name: build on: workflow_call: inputs: crate: required: true type: string bin: required: false type: string git: required: false type: string branch: required: false type: string secrets: private_key: required: true jobs: build: name: ${{inputs.crate}} runs-on: ubuntu-latest permissions: contents: write steps: - uses: actions/checkout@v3 - uses: dtolnay/rust-toolchain@stable - run: cargo install --force ${{inputs.crate}} --bin ${{inputs.bin || inputs.crate}} ${{inputs.git && format('--git={0}', inputs.git) || ''}} ${{inputs.branch && format('--branch={0}', inputs.branch) || ''}} - id: which run: echo "::set-output name=which::$(which ${{inputs.bin || inputs.crate}})" - id: version run: echo "::set-output name=version::$(cargo install --list | grep -o '^${{inputs.crate}} \([^ :]\)\+')" - run: echo "$PRIVATE_KEY" | gpg --import env: PRIVATE_KEY: ${{secrets.private_key}} - run: gpg --output ${{inputs.bin || inputs.crate}}.sig --detach-sig ${{steps.which.outputs.which}} - run: gpg --output signing-key.gpg --dearmor signing-key.asc - run: gpg --no-default-keyring --keyring ./signing-key.gpg --verify ${{inputs.bin || inputs.crate}}.sig ${{steps.which.outputs.which}} - run: git push origin :refs/tags/${{input.crate}} || true - uses: softprops/action-gh-release@v1 with: tag_name: ${{inputs.crate}} target_commitish: ${{github.ref}} files: | ${{steps.which.outputs.which}} ${{inputs.bin || inputs.crate}}.sig fail_on_unmatched_files: true body: ${{steps.version.outputs.version}}