diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fc792e8..fc1e68a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -129,10 +129,6 @@ jobs: path: artifacts/ merge-multiple: true - - name: Generate SHA256 checksums - working-directory: artifacts - run: sha256sum * | tee sha256sums.txt - - name: Create or update GitHub Release env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -313,3 +309,107 @@ jobs: commit_email: vmvarela@gmail.com ssh_private_key: ${{ secrets.AUR_SSH_KEY }} commit_message: "Update to ${{ github.ref_name }}" + + # ── Build and upload .deb packages ───────────────────────────────── + # Generates Debian packages for amd64, arm64, arm7 and 386 using nfpm. + # Each arch is independent — one failing arch does not block the others. + package-deb: + name: Package DEB (${{ matrix.goarch }}) + needs: release + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - goarch: amd64 + asset: sql-pipe-x86_64-linux + - goarch: arm64 + asset: sql-pipe-aarch64-linux + - goarch: arm7 + asset: sql-pipe-armv7-linux + - goarch: "386" + asset: sql-pipe-x86-linux + + permissions: + contents: write + + steps: + - uses: actions/checkout@v4 + + - name: Download all artifacts + uses: actions/download-artifact@v8 + with: + path: artifacts/ + merge-multiple: true + + - name: Install nfpm + run: | + NFPM_VERSION=2.45.1 + curl -sfL -o /tmp/nfpm.tar.gz \ + "https://github.com/goreleaser/nfpm/releases/download/v${NFPM_VERSION}/nfpm_${NFPM_VERSION}_linux_amd64.tar.gz" + tar -xzf /tmp/nfpm.tar.gz -C /usr/local/bin nfpm + + - name: Stage files for packaging + run: | + mkdir -p pkg-work + cp artifacts/${{ matrix.asset }} pkg-work/sql-pipe + chmod +x pkg-work/sql-pipe + cp artifacts/sql-pipe.1.gz pkg-work/sql-pipe.1.gz + cp LICENSE pkg-work/LICENSE + + - name: Build .deb + working-directory: pkg-work + env: + VERSION: ${{ github.ref_name }} + GOARCH: ${{ matrix.goarch }} + run: | + VERSION="${VERSION#v}" + mkdir -p dist + VERSION="$VERSION" GOARCH="$GOARCH" \ + nfpm package -p deb \ + -f "$GITHUB_WORKSPACE/packaging/nfpm.yaml" \ + -t dist/ + + - name: Upload .deb to GitHub Release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: pkg-work + run: | + gh release upload "${{ github.ref_name }}" dist/*.deb \ + --repo "${{ github.repository }}" \ + --clobber + + # ── Generate final SHA256 checksums ──────────────────────────────── + # Runs after both release and package-deb so sha256sums.txt covers + # all assets: binaries, man page AND .deb packages. + checksums: + name: Generate SHA256 checksums + needs: [release, package-deb] + if: ${{ always() && needs.release.result == 'success' }} + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Download all release assets + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + mkdir -p assets + gh release download "${{ github.ref_name }}" \ + --repo "${{ github.repository }}" \ + --dir assets + + - name: Generate SHA256 checksums + working-directory: assets + run: | + # Exclude any pre-existing sha256sums.txt to avoid self-referencing + sha256sum $(ls | grep -v sha256sums.txt) | tee sha256sums.txt + + - name: Upload sha256sums.txt to GitHub Release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release upload "${{ github.ref_name }}" assets/sha256sums.txt \ + --repo "${{ github.repository }}" \ + --clobber diff --git a/README.md b/README.md index b1e623a..164693a 100644 --- a/README.md +++ b/README.md @@ -35,17 +35,14 @@ By default it installs to `/usr/local/bin`. Override with `INSTALL_DIR`: curl -sSL https://raw.githubusercontent.com/vmvarela/sql-pipe/master/install.sh | INSTALL_DIR="$HOME/.local/bin" sh ``` -**Shell installer (Linux/macOS):** +**Debian / Ubuntu (.deb package):** ```sh -curl -sSL https://raw.githubusercontent.com/vmvarela/sql-pipe/master/install.sh | sh +wget https://github.com/vmvarela/sql-pipe/releases/latest/download/sql-pipe_VERSION_amd64.deb +sudo dpkg -i sql-pipe_VERSION_amd64.deb ``` -By default it installs to `/usr/local/bin`. Override with `INSTALL_DIR`: - -```sh -curl -sSL https://raw.githubusercontent.com/vmvarela/sql-pipe/master/install.sh | INSTALL_DIR="$HOME/.local/bin" sh -``` +Replace `VERSION` with the release version (e.g. `0.2.0`) and `amd64` with your architecture (`arm64`, `armhf`, or `386`). **Arch Linux (AUR):** install with your preferred AUR helper: diff --git a/packaging/nfpm.yaml b/packaging/nfpm.yaml new file mode 100644 index 0000000..58207fd --- /dev/null +++ b/packaging/nfpm.yaml @@ -0,0 +1,38 @@ +# nfpm package configuration for sql-pipe +# Used by the CI release workflow to generate .deb (and .rpm) packages. +# +# Variables injected by the CI environment before invoking nfpm: +# VERSION — semver without leading "v" (e.g. "0.2.0") +# GOARCH — nfpm architecture token: +# amd64 → x86_64 binaries +# arm64 → aarch64 binaries +# armhf → armv7 binaries +# 386 → x86 binaries +# +# Invocation (from the CI working directory that contains the staged files): +# VERSION=0.2.0 GOARCH=amd64 nfpm package -p deb -f packaging/nfpm.yaml -t dist/ + +name: sql-pipe +arch: "${GOARCH}" +version: "${VERSION}" +maintainer: vmvarela +description: Read CSV from stdin, query with SQL, write CSV to stdout +homepage: https://github.com/vmvarela/sql-pipe +license: MIT + +contents: + # Binary — installed into /usr/bin and made executable + - src: ./sql-pipe + dst: /usr/bin/sql-pipe + file_info: + mode: 0755 + + # Man page — Debian convention: gzipped under /usr/share/man/man1/ + - src: ./sql-pipe.1.gz + dst: /usr/share/man/man1/sql-pipe.1.gz + packager: deb + + # License — Debian policy requires the copyright file under /usr/share/doc// + - src: ./LICENSE + dst: /usr/share/doc/sql-pipe/copyright + packager: deb