Upload binaries to github release in actions #208
Conversation
|
Not sure how to test the workflow. The simplified version is working on my fork. |
.github/workflows/ci.yml
Outdated
| @@ -186,10 +186,10 @@ jobs: | |||
| git tag "v$CURRENT_VERSION" | |||
| git push origin "v$CURRENT_VERSION" | |||
|
|
|||
| - name: Publish | |||
| - name: Trigger release workflow | |||
| run: gh workflow run release.yml --ref refs/tags/v${{ env.CURRENT_VERSION }} | |||
There was a problem hiding this comment.
Workflows can call other workflows directly, without needing to go through the gh client.
Here's an example from the Trustfall publish steps: https://github.com/obi1kenobi/trustfall/blob/main/.github/workflows/ci.yml#L282
.github/workflows/ci.yml
Outdated
| @@ -186,10 +186,10 @@ jobs: | |||
| git tag "v$CURRENT_VERSION" | |||
| git push origin "v$CURRENT_VERSION" | |||
There was a problem hiding this comment.
If moving publishing to a workflow, I think it's better to move the tagging into that workflow too. For bonus points, maybe tag the version after cargo publish rather than before.
There was a problem hiding this comment.
The issue here is that the jobs that happen in the release workflow must be passed a ref to a tag. It could be speified for every job as an argument, but then the tag name (version) must be calculated or stored somewhere and I had problems with that.
There was a problem hiding this comment.
I'm not sure I understand. Where do the jobs in the release workflow use the tag?
The only uses of a tag I see are the gh workflow run and the on: push: tags: trigger in the workflow file, both of which I'm suggesting we move away from by instead using a direct workflow-to-workflow call like how the Trustfall repo builds the platform-specific binaries for the Python bindings: https://github.com/obi1kenobi/trustfall/blob/main/.github/workflows/ci.yml#L294
Even if the tag name is needed, it can be a job output and I'd be happy to help you figure out any issues with that. Let me know if you'd like to pair-program this!
There was a problem hiding this comment.
Both taiki-e/create-gh-release-action@v1 and taiki-e/upload-rust-binary-action@v1 must run on the tag ref.
I tried to set a enviormental variable and use it later on, but this somehow failed on Windows.
Actually, the pair programming sounds like a cool idea, as I have spent some time already on trial and error with moderate success.
There was a problem hiding this comment.
It seems like they would accept a ref argument though:
https://github.com/taiki-e/create-gh-release-action/blob/main/action.yml#L45-L49
https://github.com/taiki-e/upload-rust-binary-action/blob/main/action.yml#L61-L66
If we git tag and push the tag before running those actions, and set their ref to the tag name, I think that should work.
Let me know over Zulip what times are best for pair-programming for you in the next few days, and we can make something work.
.github/workflows/release.yml
Outdated
| push: | ||
| tags: | ||
| - v[0-9]+.* | ||
| workflow_dispatch: |
There was a problem hiding this comment.
Use workflow_call only here: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_call
We don't want to run on tags because then we'll get duplicate runs.
There was a problem hiding this comment.
Workflows don't trigger off events happening in github actions, so there wouldn't be any duplicates
There was a problem hiding this comment.
Neat, TIL! Even so, if we use workflow_call we still don't need this to run on tags.
There was a problem hiding this comment.
Workflows don't trigger off events happening in github actions, so there wouldn't be any duplicates
Just FYI: They can if you use a Personal Access Token.
.github/workflows/release.yml
Outdated
| - target: aarch64-unknown-linux-gnu | ||
| - target: aarch64-unknown-linux-musl | ||
| - target: aarch64-apple-darwin | ||
| os: macos-11 |
There was a problem hiding this comment.
It is copied from https://github.com/taiki-e/cargo-hack/blob/202e6e59d491c9202ce148c9ef423853267226db/.github/workflows/release.yml#L47-L84, but I think macos-latest makes more sense
| run: cargo publish | ||
| env: | ||
| CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} | ||
|
|
There was a problem hiding this comment.
I'd put the git tag step here, between the cargo publish and the GitHub release.
.github/workflows/release.yml
Outdated
| - target: x86_64-apple-darwin | ||
| os: macos-10.15 | ||
| - target: x86_64-pc-windows-msvc | ||
| os: windows-2019 |
| @@ -31,7 +31,7 @@ ignore = "0.4.18" | |||
| clap-verbosity-flag = "2.0.0" | |||
| log = "0.4.17" | |||
| git2 = { version = "0.15.0", default-features = false } | |||
| crates-index = "0.18.9" | |||
| crates-index = { version = "0.18.9", features = ["vendored-openssl"] } | |||
There was a problem hiding this comment.
@epage any concerns with adding this feature? It seems to make the build simpler and more reliable, but I wanted to double-check with you in case there were any downsides I'm not familiar with.
staniewzki
force-pushed
the
upload-binaries
branch
from
5226236 to
ad4f75b
Compare
Signed-off-by: Michał Staniewski <m.staniewzki@gmail.com>
staniewzki
force-pushed
the
upload-binaries
branch
from
ad4f75b to
af39a6c
Compare
There was a problem hiding this comment.
Broadly looks good! I'm just not sure why some of the caching is removed.
I also highly recommend doing a self-review of the PR in the GitHub PR interface. The change of perspective will usually let you find most of the kinds of things reviewers will also flag, and the fewer comments a PR has, the faster it'll merge.
Signed-off-by: Michał Staniewski <m.staniewzki@gmail.com>
|
Ah, sorry for that, no idea how those changes made it to the PR. Thanks for the GitHub PR interface tip! |
|
Planning to make a new release either later today or tomorrow morning to test this out. Great job putting it together! |
Added new release workflow, and made the ci workflow to trigger it when the publishing should happen.
There has been problems with openssl-sys crate. When cross compiling, openssl built for target is needed. Thus, I enabled vendored-openssl feature in crates-index, to make that simpler.