name: cargo install
author: David Tolnay
description: Fast `cargo install` action using a GitHub-based binary cache
inputs:
  github_token:
    description: Access token for connecting to GitHub API for artifact attestation; normally the ephemeral {{github.token}} when used in a GitHub workflow, or a personal access token {{secrets.GH_TOKEN}} in Gitea's act runner
    default: ${{github.token}}
runs:
  using: composite
  steps:
    - name: Check inputs
      run: |
        echo "crate=cargo-web" >> $GITHUB_OUTPUT
        echo "bin=cargo-web" >> $GITHUB_OUTPUT
      shell: bash
      id: inputs
    - name: Determine cargo bin directory
      run: echo "dir=$(dirname $(which cargo))" >> $GITHUB_OUTPUT
      shell: bash
      id: cargo
    - name: Download ${{steps.inputs.outputs.bin}}
      run: curl --output ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}} https://github.com/dtolnay/install/releases/download/${{steps.inputs.outputs.crate}}/${{steps.inputs.outputs.bin}} --location --silent --show-error --fail --retry 5
      shell: bash
    - name: Verify artifact attestation
      run: gh attestation verify --owner dtolnay ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
      env:
        GH_TOKEN: ${{inputs.github_token}}
      shell: bash
    - name: Set executable bit
      run: chmod +x ${{steps.cargo.outputs.dir}}/${{steps.inputs.outputs.bin}}
      shell: bash