Release to Chocolatey #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Chocolatey | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - "v[0-9]*" | |
| permissions: | |
| contents: read | |
| id-token: write | |
| attestations: write | |
| jobs: | |
| release-chocolatey: | |
| runs-on: windows-2025 | |
| environment: chocolatey_release | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: x86_64-pc-windows-msvc | |
| - name: Get version from Cargo.toml | |
| id: get_version | |
| run: | | |
| cargo build --release | |
| $RELEASE_VERSION = Get-Content cargo.toml -Raw | target\release\celq.exe --from-toml --raw-output "this.package.version" | Select-Object -First 1 | |
| echo "VERSION=$RELEASE_VERSION" >> $env:GITHUB_OUTPUT | |
| echo "Release version: $RELEASE_VERSION" | |
| shell: pwsh | |
| - name: Check if version is pre-release | |
| id: check_prerelease | |
| run: | | |
| $VERSION = "${{ steps.get_version.outputs.VERSION }}" | |
| if ($VERSION -match "(alpha|beta|rc)") { | |
| echo "IS_PRERELEASE=true" >> $env:GITHUB_OUTPUT | |
| echo "Detected pre-release version: $VERSION" | |
| } else { | |
| echo "IS_PRERELEASE=false" >> $env:GITHUB_OUTPUT | |
| echo "Detected stable version: $VERSION" | |
| } | |
| shell: pwsh | |
| - name: Prepare Chocolatey package structure | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| run: | | |
| New-Item -ItemType Directory -Force -Path tools | |
| Copy-Item target\release\celq.exe -Destination tools\ | |
| Copy-Item LICENSE-MIT -Destination tools\LICENSE.txt | |
| shell: pwsh | |
| - name: Generate attestation for celq.exe | |
| id: attest_exe | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: 'tools/celq.exe' | |
| - name: Template VERIFICATION.txt | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| run: | | |
| # Calculate SHA | |
| $hash = (CertUtil -hashfile tools\celq.exe SHA256 | Select-Object -Index 1).Trim() | |
| # Get the specific attestation URL from the previous step's output | |
| $attestationUrl = "${{ steps.attest_exe.outputs.attestation-url }}" | |
| $content = Get-Content choco\VERIFICATION.txt -Raw | |
| $content = $content -replace "CELQ_SHA256_EXE", $hash | |
| $content = $content -replace "CELQ_ATTESTATION_URL", $attestationUrl | |
| $content | Set-Content VERIFICATION.txt -Encoding UTF8 -NoNewline | |
| echo "SHA256: $hash" | |
| echo "Attestation URL: $attestationUrl" | |
| shell: pwsh | |
| - name: Import GPG key | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.CHOCO_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.CHOCO_GPG_PASSPHRASE }} | |
| - name: Clearsign VERIFICATION.txt | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| run: | | |
| gpg --clearsign --armor --output VERIFICATION.txt.asc VERIFICATION.txt | |
| Move-Item VERIFICATION.txt.asc tools\VERIFICATION.txt -Force | |
| shell: pwsh | |
| - name: Template nuspec file | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| run: | | |
| $content = Get-Content choco\celq.nuspec -Raw | |
| $content = $content -replace "CELQ_VERSION_PLACEHOLDER", "${{ steps.get_version.outputs.VERSION }}" | |
| $content | Set-Content celq.nuspec -Encoding UTF8 | |
| shell: pwsh | |
| - name: Create Chocolatey package | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| run: choco pack celq.nuspec | |
| - name: Publish to Chocolatey | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| run: choco push celq.${{ steps.get_version.outputs.VERSION }}.nupkg -s https://push.chocolatey.org/ --api-key=${{ secrets.CHOCO_API_KEY }} | |
| shell: cmd | |
| - name: Generate attestation for Chocolatey package | |
| if: steps.check_prerelease.outputs.IS_PRERELEASE == 'false' | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: 'celq.${{ steps.get_version.outputs.VERSION }}.nupkg' |