|
1 | | -name: Build runzip |
| 1 | +name: Build ripunzip |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | workflow_dispatch: |
5 | 5 | inputs: |
6 | 6 | ripunzip-version: |
7 | | - description: "what reference to checktout from google/runzip" |
| 7 | + description: What reference to checkout from google/ripunzip. Latest by default |
8 | 8 | required: false |
9 | | - default: v2.0.2 |
10 | 9 | openssl-version: |
11 | | - description: "what reference to checkout from openssl/openssl for Linux" |
| 10 | + description: What reference to checkout from openssl/openssl for Linux. Latest by default |
12 | 11 | required: false |
13 | | - default: openssl-3.5.0 |
| 12 | + open-pr: |
| 13 | + description: Open a pull request updating the ripunzip versions committed to lfs |
| 14 | + required: false |
| 15 | + default: true # will be false on PRs |
| 16 | + pull_request: |
| 17 | + paths: |
| 18 | + - .github/workflows/build-ripunzip.yml |
14 | 19 |
|
| 20 | +permissions: {} |
| 21 | + |
15 | 22 | jobs: |
| 23 | + versions: |
| 24 | + runs-on: ubuntu-slim |
| 25 | + outputs: |
| 26 | + ripunzip-version: ${{ inputs.ripunzip-version || steps.fetch-ripunzip-version.outputs.version }} |
| 27 | + openssl-version: ${{ inputs.openssl-version || steps.fetch-openssl-version.outputs.version }} |
| 28 | + steps: |
| 29 | + - name: Fetch latest ripunzip version |
| 30 | + id: fetch-ripunzip-version |
| 31 | + if: "!inputs.ripunzip-version" |
| 32 | + run: &fetch-version |
| 33 | + echo "version=$(gh release view --repo $REPO --json tagName --jq .tagName)" | tee -a $GITHUB_OUTPUT |
| 34 | + env: |
| 35 | + REPO: "google/ripunzip" |
| 36 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 37 | + - name: Fetch latest openssl version |
| 38 | + id: fetch-openssl-version |
| 39 | + if: "!inputs.openssl-version" |
| 40 | + run: *fetch-version |
| 41 | + env: |
| 42 | + REPO: "openssl/openssl" |
| 43 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
16 | 44 | build: |
| 45 | + needs: versions |
17 | 46 | strategy: |
18 | 47 | fail-fast: false |
19 | 48 | matrix: |
20 | | - os: [ubuntu-22.04, macos-13, windows-2022] |
| 49 | + os: [ubuntu-24.04, macos-15, windows-2025] |
21 | 50 | runs-on: ${{ matrix.os }} |
22 | 51 | steps: |
23 | 52 | - uses: actions/checkout@v5 |
24 | 53 | with: |
25 | 54 | repository: google/ripunzip |
26 | | - ref: ${{ inputs.ripunzip-version }} |
| 55 | + ref: ${{ needs.versions.outputs.ripunzip-version }} |
27 | 56 | # we need to avoid ripunzip dynamically linking into libssl |
28 | 57 | # see https://github.com/sfackler/rust-openssl/issues/183 |
29 | 58 | - if: runner.os == 'Linux' |
|
32 | 61 | with: |
33 | 62 | repository: openssl/openssl |
34 | 63 | path: openssl |
35 | | - ref: ${{ inputs.openssl-version }} |
| 64 | + ref: ${{ needs.versions.outputs.openssl-version }} |
36 | 65 | - if: runner.os == 'Linux' |
37 | 66 | name: build and install openssl with fPIC |
38 | 67 | shell: bash |
@@ -64,11 +93,74 @@ jobs: |
64 | 93 | lipo -create -output ripunzip-macos \ |
65 | 94 | -arch x86_64 target/x86_64-apple-darwin/release/ripunzip \ |
66 | 95 | -arch arm64 target/aarch64-apple-darwin/release/ripunzip |
67 | | - - uses: actions/upload-artifact@v4 |
| 96 | + - name: Archive |
| 97 | + shell: bash |
| 98 | + run: | |
| 99 | + tar acf ripunzip-$RUNNER_OS.tar.zst ripunzip-$(echo $RUNNER_OS | tr '[:upper:]' '[:lower:]') |
| 100 | + - name: Upload built binary |
| 101 | + uses: actions/upload-artifact@v4 |
68 | 102 | with: |
69 | 103 | name: ripunzip-${{ runner.os }} |
70 | | - path: ripunzip-* |
| 104 | + path: ripunzip-${{ runner.os }}.tar.zst |
| 105 | + retention-days: 5 |
| 106 | + compression: 0 |
71 | 107 | - name: Check built binary |
72 | 108 | shell: bash |
73 | 109 | run: | |
| 110 | + rm -f ripunzip-*.tar.zst |
74 | 111 | ./ripunzip-* --version |
| 112 | + publish: |
| 113 | + needs: [versions, build] |
| 114 | + if: inputs.open-pr == 'true' |
| 115 | + permissions: |
| 116 | + contents: write |
| 117 | + pull-requests: write |
| 118 | + runs-on: ubuntu-slim |
| 119 | + steps: |
| 120 | + # workaround for git-lfs not being installed yet on ubuntu-slim runners |
| 121 | + - name: Ensure git-lfs is installed |
| 122 | + shell: bash |
| 123 | + run: | |
| 124 | + if which git-lfs &>/dev/null; then |
| 125 | + echo "git-lfs is already installed" |
| 126 | + exit 0 |
| 127 | + fi |
| 128 | + cd $TMP |
| 129 | + gh release download --repo git-lfs/git-lfs --pattern "git-lfs-linux-amd64-*.tar.gz" --clobber |
| 130 | + tar xzf git-lfs-linux-amd64-*.tar.gz |
| 131 | + rm git-lfs-linux-amd64-*.tar.gz |
| 132 | + cd git-lfs-* |
| 133 | + pwd | tee -a $GITHUB_PATH |
| 134 | + env: |
| 135 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 136 | + - uses: actions/checkout@v5 |
| 137 | + with: |
| 138 | + sparse-checkout: | |
| 139 | + .github |
| 140 | + misc/ripunzip |
| 141 | + lfs: true |
| 142 | + - name: Download built binaries |
| 143 | + uses: actions/download-artifact@v4 |
| 144 | + with: |
| 145 | + merge-multiple: true |
| 146 | + path: misc/ripunzip |
| 147 | + - name: Open PR |
| 148 | + shell: bash |
| 149 | + run: | |
| 150 | + git config --global user.name "github-actions[bot]" |
| 151 | + git config --global user.email "github-actions[bot]@users.noreply.github.com" |
| 152 | + git switch -c update-ripunzip |
| 153 | + git add misc/ripunzip |
| 154 | + git commit -m "Update ripunzip binaries to version $VERSION" |
| 155 | + git push --set-upstream origin update-ripunzip --force |
| 156 | + TITLE="Update ripunzip binaries to version $VERSION" |
| 157 | + gh pr create \ |
| 158 | + --draft \ |
| 159 | + --title "$TITLE" \ |
| 160 | + --body "Automated update of ripunzip binaries." \ |
| 161 | + --assignee "$ACTOR" || |
| 162 | + (gh pr edit --title "$TITLE" --add-assignee "$ACTOR" && gh pr ready --undo) |
| 163 | + env: |
| 164 | + ACTOR: ${{ github.actor }} |
| 165 | + VERSION: ${{ needs.versions.outputs.ripunzip-version }} |
| 166 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
0 commit comments