Build

ci: Add id-token write permission #561

Workflow file for this run

	name: Build

	on:
	pull_request:
	push:
	paths-ignore:
	- "*.md"
	- "LICENSE*"
	workflow_dispatch:

	permissions:
	# For npm publish provenance
	id-token: write

	env:
	BUILD_PROFILE: release-lto
	CARGO_INCREMENTAL: 0

	jobs:
	check:
	name: Check
	runs-on: ubuntu-latest
	env:
	RUSTFLAGS: -D warnings
	steps:
	- name: Install dependencies
	run: \|
	sudo apt-get update
	sudo apt-get -y install libgtk-3-dev
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	components: clippy
	- name: Cache Rust workspace
	uses: Swatinem/rust-cache@v2
	- name: Cargo check
	run: cargo check --all-targets --all-features
	- name: Cargo clippy
	run: cargo clippy --all-targets --all-features

	fmt:
	name: Format
	runs-on: ubuntu-latest
	env:
	RUSTFLAGS: -D warnings
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Rust toolchain
	# We use nightly options in rustfmt.toml
	uses: dtolnay/rust-toolchain@nightly
	with:
	components: rustfmt
	- name: Cargo fmt
	run: cargo fmt --all --check

	deny:
	name: Deny
	runs-on: ubuntu-latest
	strategy:
	matrix:
	checks:
	- advisories
	- bans licenses sources
	# Prevent new advisories from failing CI
	continue-on-error: ${{ matrix.checks == 'advisories' }}
	steps:
	- uses: actions/checkout@v4
	- uses: EmbarkStudios/cargo-deny-action@v2
	with:
	command: check ${{ matrix.checks }}

	test:
	name: Test
	strategy:
	matrix:
	platform: [ ubuntu-latest, windows-latest, macos-latest ]
	fail-fast: false
	runs-on: ${{ matrix.platform }}
	steps:
	- name: Install dependencies
	if: matrix.platform == 'ubuntu-latest'
	run: \|
	sudo apt-get update
	sudo apt-get -y install libgtk-3-dev
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	- name: Cache Rust workspace
	uses: Swatinem/rust-cache@v2
	- name: Cargo test
	run: cargo test --release --features all

	build-cli:
	name: Build objdiff-cli
	env:
	CARGO_BIN_NAME: objdiff-cli
	strategy:
	matrix:
	include:
	- platform: ubuntu-latest
	target: x86_64-unknown-linux-musl
	name: linux-x86_64
	build: zigbuild
	features: default
	- platform: ubuntu-latest
	target: i686-unknown-linux-musl
	name: linux-i686
	build: zigbuild
	features: default
	- platform: ubuntu-latest
	target: aarch64-unknown-linux-musl
	name: linux-aarch64
	build: zigbuild
	features: default
	- platform: windows-latest
	target: i686-pc-windows-msvc
	name: windows-x86
	build: build
	features: default
	- platform: windows-latest
	target: x86_64-pc-windows-msvc
	name: windows-x86_64
	build: build
	features: default
	- platform: windows-latest
	target: aarch64-pc-windows-msvc
	name: windows-arm64
	build: build
	features: default
	- platform: macos-latest
	target: x86_64-apple-darwin
	name: macos-x86_64
	build: build
	features: default
	- platform: macos-latest
	target: aarch64-apple-darwin
	name: macos-arm64
	build: build
	features: default
	fail-fast: false
	runs-on: ${{ matrix.platform }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Install cargo-zigbuild
	if: matrix.build == 'zigbuild'
	run: \|
	python3 -m venv .venv
	. .venv/bin/activate
	echo PATH=$PATH >> $GITHUB_ENV
	pip install ziglang==0.13.0.post1 cargo-zigbuild==0.19.8
	- name: Setup Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: ${{ matrix.target }}
	- name: Cache Rust workspace
	uses: Swatinem/rust-cache@v2
	with:
	key: ${{ matrix.target }}
	- name: Cargo build
	run: >
	cargo ${{ matrix.build }} --profile ${{ env.BUILD_PROFILE }} --target ${{ matrix.target }}
	--bin ${{ env.CARGO_BIN_NAME }} --features ${{ matrix.features }}
	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.CARGO_BIN_NAME }}-${{ matrix.name }}
	path: \|
	target/${{ matrix.target }}/${{ env.BUILD_PROFILE }}/${{ env.CARGO_BIN_NAME }}
	target/${{ matrix.target }}/${{ env.BUILD_PROFILE }}/${{ env.CARGO_BIN_NAME }}.exe
	if-no-files-found: error

	build-gui:
	name: Build objdiff-gui
	env:
	CARGO_BIN_NAME: objdiff
	strategy:
	matrix:
	include:
	- platform: ubuntu-latest
	target: x86_64-unknown-linux-gnu.2.31
	target_base: x86_64-unknown-linux-gnu
	name: linux-x86_64
	packages: libgtk-3-dev
	build: zigbuild
	features: default
	- platform: windows-latest
	target: x86_64-pc-windows-msvc
	name: windows-x86_64
	build: build
	features: default
	- platform: macos-latest
	target: x86_64-apple-darwin
	name: macos-x86_64
	build: build
	features: default
	- platform: macos-latest
	target: aarch64-apple-darwin
	name: macos-arm64
	build: build
	features: default
	fail-fast: false
	runs-on: ${{ matrix.platform }}
	steps:
	- name: Install dependencies
	if: matrix.packages != ''
	run: \|
	sudo apt-get update
	sudo apt-get -y install ${{ matrix.packages }}
	- name: Checkout
	uses: actions/checkout@v4
	- name: Install cargo-zigbuild
	if: matrix.build == 'zigbuild'
	run: \|
	python3 -m venv .venv
	. .venv/bin/activate
	echo PATH=$PATH >> $GITHUB_ENV
	pip install ziglang==0.13.0.post1 cargo-zigbuild==0.19.8
	- name: Setup Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	targets: ${{ matrix.target_base \|\| matrix.target }}
	- name: Cache Rust workspace
	uses: Swatinem/rust-cache@v2
	with:
	key: ${{ matrix.target }}
	- name: Cargo build
	run: >
	cargo ${{ matrix.build }} --profile ${{ env.BUILD_PROFILE }} --target ${{ matrix.target }}
	--bin ${{ env.CARGO_BIN_NAME }} --features ${{ matrix.features }}
	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.CARGO_BIN_NAME }}-${{ matrix.name }}
	path: \|
	target/${{ matrix.target_base \|\| matrix.target }}/${{ env.BUILD_PROFILE }}/${{ env.CARGO_BIN_NAME }}
	target/${{ matrix.target_base \|\| matrix.target }}/${{ env.BUILD_PROFILE }}/${{ env.CARGO_BIN_NAME }}.exe
	if-no-files-found: error

	build-wasm:
	name: Build objdiff-wasm
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Rust toolchain
	uses: dtolnay/rust-toolchain@nightly
	with:
	components: rust-src
	- name: Cache Rust workspace
	uses: Swatinem/rust-cache@v2
	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: lts/*
	- name: Install dependencies
	run: npm -C objdiff-wasm ci
	- name: Build
	run: npm -C objdiff-wasm run build
	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: wasm
	path: objdiff-wasm/dist/
	if-no-files-found: error

	check-version:
	name: Check package versions
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	needs: [ build-cli, build-gui, build-wasm ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Check git tag against package versions
	shell: bash
	run: \|
	set -eou pipefail
	tag='${{github.ref}}'
	tag="${tag#refs/tags/}"
	version=$(grep '^version' Cargo.toml \| head -1 \| awk -F' = ' '{print $2}' \| tr -d '"')
	version="v$version"
	if [ "$tag" != "$version" ]; then
	echo "::error::Git tag doesn't match the Cargo version! ($tag != $version)"
	exit 1
	fi
	version="v$(jq -r .version objdiff-wasm/package.json)"
	if [ "$tag" != "$version" ]; then
	echo "::error::Git tag doesn't match the npm version! ($tag != $version)"
	exit 1
	fi

	release-github:
	name: Release (GitHub)
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	needs: [ check-version ]
	permissions:
	contents: write
	steps:
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	pattern: objdiff-*
	path: artifacts
	- name: Rename artifacts
	working-directory: artifacts
	run: \|
	set -euo pipefail
	mkdir ../out
	for dir in */; do
	for file in "$dir"*; do
	base=$(basename "$file")
	name="${base%.*}"
	ext="${base##*.}"
	if [ "$ext" = "$base" ]; then
	ext=""
	else
	ext=".$ext"
	fi
	arch="${dir%/}" # remove trailing slash
	arch="${arch##"$name-"}" # remove bin name
	dst="../out/${name}-${arch}${ext}"
	mv "$file" "$dst"
	done
	done
	ls -R ../out
	- name: Release
	uses: softprops/action-gh-release@v2
	with:
	files: out/*
	draft: true
	generate_release_notes: true

	release-cargo:
	name: Release (Cargo)
	if: 'false' # TODO re-enable when all dependencies are published
	runs-on: ubuntu-latest
	needs: [ check-version ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Rust toolchain
	uses: dtolnay/rust-toolchain@stable
	- name: Publish
	env:
	CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
	run: cargo publish -p objdiff-core

	release-npm:
	name: Release (npm)
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	needs: [ check-version ]
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: lts/*
	registry-url: 'https://registry.npmjs.org'
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: wasm
	path: objdiff-wasm/dist
	- name: Publish
	working-directory: objdiff-wasm
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	run: \|
	set -euo pipefail
	version=$(jq -r '.version' package.json)
	tag="latest"
	# Check for prerelease by looking for a dash
	case "$version" in
	-)
	tag=$(echo "$version" \| sed -e 's/^[^-]-//' -e 's/\..$//')
	;;
	esac
	echo "Publishing version $version with tag '$tag'..."
	npm publish --provenance --access public --tag "$tag"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: Add id-token write permission #561

Workflow file

ci: Add id-token write permission #561

Jobs

Run details

Workflow file for this run