pfx
Remove-Item cert.b64
& "$env:WINDOWS_SIGN_TOOL_PATH" sign /f cert.pfx /p $env:WINDOWS_PFX_PASSWORD /tr http://timestamp.digicert.com /td sha256 /fd sha256 release/${{ matrix.package_name }}/eim.exe
- name: Copy binary to release directory POSIX
if: matrix.os != 'windows-latest'
run: |
cp target/release/eim release/${{ matrix.package_name }}/eim
chmod +x release/${{ matrix.package_name }}/eim
- name: Codesign macOS eim executables
if: startsWith(matrix.os, 'macos')
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
/usr/bin/security create-keychain -p espressif build.keychain
/usr/bin/security default-keychain -s build.keychain
/usr/bin/security unlock-keychain -p espressif build.keychain
/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
/usr/bin/codesign --entitlements eim.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" release/${{ matrix.package_name }}/eim -v
/usr/bin/codesign -v -vvv --deep release/${{ matrix.package_name }}/eim
- name: Zip eim executable for notarization
if: startsWith(matrix.os, 'macos')
run: |
cd release/${{ matrix.package_name }}
zip -r eim.zip eim
- name: Notarization of macOS eim executables
# && github.ref == 'refs/heads/master'
if: startsWith(matrix.os, 'macos')
env:
NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
run: |
echo "Create notary keychain"
/usr/bin/security create-keychain -p espressif notary.keychain
/usr/bin/security default-keychain -s notary.keychain
/usr/bin/security unlock-keychain -p espressif notary.keychain
echo "Create keychain profile"
xcrun notarytool store-credentials "eim-notarytool-profile" --apple-id $NOTARIZATION_USERNAME --team-id $NOTARIZATION_TEAM_ID --password $NOTARIZATION_PASSWORD
xcrun notarytool submit release/${{ matrix.package_name }}/eim.zip --keychain-profile "eim-notarytool-profile" --wait
echo "Unzipping the executable"
unzip -o release/${{ matrix.package_name }}/eim.zip -d release/${{ matrix.package_name }}
# echo "Attach staple for eim executable"
# xcrun stapler staple release/${{ matrix.package_name }}/eim
- name: Zip artifacts (Windows)
if: matrix.os == 'windows-latest'
run: |
cd release/${{ matrix.package_name }}
7z a -tzip eim.zip eim.exe
- name: Zip artifacts (POSIX)
if: matrix.os != 'windows-latest'
run: |
cd release/${{ matrix.package_name }}
zip -r eim.zip eim
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: eim-${{ github.run_id }}-${{ matrix.package_name }}
path: release/${{ matrix.package_name }}/eim.zip
- name: Upload artifact for tag
if: startsWith(github.ref, 'refs/tags/')
uses: actions/upload-artifact@v4
with:
name: eim-${{ github.ref_name }}-${{ matrix.package_name }}
path: release/${{ matrix.package_name }}/eim.zip
- name: Upload Release Asset
if: github.event_name == 'release' && github.event.action == 'created'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: release/${{ matrix.package_name }}/eim.zip
asset_name: eim-${{ github.ref_name }}-${{ matrix.package_name }}.zip
asset_content_type: application/zip
- name: Create aarch64-linux build
if: matrix.os == 'ubuntu-latest'
run: |
rustup target add aarch64-unknown-linux-gnu
cargo install cross
cross build --target aarch64-unknown-linux-gnu --release
mkdir -p release/aarch64-unknown-linux-gnu
cp target/aarch64-unknown-linux-gnu/release/eim release/aarch64-unknown-linux-gnu/eim
chmod +x release/aarch64-unknown-linux-gnu/eim
cd release/aarch64-unknown-linux-gnu
zip -r eim.zip eim
- name: Upload build artifacts for aarch64-linux
uses: actions/upload-artifact@v4
if: matrix.os == 'ubuntu-latest'
with:
name: eim-${{ github.run_id }}-linux-arm64
path: release/aarch64-unknown-linux-gnu/eim.zip
- name: Upload artifact for tag on aarch64-linux
if: startsWith(github.ref, 'refs/tags/') && runner.os == 'Linux'
uses: actions/upload-artifact@v4
with:
name: eim-${{ github.ref_name }}-linux-arm64
path: release/aarch64-unknown-linux-gnu/eim.zip
- name: Upload Release Asset on aarch64-linux
if: github.event_name == 'release' && github.event.action == 'created' && runner.os == 'Linux'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: release/aarch64-unknown-linux-gnu/eim.zip
asset_name: eim-${{ github.ref_name }}-linux-arm64.zip
asset_content_type: application/zip
call-test-workflow:
needs: build
uses: ./.github/workflows/test.yml
with:
run_id: ${{ github.run_id }}
ref: ${{ github.event.pull_request.head.ref }}
fetch-latest-release:
name: Fetch Latest Release Info
needs: [build]
runs-on: ubuntu-latest
# This ensures the job runs after a release is created or when manually triggered
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
steps:
- name: Fetch latest release
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-east-1
run: |
curl -s https://api.github.com/repos/espressif/idf-im-cli/releases/latest > eim_cli_release.json
echo "Latest release tag: $(jq -r .tag_name eim_cli_release.json)"
aws s3 cp --acl=public-read "eim_cli_release.json" s3://espdldata/dl/eim/eim_cli_release.json