numa/.github/workflows/release.yml

name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build:
    strategy:
      matrix:
        include:
          - target: x86_64-apple-darwin
            os: macos-latest
            name: numa-macos-x86_64
          - target: aarch64-apple-darwin
            os: macos-latest
            name: numa-macos-aarch64
          - target: x86_64-unknown-linux-musl
            os: ubuntu-latest
            name: numa-linux-x86_64
          - target: aarch64-unknown-linux-musl
            os: ubuntu-latest
            name: numa-linux-aarch64
          - target: x86_64-pc-windows-msvc
            os: windows-latest
            name: numa-windows-x86_64

    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.target }}

      - name: Install musl tools (x86_64)
        if: matrix.target == 'x86_64-unknown-linux-musl'
        run: sudo apt-get update && sudo apt-get install -y musl-tools

      - name: Install cross (aarch64)
        if: matrix.target == 'aarch64-unknown-linux-musl'
        run: cargo install cross

      - name: Build (native)
        if: matrix.target != 'aarch64-unknown-linux-musl'
        run: cargo build --release --target ${{ matrix.target }}

      - name: Build (cross)
        if: matrix.target == 'aarch64-unknown-linux-musl'
        run: cross build --release --target ${{ matrix.target }}

      - name: Package (Unix)
        if: runner.os != 'Windows'
        run: |
          cd target/${{ matrix.target }}/release
          tar czf ../../../${{ matrix.name }}.tar.gz numa
          cd ../../..
          sha256sum ${{ matrix.name }}.tar.gz > ${{ matrix.name }}.tar.gz.sha256 || shasum -a 256 ${{ matrix.name }}.tar.gz > ${{ matrix.name }}.tar.gz.sha256

      - name: Package (Windows)
        if: runner.os == 'Windows'
        shell: pwsh
        run: |
          Compress-Archive -Path "target/${{ matrix.target }}/release/numa.exe" -DestinationPath "${{ matrix.name }}.zip"
          (Get-FileHash "${{ matrix.name }}.zip" -Algorithm SHA256).Hash.ToLower() + "  ${{ matrix.name }}.zip" | Out-File "${{ matrix.name }}.zip.sha256" -Encoding ascii

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.name }}
          path: |
            ${{ matrix.name }}.tar.gz
            ${{ matrix.name }}.tar.gz.sha256
            ${{ matrix.name }}.zip
            ${{ matrix.name }}.zip.sha256

  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Publish to crates.io
        run: cargo publish
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

  release:
    needs: [build, publish]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v4
        with:
          merge-multiple: true

      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
          # Use a PAT (not the default GITHUB_TOKEN) so the resulting
          # `release: published` event propagates to downstream workflows
          # like homebrew-bump.yml. Events triggered by GITHUB_TOKEN are
          # deliberately not propagated by GitHub Actions to prevent
          # infinite loops; PAT-authored events are the documented escape
          # hatch. Reusing HOMEBREW_TAP_GITHUB_TOKEN (already a PAT used
          # by homebrew-bump.yml itself) keeps the secret surface flat.
          token: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
          generate_release_notes: true
          files: |
            *.tar.gz
            *.zip
            *.sha256