Dark-Alex-17/gman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: Full release attempt (GitHub, Choco, Homebrew, and Crates)

Browse Source
This commit is contained in:
Alex Clarke
2025-09-14 18:00:38 -06:00
parent 4b9a84cf70
commit 477c87aea9
4 changed files with 156 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/release.yml
+154 -253
View File
@@ -151,7 +151,7 @@ jobs:
Cargo.toml Cargo.toml
Cargo.lock Cargo.lock
build-release-artifacts: publish-github-release:
name: build-release name: build-release
needs: [bump-version] needs: [bump-version]
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
@@ -361,256 +361,157 @@ jobs:
overwrite: true overwrite: true
## TODO Uncomment for sure publish-chocolatey-package:
####################### needs: [publish-github-release]
## Post publish jobs ## name: Publish Chocolatey Package
####################### runs-on: windows-latest
steps:
- name: Check if actor is repository owner
if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }}
run: |
echo "You are not authorized to run this workflow."
exit 1
# publish-github-release: - name: Checkout repository
# name: publish-github-release uses: actions/checkout@v4
# needs: [build-release-artifacts] with:
# runs-on: ubuntu-latest fetch-depth: 1
# steps:
# - name: Check if actor is repository owner - name: Get release artifacts
# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} uses: actions/download-artifact@v4
# run: | with:
# echo "You are not authorized to run this workflow." path: artifacts
# exit 1 merge-multiple: true
#
# - name: Checkout repository - name: Set release assets and version
# uses: actions/checkout@v3 shell: pwsh
# with: run: |
# fetch-depth: 0 # Read the first column from the SHA256 file
# $windows_sha = Get-Content ./artifacts/gman-x86_64-pc-windows-msvc.sha256 | ForEach-Object { $_.Split(' ')[0] }
# - name: Download all artifacts Add-Content -Path $env:GITHUB_ENV -Value "WINDOWS_SHA=$windows_sha"
# uses: actions/download-artifact@v4
# with: # Read the release version from the release-version file
# path: artifacts $release_version = Get-Content ./artifacts/release-version
# merge-multiple: true Add-Content -Path $env:GITHUB_ENV -Value "RELEASE_VERSION=$release_version"
#
# - name: Ensure repository is up-to-date - name: Validate release environment variables
# if: env.ACT != 'true' run: |
# run: | echo "Release SHA windows: ${{ env.WINDOWS_SHA }}"
# git fetch --all echo "Release version: ${{ env.RELEASE_VERSION }}"
# git pull
# - name: Package and Publish package to Chocolatey
# - name: Set environment variables if: env.ACT != 'true'
# run: | run: |
# release_version="$(cat ./artifacts/release-version)" mkdir ./deployment/chocolatey/tools
# echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV # Run packaging script
# changelog_body="$(cat ./artifacts/changelog.md)" python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/gman.nuspec.template" "./deployment/chocolatey/gman.nuspec" ${{ env.WINDOWS_SHA }}
# echo "changelog_body=$(cat artifacts/changelog.md)" >> $GITHUB_ENV python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/chocolateyinstall.ps1.template" "./deployment/chocolatey/tools/chocolateyinstall.ps1" ${{ env.WINDOWS_SHA }}
#
# - name: Validate release environment variables # Publish to Chocolatey
# run: | cd ./deployment/chocolatey
# echo "Release version: ${{ env.RELEASE_VERSION }}" choco pack
# echo "Changelog body: ${{ env.changelog_body }}" echo y | choco install gman -dv -s .
# $version = gman --version
# - name: Create a GitHub Release $version = $version -replace " ", "."
# if: env.ACT != 'true' choco push $version.nupkg -s https://push.chocolatey.org/ --api-key ${{ secrets.CHOCOLATEY_API_KEY }};
# uses: softprops/action-gh-release@v1
# env: publish-homebrew-formula:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} needs: [publish-github-release]
# with: name: Update Homebrew formulas
# files: | runs-on: ubuntu-latest
# artifacts/gman-macos-arm64.tar.gz steps:
# artifacts/gman-macos-arm64.sha256 - name: Check if actor is repository owner
# artifacts/gman-macos.tar.gz if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }}
# artifacts/gman-macos.sha256 run: |
# artifacts/gman-windows.tar.gz echo "You are not authorized to run this workflow."
# artifacts/gman-windows.sha256 exit 1
# artifacts/gman-windows-aarch64.tar.gz
# artifacts/gman-windows-aarch64.sha256 - name: Checkout repository
# artifacts/gman-linux.tar.gz uses: actions/checkout@v4
# artifacts/gman-linux.sha256 with:
# artifacts/gman-linux-musl.tar.gz fetch-depth: 1
# artifacts/gman-linux-musl.sha256
# artifacts/gman-aarch64-gnu.tar.gz - name: Get release artifacts
# artifacts/gman-aarch64-gnu.sha256 uses: actions/download-artifact@v4
# artifacts/gman-aarch64-musl.tar.gz with:
# artifacts/gman-aarch64-musl.sha256 path: artifacts
# artifacts/gman-armv6-gnu.tar.gz merge-multiple: true
# artifacts/gman-armv6-gnu.sha256
# artifacts/gman-armv6-musl.tar.gz - name: Set release assets and version
# artifacts/gman-armv6-musl.sha256 shell: bash
# artifacts/gman-armv7-gnu.tar.gz run: |
# artifacts/gman-armv7-gnu.sha256 # Set environment variables
# artifacts/gman-armv7-musl.tar.gz macos_sha="$(cat ./artifacts/gman-x86_64-apple-darwin.sha256 | awk '{print $1}')"
# artifacts/gman-armv7-musl.sha256 echo "MACOS_SHA=$macos_sha" >> $GITHUB_ENV
# tag_name: v${{ env.RELEASE_VERSION }} macos_sha_arm="$(cat ./artifacts/gman-aarch64-apple-darwin.sha256 | awk '{print $1}')"
# name: "v${{ env.RELEASE_VERSION }}" echo "MACOS_SHA_ARM=$macos_sha_arm" >> $GITHUB_ENV
# body: ${{ env.changelog_body }} linux_sha="$(cat ./artifacts/gman-x86_64-unknown-linux-musl.sha256 | awk '{print $1}')"
# draft: false echo "LINUX_SHA=$linux_sha" >> $GITHUB_ENV
# prerelease: false release_version="$(cat ./artifacts/release-version)"
# echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
# - name: Upload artifacts
# uses: actions/upload-artifact@v4 - name: Validate release environment variables
# with: run: |
# path: artifacts echo "Release SHA macos: ${{ env.MACOS_SHA }}"
# overwrite: true echo "Release SHA macos-arm: ${{ env.MACOS_SHA_ARM }}"
# echo "Release SHA linux musl: ${{ env.LINUX_SHA }}"
# publish-chocolatey-package: echo "Release version: ${{ env.RELEASE_VERSION }}"
# needs: [publish-github-release]
# name: Publish Chocolatey Package - name: Execute Homebrew packaging script
# runs-on: windows-latest if: env.ACT != 'true'
# steps: run: |
# - name: Check if actor is repository owner # run packaging script
# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }} python "./deployment/homebrew/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/homebrew/gman.rb.template" "./gman.rb" ${{ env.MACOS_SHA }} ${{ env.MACOS_SHA_ARM }} ${{ env.LINUX_SHA }}
# run: |
# echo "You are not authorized to run this workflow." - name: Push changes to Homebrew tap
# exit 1 if: env.ACT != 'true'
# env:
# - name: Checkout repository TOKEN: ${{ secrets.GMAN_GITHUB_TOKEN }}
# uses: actions/checkout@v4 run: |
# with: # push to Git
# fetch-depth: 1 git config --global user.name "Dark-Alex-17"
# git config --global user.email "alex.j.tusa@gmail.com"
# - name: Get release artifacts git clone https://Dark-Alex-17:${{ secrets.GMAN_GITHUB_TOKEN }}@github.com/Dark-Alex-17/homebrew-gman.git
# uses: actions/download-artifact@v4 rm homebrew-gman/Formula/gman.rb
# with: cp gman.rb homebrew-gman/Formula
# path: artifacts cd homebrew-gman
# merge-multiple: true git add .
# git diff-index --quiet HEAD || git commit -am "Update formula for G-Man release ${{ env.RELEASE_VERSION }}"
# - name: Set release assets and version git push https://$TOKEN@github.com/Dark-Alex-17/homebrew-gman.git
# shell: pwsh
# run: | publish-crate:
# # Read the first column from the SHA256 file needs: publish-github-release
# $windows_sha = Get-Content ./artifacts/gman-windows.sha256 | ForEach-Object { $_.Split(' ')[0] } name: Publish Crate
# Add-Content -Path $env:GITHUB_ENV -Value "WINDOWS_SHA=$windows_sha" runs-on: ubuntu-latest
# steps:
# # Read the release version from the release-version file - name: Check if actor is repository owner
# $release_version = Get-Content ./artifacts/release-version if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }}
# Add-Content -Path $env:GITHUB_ENV -Value "RELEASE_VERSION=$release_version" run: |
# echo "You are not authorized to run this workflow."
# - name: Validate release environment variables exit 1
# run: |
# echo "Release SHA windows: ${{ env.WINDOWS_SHA }}" - name: Checkout
# echo "Release version: ${{ env.RELEASE_VERSION }}" uses: actions/checkout@v4
# with:
# - name: Package and Publish package to Chocolatey fetch-depth: 0
# if: env.ACT != 'true'
# run: | - name: Get bumped Cargo files (Act)
# mkdir ./deployment/chocolatey/tools if: env.ACT == 'true'
# # Run packaging script uses: actions/download-artifact@v4
# python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/gman.nuspec.template" "./deployment/chocolatey/gman.nuspec" ${{ env.WINDOWS_SHA }} with:
# python "./deployment/chocolatey/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/chocolatey/chocolateyinstall.ps1.template" "./deployment/chocolatey/tools/chocolateyinstall.ps1" ${{ env.WINDOWS_SHA }} name: bumped-cargo-files
# path: ${{ github.workspace }}
# # Publish to Chocolatey
# cd ./deployment/chocolatey - name: Ensure repository is up-to-date
# choco pack if: env.ACT != 'true'
# echo y | choco install gman -dv -s . run: |
# $version = gman --version git fetch --all
# $version = $version -replace " ", "." git pull
# choco push $version.nupkg -s https://push.chocolatey.org/ --api-key ${{ secrets.CHOCOLATEY_API_KEY }};
# - name: Install Rust stable
# publish-homebrew-formula: uses: dtolnay/rust-toolchain@stable
# needs: [publish-github-release]
# name: Update Homebrew formulas - uses: katyo/publish-crates@v2
# runs-on: ubuntu-latest if: env.ACT != 'true'
# steps: with:
# - name: Check if actor is repository owner registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}
# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }}
# run: |
# echo "You are not authorized to run this workflow."
# exit 1
#
# - name: Checkout repository
# uses: actions/checkout@v4
# with:
# fetch-depth: 1
#
# - name: Get release artifacts
# uses: actions/download-artifact@v4
# with:
# path: artifacts
# merge-multiple: true
#
# - name: Set release assets and version
# shell: bash
# run: |
# # Set environment variables
# macos_sha="$(cat ./artifacts/gman-macos.sha256 | awk '{print $1}')"
# echo "MACOS_SHA=$macos_sha" >> $GITHUB_ENV
# macos_sha_arm="$(cat ./artifacts/gman-macos-arm64.sha256 | awk '{print $1}')"
# echo "MACOS_SHA_ARM=$macos_sha_arm" >> $GITHUB_ENV
# linux_sha="$(cat ./artifacts/gman-linux-musl.sha256 | awk '{print $1}')"
# echo "LINUX_SHA=$linux_sha" >> $GITHUB_ENV
# release_version="$(cat ./artifacts/release-version)"
# echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
#
# - name: Validate release environment variables
# run: |
# echo "Release SHA macos: ${{ env.MACOS_SHA }}"
# echo "Release SHA macos-arm: ${{ env.MACOS_SHA_ARM }}"
# echo "Release SHA linux musl: ${{ env.LINUX_SHA }}"
# echo "Release version: ${{ env.RELEASE_VERSION }}"
#
# - name: Execute Homebrew packaging script
# if: env.ACT != 'true'
# run: |
# # run packaging script
# python "./deployment/homebrew/packager.py" ${{ env.RELEASE_VERSION }} "./deployment/homebrew/gman.rb.template" "./gman.rb" ${{ env.MACOS_SHA }} ${{ env.MACOS_SHA_ARM }} ${{ env.LINUX_SHA }}
#
# - name: Push changes to Homebrew tap
# if: env.ACT != 'true'
# env:
# TOKEN: ${{ secrets.GMAN_GITHUB_TOKEN }}
# run: |
# # push to Git
# git config --global user.name "Dark-Alex-17"
# git config --global user.email "alex.j.tusa@gmail.com"
# git clone https://Dark-Alex-17:${{ secrets.GMAN_GITHUB_TOKEN }}@github.com/Dark-Alex-17/homebrew-gman.git
# rm homebrew-gman/Formula/gman.rb
# cp gman.rb homebrew-gman/Formula
# cd homebrew-gman
# git add .
# git diff-index --quiet HEAD || git commit -am "Update formula for G-Man release ${{ env.RELEASE_VERSION }}"
# git push https://$TOKEN@github.com/Dark-Alex-17/homebrew-gman.git
#
# publish-crate:
# needs: publish-github-release
# name: Publish Crate
# runs-on: ubuntu-latest
# steps:
# - name: Check if actor is repository owner
# if: ${{ github.actor != github.repository_owner && env.ACT != 'true' }}
# run: |
# echo "You are not authorized to run this workflow."
# exit 1
#
# - name: Checkout
# uses: actions/checkout@v4
# with:
# fetch-depth: 0
#
# - name: Get bumped Cargo files (Act)
# if: env.ACT == 'true'
# uses: actions/download-artifact@v4
# with:
# name: bumped-cargo-files
# path: ${{ github.workspace }}
#
# - name: Ensure repository is up-to-date
# if: env.ACT != 'true'
# run: |
# git fetch --all
# git pull
#
# - uses: actions/cache@v3
# name: Cache Cargo registry
# with:
# path: ~/.cargo/registry
# key: ${{ runner.os }}-cargo-registry-${{ hashFiles('Cargo.lock') }}
#
# - uses: actions/cache@v3
# with:
# path: ~/.cargo/bin
# key: ${{ runner.os }}-cargo-bin-${{ hashFiles('.github/workflows/release.yml') }}
#
# - name: Install Rust stable
# uses: dtolnay/rust-toolchain@stable
#
# - uses: katyo/publish-crates@v2
# if: env.ACT != 'true'
# with:
# registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}
CHANGELOG.md
-32
View File
@@ -8,35 +8,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [0.0.1] - 2025-09-10 ## [0.0.1] - 2025-09-10
### Other ### Other
## v0.0.2 (2025-09-14)
### Fix
- Revert back hacky stuff so I can test with act now
- Attempting to use pre-generated bindgens for the aws-lc-sys library
- Install openSSL differently to make this work
- Address edge case for unknown_musl targets
- Install LLVM prereqs for release flow
- Updated the release flow to install the external bindgen-cli
## v0.0.1 (2025-09-12)
### Feat
- Azure Key Vault support
- GCP Secret Manager support
- Full AWS SecretsManager support
- AWS Secrets Manager support
- Added two new flags to output where gman writes logs to and where it expects the config file to live
### Fix
- Made the vault file location more fault tolerant
- Attempting to maybe be a bit more explicit about config file handling to fix MacOS tests
### Refactor
- Refactor configuration structs directly into the provider definition to simplify validation, structs, and future extensions
- Made the creation of the log directories a bit more fault tolerant
- Renamed the provider field in a config file to type to make things a little easier to understand; also removed husky
Cargo.lock
Generated
+1 -1
View File
@@ -1576,7 +1576,7 @@ checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
[[package]] [[package]]
name = "gman" name = "gman"
version = "0.0.2" version = "0.0.1"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"argon2", "argon2",
Cargo.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[package] [package]
name = "gman" name = "gman"
version = "0.0.2" version = "0.0.1"
edition = "2024" edition = "2024"
authors = ["Alex Clarke <alex.j.tusa@gmail.com>"] authors = ["Alex Clarke <alex.j.tusa@gmail.com>"]
description = "Universal secret management and injection tool" description = "Universal secret management and injection tool"