PublicArchive/SpacetimeDB
2
0
Fork 0
mirror of https://github.com/clockworklabs/SpacetimeDB.git synced 2026-05-08 08:39:58 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
bot/database-lock
SpacetimeDB/.github/workflows/package.yml
T
Zeke Foppa 0a70eb9ed7 CI - Fix package job (#4552) 
# Description of Changes

We were unable to test
https://github.com/clockworklabs/SpacetimeDB/pull/4473 because
#githubworkflowthings, and it turns out we broke the job.

Here I fixed the job and merge the two jobs into one.

**Signing still doesn't work so I've disabled the signing part for
now.**

# API and ABI breaking changes

None. CI only.

# Expected complexity level and risk

1

# Testing

I ran a test job:
https://github.com/clockworklabs/SpacetimeDB/actions/runs/22691343426/job/65787327828

- [x] Package job succeeds for non-windows
- [x] Package job succeeds on windows

---------

Co-authored-by: Zeke Foppa <bfops@users.noreply.github.com>
2026-03-11 09:29:40 +00:00

138 lines
5.4 KiB
YAML
Raw Permalink Blame History

name: Package SpacetimeDB CLI
on:
push:
tags:
- '**'
workflow_dispatch:
permissions:
contents: read
jobs:
build-cli:
strategy:
fail-fast: false
matrix:
include:
# WARNING - do not upgrade this runner to 24.04 or the self hosted runners because it will break downloads for
# anyone who uses a linux distro that doesn't have glibc >= GLIBC_2.38
- { name: x86_64 Linux, target: x86_64-unknown-linux-gnu, runner: ubuntu-22.04 }
- { name: aarch64 Linux, target: aarch64-unknown-linux-gnu, runner: arm-runner }
# Disabled because musl builds weren't working and we didn't want to investigate. See https://github.com/clockworklabs/SpacetimeDB/pull/2964.
# - { name: x86_64 Linux musl, target: x86_64-unknown-linux-musl, runner: bare-metal, container: alpine }
# FIXME: arm musl build. "JavaScript Actions in Alpine containers are only supported on x64 Linux runners"
# - { name: aarch64 Linux musl, target: aarch64-unknown-linux-musl, runner: arm-runner }
- { name: aarch64 macOS, target: aarch64-apple-darwin, runner: macos-latest }
- { name: x86_64 macOS, target: x86_64-apple-darwin, runner: macos-latest }
- { name: x86_64 Windows, target: x86_64-pc-windows-msvc, runner: windows-latest }
name: Build CLI for ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Show arch
run: uname -a
- name: Install musl dependencies
# TODO: Should we use `matrix.container == 'alpine'` instead of the `endsWith` check?
if: endsWith(matrix.target, '-musl')
run: apk add gcc g++ bash curl linux-headers perl git make
- name: Install Rust
uses: dsherret/rust-toolchain-file@v1
- name: Set default rust toolchain
run: rustup default $(rustup show active-toolchain | cut -d' ' -f1)
- name: Install rust target
run: rustup target add ${{ matrix.target }}
- name: Add signtool.exe to PATH
if: ${{ runner.os == 'Windows' }}
shell: pwsh
run: |
$root = "${env:ProgramFiles(x86)}\Windows Kits\10\bin"
$signtool = Get-ChildItem $root -Recurse -Filter signtool.exe -ErrorAction SilentlyContinue |
Where-Object { $_.FullName -match '\\x64\\signtool\.exe$' } |
Sort-Object FullName -Descending |
Select-Object -First 1
if (-not $signtool) { throw "signtool.exe not found under $root" }
"Found: $($signtool.FullName)"
$dir = Split-Path $signtool.FullName
Add-Content -Path $env:GITHUB_PATH -Value $dir
- name: Write certificate file for signing
if: ${{ runner.os == 'Windows' }}
shell: powershell
env:
DIGICERT_CERT_B64: ${{ secrets.DIGICERT_CERT_B64 }}
run: |
[IO.File]::WriteAllBytes("digicert.pfx", [Convert]::FromBase64String($env:DIGICERT_CERT_B64))
- name: Compile
run: |
cargo build --release --target ${{ matrix.target }} -p spacetimedb-cli -p spacetimedb-standalone -p spacetimedb-update
- name: Sign binaries for Windows
# Disabled for now since the current flow isn't working.
if: false
#if: ${{ runner.os == 'Windows' }}
shell: powershell
env:
DIGICERT_KEYPAIR_ALIAS: ${{ secrets.DIGICERT_KEYPAIR_ALIAS }}
run: |
$ErrorActionPreference = 'Stop'
$targetDir = Join-Path $env:GITHUB_WORKSPACE 'target\x86_64-pc-windows-msvc\release'
$certFile = Join-Path $env:GITHUB_WORKSPACE 'digicert.pfx'
$signtool = Get-Command signtool.exe -ErrorAction Stop
$files = @(
(Join-Path $targetDir 'spacetimedb-update.exe'),
(Join-Path $targetDir 'spacetimedb-cli.exe'),
(Join-Path $targetDir 'spacetimedb-standalone.exe')
)
foreach ($file in $files) {
& $signtool.Path sign /f $certFile /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 $file
& $signtool.Path verify /v /pa $file
}
- name: Package (unix)
if: ${{ runner.os != 'Windows' }}
shell: bash
run: |
mkdir build
cd target/${{matrix.target}}/release
cp spacetimedb-update ../../../build/spacetimedb-update-${{matrix.target}}
tar -czf ../../../build/spacetime-${{matrix.target}}.tar.gz spacetimedb-{cli,standalone}
- name: Package (windows)
if: ${{ runner.os == 'Windows' }}
shell: bash
run: |
mkdir build
cd target/${{matrix.target}}/release
cp spacetimedb-update.exe ../../../build/spacetimedb-update-${{matrix.target}}.exe
7z a ../../../build/spacetime-${{matrix.target}}.zip spacetimedb-cli.exe spacetimedb-standalone.exe
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Upload to DO Spaces
uses: shallwefootball/s3-upload-action@master
with:
aws_key_id: ${{ secrets.AWS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
aws_bucket: ${{ vars.AWS_BUCKET }}
source_dir: build
endpoint: https://nyc3.digitaloceanspaces.com
destination_dir: ${{ steps.extract_branch.outputs.branch }}
Reference in New Issue View Git Blame Copy Permalink