ci: support semantic release and npm trusted publishers #81

Workflow file for this run

	name: CI

	on:
	push:
	workflow_dispatch:
	inputs:
	npm-package-version:
	description: Specify the package.json npm package version, e.g. `0.0.1-alpha.0`
	required: true
	npm-package-tag:
	description: Specify the tag to be used for npm publish, e.g. `latest`, `beta`, `alpha`
	required: true

	jobs:
	cancel-previous-runs:
	runs-on: ubuntu-latest
	steps:
	- name: Cancel Previous Runs
	uses: styfle/[email protected]
	with:
	access_token: ${{ github.token }}

	build_linux-x64-musl:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: x86_64-unknown-linux-musl
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: Download x86_64-linux-musl-cross toolchain
	run: curl -O -L -C - https://github.com/musl-cc/musl.cc/releases/download/v0.0.1/x86_64-linux-musl-cross.tgz
	- name: Install x86_64-linux-musl-cross toolchain
	run: tar xf x86_64-linux-musl-cross.tgz
	- name: Configure linux-x64-musl cross compile
	run: \|
	echo "CC_x86_64_unknown_linux_musl=$(pwd)/x86_64-linux-musl-cross/bin/x86_64-linux-musl-gcc" >> $GITHUB_ENV
	echo "CXX_x86_64_unknown_linux_musl=$(pwd)/x86_64-linux-musl-cross/bin/x86_64-linux-musl--g++" >> $GITHUB_ENV
	echo "AR_x86_64_unknown_linux_musl=$(pwd)/x86_64-linux-musl-cross/bin/x86_64-linux-musl-ar" >> $GITHUB_ENV
	echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=$(pwd)/x86_64-linux-musl-cross/bin/x86_64-linux-musl-gcc" >> $GITHUB_ENV
	echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_AR=$(pwd)/x86_64-linux-musl-cross/bin/x86_64-linux-musl-ar" >> $GITHUB_ENV
	echo "TARGET_PLATFORM=linux" >> $GITHUB_ENV
	echo "TARGET_ARCH=x64" >> $GITHUB_ENV
	echo "TARGET_LIBC=musl" >> $GITHUB_ENV
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: linux-x64-musl
	path: native/linux-x64-musl.node
	if-no-files-found: error

	build_linux-arm64-musl:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: aarch64-unknown-linux-musl
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: Download aarch64-linux-musl-cross toolchain
	run: curl -O -L -C - https://github.com/musl-cc/musl.cc/releases/download/v0.0.1/aarch64-linux-musl-cross.tgz
	- name: Install aarch64-linux-musl-cross toolchain
	run: tar xf aarch64-linux-musl-cross.tgz
	- name: Configure linux-arm64-musl cross compile
	run: \|
	echo "CC_aarch64_unknown_linux_musl=$(pwd)/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc" >> $GITHUB_ENV
	echo "CXX_aarch64_unknown_linux_musl=$(pwd)/aarch64-linux-musl-cross/bin/aarch64-linux-musl--g++" >> $GITHUB_ENV
	echo "AR_aarch64_unknown_linux_musl=$(pwd)/aarch64-linux-musl-cross/bin/aarch64-linux-musl-ar" >> $GITHUB_ENV
	echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=$(pwd)/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc" >> $GITHUB_ENV
	echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_AR=$(pwd)/aarch64-linux-musl-cross/bin/aarch64-linux-musl-ar" >> $GITHUB_ENV
	echo "TARGET_PLATFORM=linux" >> $GITHUB_ENV
	echo "TARGET_ARCH=arm64" >> $GITHUB_ENV
	echo "TARGET_LIBC=musl" >> $GITHUB_ENV
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: linux-arm64-musl
	path: native/linux-arm64-musl.node
	if-no-files-found: error

	build_linux-x64-glibc:
	runs-on: ubuntu-latest
	container:
	image: rust
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: x86_64-unknown-linux-gnu
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: linux-x64-glibc
	path: native/linux-x64-glibc.node
	if-no-files-found: error

	build_linux-arm64-glibc:
	runs-on: ubuntu-latest
	container:
	image: rust
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: aarch64-unknown-linux-gnu
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: Install cross compile deps
	run: \|
	apt-get update && apt-get install -y g++-aarch64-linux-gnu libc6-dev-arm64-cross gcc-aarch64-linux-gnu qemu-user
	- name: Configure linux-arm64 cross compile
	run: \|
	echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
	echo 'CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUNNER="qemu-aarch64 -L /usr/aarch64-linux-gnu"' >> $GITHUB_ENV
	echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
	echo "CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
	echo "CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++" >> $GITHUB_ENV
	echo "TARGET_ARCH=arm64" >> $GITHUB_ENV
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: linux-arm64-glibc
	path: native/linux-arm64-glibc.node
	if-no-files-found: error

	build_win-x64:
	runs-on: windows-2022
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: x86_64-pc-windows-msvc
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: win32-x64
	path: native/win32-x64.node
	if-no-files-found: error

	build_darwin-x64:
	if: ${{ false }}
	runs-on: macos-14
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: x86_64-apple-darwin
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: darwin-x64
	path: native/darwin-x64.node
	if-no-files-found: error

	build_darwin-arm64:
	runs-on: macos-14
	steps:
	- uses: actions/checkout@v5
	- uses: dtolnay/rust-toolchain@stable
	with:
	targets: aarch64-apple-darwin
	- uses: actions/setup-node@v6
	with:
	node-version: '25'
	- uses: Swatinem/rust-cache@v2
	- name: Configure macos-arm64 cross compile
	run: \|
	echo "SDKROOT=$(xcrun -sdk macosx --show-sdk-path)" >> $GITHUB_ENV
	echo "MACOSX_DEPLOYMENT_TARGET=$(xcrun -sdk macosx --show-sdk-platform-version)" >> $GITHUB_ENV
	echo "TARGET_ARCH=arm64" >> $GITHUB_ENV
	- name: npm i
	run: npm i
	- name: Build
	run: npm run build:cargo
	- uses: actions/upload-artifact@v5
	with:
	name: darwin-arm64
	path: native/darwin-arm64.node
	if-no-files-found: error

	test_linux-arm64-glibc:
	runs-on: ubuntu-latest
	needs:
	- build_linux-arm64-glibc
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v6
	with:
	name: linux-arm64-glibc
	path: native
	- name: npm i
	run: npm i
	- name: Build js
	run: npm run build:ts
	- uses: uraimo/run-on-arch-action@v2
	name: Run on arch
	with:
	arch: aarch64
	distro: ubuntu_latest
	githubToken: ${{ github.token }}
	install: \|
	apt-get update && apt-get install -y curl
	curl -fsSL https://deb.nodesource.com/setup_16.x \| bash -
	apt-get install -y --no-install-recommends nodejs
	run: \|
	npm run test:js

	test_linux-arm64-musl:
	runs-on: ubuntu-latest
	needs:
	- build_linux-arm64-musl
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v6
	with:
	name: linux-arm64-musl
	path: native
	- name: npm i
	run: npm i
	- name: Build js
	run: npm run build:ts
	- uses: uraimo/run-on-arch-action@v2
	name: Run on arch
	with:
	arch: aarch64
	distro: alpine_latest
	githubToken: ${{ github.token }}
	install: \|
	apk add nodejs npm
	run: \|
	npm run test:js

	test_linux-x64-glibc:
	runs-on: ubuntu-latest
	container:
	image: node:18-bookworm
	needs:
	- build_linux-x64-glibc
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v6
	with:
	name: linux-x64-glibc
	path: native
	- name: npm i
	run: npm i
	- name: Build js
	run: npm run build:ts
	- name: Test js
	run: npm run test:js
	- name: Test examples
	working-directory: examples
	run: npm i && npm test

	test_linux-x64-musl:
	runs-on: ubuntu-latest
	container:
	image: node:18-alpine
	needs:
	- build_linux-x64-musl
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v6
	with:
	name: linux-x64-musl
	path: native
	- name: npm i
	run: npm i
	- name: Build js
	run: npm run build:ts
	- name: Test js
	run: npm run test:js
	- name: Test examples
	working-directory: examples
	run: npm i && npm test

	test_win-x64:
	runs-on: windows-2022
	needs:
	- build_win-x64
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v6
	with:
	name: win32-x64
	path: native
	- name: npm i
	run: npm i
	- name: Build js
	run: npm run build:ts
	- name: Test js
	run: npm run test:js
	- name: Test examples
	working-directory: examples
	run: npm i && npm test

	test_darwin-x64:
	if: ${{ false }}
	runs-on: macos-14
	needs:
	- build_darwin-x64
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v6
	with:
	name: darwin-x64
	path: native
	- name: npm i
	run: npm i
	- name: Build js
	run: npm run build:ts
	- name: Test js
	run: npm run test:js
	- name: Test examples
	working-directory: examples
	run: npm i && npm test

	build-publish:
	needs:
	- build_linux-x64-musl
	- build_linux-arm64-musl
	- build_linux-x64-glibc
	- build_linux-arm64-glibc
	- build_win-x64
	- build_darwin-arm64
	permissions:
	contents: write
	id-token: write
	issues: write
	pull-requests: write
	runs-on: ubuntu-latest
	outputs:
	docker_image_digest: ${{ steps.docker_push.outputs.digest }}
	version: ${{ steps.docker_meta.outputs.version }}
	new_release_published: ${{ steps.semantic.outputs.new_release_published }}
	steps:
	- name: Generate release bot app token
	id: generate_token
	uses: actions/create-github-app-token@v2
	with:
	app-id: ${{ secrets.HIROSYSTEMS_RELEASE_BOT_ID }}
	private-key: ${{ secrets.HIROSYSTEMS_RELEASE_BOT_PEM }}

	- name: Checkout
	uses: actions/checkout@v5
	with:
	persist-credentials: false

	- name: Get bot user ID
	id: bot-user-id
	run: \|
	echo "user-id=$(gh api "/users/${{ steps.generate_token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
	env:
	GH_TOKEN: ${{ steps.generate_token.outputs.token }}

	- uses: actions/download-artifact@v6
	with:
	path: native
	- name: Position downloaded artifacts
	run: \|
	mkdir -p ./native
	find ./native -mindepth 2 -type f -exec mv -t ./native -i '{}' +
	find ./native -mindepth 1 -type d -empty -delete
	ls -R ./native

	- name: Semantic Release
	uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5
	id: semantic
	if: github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.full_name == github.repository
	env:
	GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
	SEMANTIC_RELEASE_PACKAGE: ${{ github.event.repository.name }}
	GIT_AUTHOR_EMAIL: "${{ steps.bot-user-id.outputs.user-id }}+${{ steps.generate_token.outputs.app-slug }}[bot]@users.noreply.github.com"
	GIT_COMMITTER_EMAIL: "${{ steps.bot-user-id.outputs.user-id }}+${{ steps.generate_token.outputs.app-slug }}[bot]@users.noreply.github.com"
	with:
	extra_plugins: \|
	@semantic-release/[email protected]
	@semantic-release/[email protected]
	@semantic-release/[email protected]
	[email protected]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci: support semantic release and npm trusted publishers #81

Workflow file

ci: support semantic release and npm trusted publishers #81

Uh oh!

Jobs

Run details

Workflow file for this run