name: release # Triggers on semver tag push (v0.1.0, v0.1.1, etc.). Builds release # artifacts for x86_64 and arm64, then publishes them on a GitHub # Release matching the tag. # # Maintainer flow: # git tag v0.1.0 # git push origin v0.1.0 # → CI builds + publishes release with iamroot-x86_64 + iamroot-arm64 on: push: tags: ['v*.*.*'] workflow_dispatch: # allow manual re-runs permissions: contents: write # needed by softprops/action-gh-release jobs: build: strategy: fail-fast: false matrix: include: - target: x86_64 cc: gcc apt: build-essential - target: arm64 cc: aarch64-linux-gnu-gcc apt: build-essential gcc-aarch64-linux-gnu libc6-dev-arm64-cross linux-libc-dev-arm64-cross name: build (${{ matrix.target }}) runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: install build deps run: | sudo apt-get update -qq sudo apt-get install -y --no-install-recommends ${{ matrix.apt }} linux-libc-dev - name: build env: CC: ${{ matrix.cc }} run: | make file iamroot ls -la iamroot - name: rename + checksum run: | mv iamroot iamroot-${{ matrix.target }} sha256sum iamroot-${{ matrix.target }} > iamroot-${{ matrix.target }}.sha256 - uses: actions/upload-artifact@v4 with: name: iamroot-${{ matrix.target }} path: | iamroot-${{ matrix.target }} iamroot-${{ matrix.target }}.sha256 release: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/download-artifact@v4 with: path: dist - name: flatten artifacts run: | find dist -type f -exec mv {} . \; ls -la iamroot-* - name: collect release notes id: notes run: | tag="${GITHUB_REF#refs/tags/}" echo "tag=$tag" >> "$GITHUB_OUTPUT" # Pull the latest entry from CVES.md / ROADMAP.md for the body { echo "## IAMROOT $tag" echo echo "Pre-built binaries for x86_64 and arm64. Checksums alongside." echo echo "### Install" echo echo '```bash' echo "curl -sSLfo /tmp/iamroot https://github.com/${GITHUB_REPOSITORY}/releases/download/${tag}/iamroot-\$(uname -m | sed s/aarch64/arm64/)" echo "chmod +x /tmp/iamroot && sudo mv /tmp/iamroot /usr/local/bin/iamroot" echo "iamroot --version" echo '```' echo echo "Or one-shot via the install script:" echo echo '```bash' echo "curl -sSL https://github.com/${GITHUB_REPOSITORY}/releases/download/${tag}/install.sh | sh" echo '```' echo echo "### What's in this release" echo echo "See [\`CVES.md\`](https://github.com/${GITHUB_REPOSITORY}/blob/${tag}/CVES.md) for the curated CVE inventory." echo "See [\`ROADMAP.md\`](https://github.com/${GITHUB_REPOSITORY}/blob/${tag}/ROADMAP.md) for phase progress." } > release-notes.md - name: publish release uses: softprops/action-gh-release@v2 with: tag_name: ${{ steps.notes.outputs.tag }} name: IAMROOT ${{ steps.notes.outputs.tag }} body_path: release-notes.md files: | iamroot-x86_64 iamroot-x86_64.sha256 iamroot-arm64 iamroot-arm64.sha256 install.sh fail_on_unmatched_files: false # install.sh may not exist at first tag