Another attempt at calculating Nix hashes #36
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Release workflow for celq binaries | |
| # Credit: Inspired by https://github.com/01mf02/jaq/blob/main/.github/workflows/release.yml | |
| # Also see: https://github.com/BurntSushi/ripgrep/blob/61733f6378b62fa2dc2e7f3eff2f2e7182069ca9/.github/workflows/release.yml | |
| name: GitHub Release | |
| on: | |
| workflow_dispatch: # Manual trigger only | |
| push: | |
| tags: | |
| - "v[0-9]*" # Trigger on version tags like v1.0.0 | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| NAME: celq | |
| VERSION: ${{ github.ref_name }} | |
| # Required for gh release upload and attestations | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| artifact-metadata: write | |
| jobs: | |
| build: | |
| name: ${{ matrix.target }} | |
| runs-on: ${{ matrix.os }} | |
| environment: github_release | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # macOS ARM64 (native) | |
| - { target: aarch64-apple-darwin, os: macos-15, pretty_target: macos-aarch64 } | |
| # macOS x86-64 (native) | |
| - { target: x86_64-apple-darwin, os: macos-15-intel, pretty_target: macos-x86_64 } | |
| # Windows x86-64 (native) | |
| - { target: x86_64-pc-windows-msvc, os: windows-2025, pretty_target: windows-x86_64 } | |
| # Linux x86-64 (native - musl static binary) | |
| - { target: x86_64-unknown-linux-musl, os: ubuntu-24.04, pretty_target: linux-x86_64-musl } | |
| # Linux ARM64 (native - musl static binary) | |
| - { target: aarch64-unknown-linux-musl, os: ubuntu-24.04-arm, pretty_target: linux-aarch64-musl } | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install musl tools (for musl targets) | |
| if: contains(matrix.target, 'musl') | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y musl-tools | |
| - name: Build | |
| run: cargo build --locked --release --target ${{ matrix.target }} | |
| - name: Create release archive | |
| id: archive | |
| run: | | |
| EXE_suffix="" | |
| case ${{ matrix.target }} in | |
| *-pc-windows-*) EXE_suffix=".exe" ;; | |
| esac | |
| BIN_PATH="target/${{ matrix.target }}/release/${NAME}${EXE_suffix}" | |
| BIN_NAME="${NAME}${EXE_suffix}" | |
| # Determine archive format based on platform | |
| case ${{ matrix.target }} in | |
| *-pc-windows-*) | |
| # Windows: create .zip archive with pretty name | |
| ARCHIVE_NAME="${NAME}-${{ matrix.pretty_target }}.zip" | |
| 7z a "${ARCHIVE_NAME}" "./${BIN_PATH}" | |
| 7z rn "${ARCHIVE_NAME}" "target/${{ matrix.target }}/release/${BIN_NAME}" "${BIN_NAME}" | |
| ;; | |
| *) | |
| # Linux/macOS: create .tar.gz archive with pretty name | |
| ARCHIVE_NAME="${NAME}-${{ matrix.pretty_target }}.tar.gz" | |
| tar czf "${ARCHIVE_NAME}" -C "target/${{ matrix.target }}/release" "${BIN_NAME}" | |
| ;; | |
| esac | |
| echo "ARCHIVE_NAME=${ARCHIVE_NAME}" >> $GITHUB_OUTPUT | |
| - name: Generate attestation for release archive | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: ${{ steps.archive.outputs.ARCHIVE_NAME }} | |
| - name: Upload release archive | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: gh release upload ${VERSION} ${{ steps.archive.outputs.ARCHIVE_NAME }} | |
| build-zig: | |
| name: ${{ matrix.target }}${{ matrix.zigtargetsuffix }} | |
| runs-on: ${{ matrix.os }} | |
| environment: github_release | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Linux x86-64 (zigbuild - glibc 2.28) | |
| - { target: x86_64-unknown-linux-gnu, os: ubuntu-24.04, zigtargetsuffix: .2.28, pretty_target: linux-x86_64-gnu } | |
| # Linux ARM64 (zigbuild - glibc 2.28) | |
| - { target: aarch64-unknown-linux-gnu, os: ubuntu-24.04-arm, zigtargetsuffix: .2.28, pretty_target: linux-aarch64-gnu } | |
| # FreeBSD x86-64 (zigbuild) | |
| - { target: x86_64-unknown-freebsd, os: ubuntu-24.04, zigtargetsuffix: "", pretty_target: freebsd-x86_64 } | |
| # FreeBSD ARM64 (zigbuild) | |
| - { target: aarch64-unknown-freebsd, os: ubuntu-24.04-arm, zigtargetsuffix: "", pretty_target: freebsd-aarch64 } | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| if: matrix.target != 'aarch64-unknown-freebsd' | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: Install Rust toolchain (FreeBSD aarch64 special case) | |
| uses: dtolnay/rust-toolchain@1.93 | |
| if: matrix.target == 'aarch64-unknown-freebsd' | |
| with: | |
| components: rust-src | |
| - name: Install Zig | |
| uses: mlugg/setup-zig@v2 | |
| with: | |
| version: 0.15.2 | |
| - name: Install cargo-zigbuild | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-zigbuild@0.21.1 | |
| - name: Build with Zig | |
| if: matrix.target != 'aarch64-unknown-freebsd' | |
| run: cargo zigbuild --locked --release --target ${{ matrix.target }}${{ matrix.zigtargetsuffix }} | |
| - name: Build with Zig (FreeBSD aarch64 special case) | |
| if: matrix.target == 'aarch64-unknown-freebsd' | |
| run: | | |
| RUSTC_BOOTSTRAP=1 RUSTFLAGS="-Z unstable-options -C panic=immediate-abort" cargo zigbuild \ | |
| --target aarch64-unknown-freebsd \ | |
| --release \ | |
| -Z build-std=std,panic_abort | |
| - name: Create release archive | |
| id: archive | |
| run: | | |
| BIN_PATH="target/${{ matrix.target }}/release/${NAME}" | |
| BIN_NAME="${NAME}" | |
| # Archive name uses pretty target name | |
| ARCHIVE_NAME="${NAME}-${{ matrix.pretty_target }}.tar.gz" | |
| tar czf "${ARCHIVE_NAME}" -C "target/${{ matrix.target }}/release" "${BIN_NAME}" | |
| echo "ARCHIVE_NAME=${ARCHIVE_NAME}" >> $GITHUB_OUTPUT | |
| - name: Generate attestation for release archive | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: ${{ steps.archive.outputs.ARCHIVE_NAME }} | |
| - name: Upload release archive | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: gh release upload ${VERSION} ${{ steps.archive.outputs.ARCHIVE_NAME }} | |
| update-install-script: | |
| name: Update install script on GitHub Pages | |
| runs-on: ubuntu-latest | |
| needs: [build, build-zig] | |
| environment: github_release | |
| steps: | |
| - name: Checkout celq repository (for template) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: celq-repo | |
| - name: Checkout get-celq.github.io repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: get-celq/get-celq.github.io | |
| token: ${{ secrets.PAGES_DEPLOY_TOKEN }} | |
| path: pages-repo | |
| - name: Generate install scripts | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| # Generate versioned install script (e.g., v0.1.1/install.sh or v0.2.0-beta.1/install.sh) | |
| mkdir -p "pages-repo/${VERSION}" | |
| sed "s/{{CELQ_VERSION}}/${VERSION}/g" celq-repo/template_install.sh > "pages-repo/${VERSION}/install.sh" | |
| chmod +x "pages-repo/${VERSION}/install.sh" | |
| # Only update root install.sh if this is NOT a pre-release | |
| # Pre-releases have a hyphen (e.g., v0.2.0-beta.1, v1.0.0-rc.1) | |
| if [[ ! "$VERSION" =~ -[a-zA-Z] ]]; then | |
| echo "Stable release detected, updating root install.sh" | |
| sed "s/{{CELQ_VERSION}}/${VERSION}/g" celq-repo/template_install.sh > pages-repo/install.sh | |
| chmod +x pages-repo/install.sh | |
| else | |
| echo "Pre-release detected, skipping root install.sh update" | |
| fi | |
| # Copy generated script for GitHub release attachment | |
| cp "pages-repo/${VERSION}/install.sh" celq-repo/install.sh | |
| - name: Generate attestation for install script | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: celq-repo/install.sh | |
| - name: Upload install.sh to GitHub release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| cd celq-repo | |
| gh release upload ${{ github.ref_name }} install.sh --clobber | |
| - name: Commit and push changes to Pages repo | |
| run: | | |
| cd pages-repo | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| VERSION="${{ github.ref_name }}" | |
| # Add versioned install script | |
| git add "${VERSION}/install.sh" | |
| # Only add root install.sh if it was updated (stable release) | |
| if [[ ! "$VERSION" =~ -[a-zA-Z] ]]; then | |
| git add install.sh | |
| git commit -m "Update install script to $VERSION (stable release)" || echo "No changes to commit" | |
| else | |
| git commit -m "Add install script for $VERSION (pre-release)" || echo "No changes to commit" | |
| fi | |
| git push | |
| generate-checksums: | |
| name: Generate SHA256 checksums | |
| runs-on: ubuntu-latest | |
| needs: [build, build-zig, update-install-script] | |
| environment: github_release | |
| steps: | |
| - name: Download all release assets | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| # Create temp directory for downloads | |
| mkdir -p /tmp/release-assets | |
| cd /tmp/release-assets | |
| # Download all archives and install.sh for this release | |
| gh release download "${VERSION}" \ | |
| --repo ${{ github.repository }} \ | |
| --pattern "celq-*.tar.gz" \ | |
| --pattern "celq-*.zip" \ | |
| --pattern "install.sh" | |
| # List downloaded files | |
| echo "Downloaded files:" | |
| ls -lh | |
| - name: Generate checksums file | |
| run: | | |
| cd /tmp/release-assets | |
| # Generate SHA256 checksums for all downloaded files | |
| # Sort output alphabetically by filename | |
| sha256sum celq-* install.sh | sort -k2 > SHA256SUMS | |
| echo "Generated checksums:" | |
| cat SHA256SUMS | |
| - name: Generate attestation for checksums file | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: /tmp/release-assets/SHA256SUMS | |
| - name: Upload checksums file to release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| cd /tmp/release-assets | |
| gh release upload ${{ github.ref_name }} SHA256SUMS \ | |
| --repo ${{ github.repository }} \ | |
| --clobber | |
| update-homebrew-formula: | |
| name: Update Homebrew formula | |
| runs-on: ubuntu-latest | |
| needs: [build, build-zig] | |
| environment: github_release | |
| steps: | |
| - name: Checkout celq repository (for template) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: celq-repo | |
| - name: Check if pre-release | |
| id: check_prerelease | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| # Check if this is a pre-release (contains hyphen followed by alpha/beta/rc/etc) | |
| if [[ "$VERSION" =~ -[a-zA-Z] ]]; then | |
| echo "Pre-release detected: $VERSION" | |
| echo "Skipping Homebrew formula update (Homebrew doesn't support pre-releases in main formula)" | |
| echo "is_prerelease=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Stable release detected: $VERSION" | |
| echo "is_prerelease=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout homebrew-tap repository | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: get-celq/homebrew-tap | |
| token: ${{ secrets.HOMEBREW_TAP_TOKEN }} | |
| path: homebrew-tap | |
| - name: Update Homebrew formula | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| VERSION_WITHOUT_V="${VERSION#v}" # Remove 'v' prefix for version number | |
| echo "Updating Homebrew formula to version: $VERSION_WITHOUT_V" | |
| # Download and calculate SHA256 for source tarball | |
| SOURCE_URL="https://github.com/${{ github.repository }}/archive/refs/tags/${VERSION}.tar.gz" | |
| echo "Downloading source tarball from: $SOURCE_URL" | |
| curl -sL "$SOURCE_URL" -o "/tmp/celq-source.tar.gz" | |
| SHA256_SOURCE=$(sha256sum "/tmp/celq-source.tar.gz" | awk '{print $1}') | |
| echo "Source SHA256: $SHA256_SOURCE" | |
| # Download and calculate SHA256 for ARM64 macOS binary (using pretty name) | |
| ARM64_URL="https://github.com/${{ github.repository }}/releases/download/${VERSION}/celq-macos-aarch64.tar.gz" | |
| echo "Downloading ARM64 binary from: $ARM64_URL" | |
| curl -sL "$ARM64_URL" -o "/tmp/celq-arm64.tar.gz" | |
| SHA256_ARM64=$(sha256sum "/tmp/celq-arm64.tar.gz" | awk '{print $1}') | |
| echo "ARM64 SHA256: $SHA256_ARM64" | |
| # Download and calculate SHA256 for x86_64 macOS binary (using pretty name) | |
| X86_64_URL="https://github.com/${{ github.repository }}/releases/download/${VERSION}/celq-macos-x86_64.tar.gz" | |
| echo "Downloading x86_64 binary from: $X86_64_URL" | |
| curl -sL "$X86_64_URL" -o "/tmp/celq-x86_64.tar.gz" | |
| SHA256_X86_64=$(sha256sum "/tmp/celq-x86_64.tar.gz" | awk '{print $1}') | |
| echo "x86_64 SHA256: $SHA256_X86_64" | |
| # Generate formula from template using sed | |
| sed -e "s/{{CELQ_VERSION}}/${VERSION_WITHOUT_V}/g" \ | |
| -e "s/{{CELQ_SHA256_SOURCE}}/${SHA256_SOURCE}/g" \ | |
| -e "s/{{CELQ_SHA256_ARM64}}/${SHA256_ARM64}/g" \ | |
| -e "s/{{CELQ_SHA256_X86_64}}/${SHA256_X86_64}/g" \ | |
| celq-repo/brew/celq.rb > homebrew-tap/Formula/celq.rb | |
| echo "Formula updated successfully" | |
| - name: Commit and push Homebrew formula | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| run: | | |
| cd homebrew-tap | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add Formula/celq.rb | |
| git commit -m "Update celq to ${{ github.ref_name }}" || echo "No changes to commit" | |
| git push | |
| echo "✅ Homebrew formula updated to ${{ github.ref_name }}" | |
| update-scoop-manifest: | |
| name: Update Scoop manifest | |
| runs-on: ubuntu-latest | |
| needs: [build, build-zig] | |
| environment: github_release | |
| steps: | |
| - name: Checkout celq repository (for template) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: celq-repo | |
| - name: Check if pre-release | |
| id: check_prerelease | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| # Check if this is a pre-release (contains hyphen followed by alpha/beta/rc/etc) | |
| if [[ "$VERSION" =~ -[a-zA-Z] ]]; then | |
| echo "Pre-release detected: $VERSION" | |
| echo "Skipping Scoop manifest update (Scoop doesn't support pre-releases)" | |
| echo "is_prerelease=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Stable release detected: $VERSION" | |
| echo "is_prerelease=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout scoop-bucket repository | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: get-celq/scoop-bucket | |
| token: ${{ secrets.SCOOP_BUCKET_TOKEN }} | |
| path: scoop-bucket | |
| - name: Download Windows binary and calculate SHA256 | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| run: | | |
| VERSION="${{ github.ref_name }}" | |
| # Download the Windows binary zip (using pretty name) | |
| ZIP_URL="https://github.com/${{ github.repository }}/releases/download/${VERSION}/celq-windows-x86_64.zip" | |
| echo "Downloading Windows binary from: $ZIP_URL" | |
| curl -sL "$ZIP_URL" -o "/tmp/celq-windows-x86_64.zip" | |
| # Calculate SHA256 | |
| SHA256=$(sha256sum "/tmp/celq-windows-x86_64.zip" | awk '{print $1}') | |
| echo "Calculated SHA256: $SHA256" | |
| # Export for next step | |
| echo "CELQ_SHA256=$SHA256" >> $GITHUB_ENV | |
| - name: Generate Scoop manifest using celq | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| run: | | |
| cd celq-repo | |
| VERSION="${{ github.ref_name }}" | |
| VERSION_WITHOUT_V="${VERSION#v}" # Remove 'v' prefix | |
| echo "Generating Scoop manifest for version: $VERSION_WITHOUT_V" | |
| npx -y celq@0.2.0 \ | |
| -n \ | |
| -p \ | |
| -S \ | |
| --from-file "scoop/celq.json.cel" \ | |
| --arg="celq_version:string=${VERSION_WITHOUT_V}" \ | |
| --arg="celq_sha256:string=${CELQ_SHA256}" \ | |
| > "../scoop-bucket/bucket/celq.json" | |
| echo "Scoop manifest generated successfully" | |
| - name: Commit and push Scoop manifest | |
| if: steps.check_prerelease.outputs.is_prerelease == 'false' | |
| run: | | |
| cd scoop-bucket | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add bucket/celq.json | |
| git commit -m "Update celq to ${{ github.ref_name }}" || echo "No changes to commit" | |
| git push | |
| echo "✅ Scoop manifest updated to ${{ github.ref_name }}" |