Release build #39
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*" | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse | |
| jobs: | |
| release-build: | |
| runs-on: oxide-colo-builder-hubris | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: write | |
| strategy: | |
| matrix: | |
| board: | |
| - lpc55xpresso | |
| - oxide-rot-1 | |
| - rot-carrier | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install Rust toolchain | |
| run: rustup show | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update && sudo apt-get install binutils-arm-none-eabi | |
| - name: Build | |
| run: | | |
| cargo build --release --no-default-features --features target-board-${{ matrix.board }} | |
| - name: Package artifacts | |
| id: package | |
| run: | | |
| if [[ $GITHUB_REF == refs/tags/* ]]; then | |
| VERSION=$(cut -d/ -f3- <<<"$GITHUB_REF") | |
| else | |
| VERSION=${GITHUB_SHA::11} | |
| fi | |
| BUILD_NAME=bootleby-${VERSION}-${{ matrix.board }} | |
| PACKAGE_NAME=bootleby-${{ matrix.board }} | |
| cp target/thumbv8m.main-none-eabihf/release/bootleby ${BUILD_NAME}.elf | |
| arm-none-eabi-objcopy -O binary target/thumbv8m.main-none-eabihf/release/bootleby ${BUILD_NAME}.bin | |
| echo '```' > SHA256SUMS | |
| sha256sum "${BUILD_NAME}.elf" >> SHA256SUMS | |
| sha256sum "${BUILD_NAME}.bin" >> SHA256SUMS | |
| echo '```' >> SHA256SUMS | |
| # Make some info available for later steps | |
| echo "build_name=${BUILD_NAME}" >> "${GITHUB_OUTPUT}" | |
| echo "package_name=${PACKAGE_NAME}" >> "${GITHUB_OUTPUT}" | |
| cargo xtask package --board ${{ matrix.board }} --out ${PACKAGE_NAME}.zip | |
| - name: Attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: ${{ steps.package.outputs.package_name }}.zip | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.package.outputs.build_name }} | |
| path: | | |
| ${{ steps.package.outputs.build_name }}.elf | |
| ${{ steps.package.outputs.build_name }}.bin | |
| ${{ steps.package.outputs.package_name }}.zip | |
| - name: Create release if tagged | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| generate_release_notes: true | |
| # This is separate from creating the release because when a release is first | |
| # created, body_path is inserted before the generated release notes. In | |
| # subsequent uploads, body_path is appended. If combined into a single | |
| # step, that means the first SHA256 is put above the release notes with the | |
| # rest below. By splitting into two steps, all SHA256s will be after the | |
| # generated release notes. | |
| - name: Update release with SHA256 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| append_body: true | |
| body_path: SHA256SUMS | |
| files: | | |
| ${{ steps.package.outputs.build_name}}.elf | |
| ${{ steps.package.outputs.build_name}}.bin | |
| ${{ steps.package.outputs.package_name }}.zip |