1name: Release Candidate
2
3# Cuts a v1 release-candidate pre-release (e.g. v1.0.0-rc3) from the
4# release/v1 stabilization branch. The rc number is computed automatically
5# from existing tags. Run manually from the Actions tab.
6
7on:
8 workflow_dispatch:
9 inputs:
10 base_version:
11 description: "Base version the rc leads up to"
12 type: string
13 default: "1.0.0"
14 dry_run:
15 description: "Compute and print the next tag without tagging or releasing"
16 type: boolean
17 default: false
18
19permissions:
20 contents: write # to create tags and the GitHub pre-release
21 id-token: write # to sign the release
22
23jobs:
24 tag:
25 runs-on: ubuntu-latest
26 outputs:
27 tag: ${{ steps.compute.outputs.tag }}
28 prev_stable: ${{ steps.compute.outputs.prev_stable }}
29 steps:
30 - name: Guard branch
31 if: github.ref != 'refs/heads/release/v1'
32 run: |
33 echo "::error::Release candidates must be cut from release/v1 (got ${{ github.ref }})."
34 exit 1
35
36 - name: Checkout
37 uses: actions/checkout@v6
38 with:
39 fetch-depth: 0
40
41 - name: Compute next rc tag
42 id: compute
43 run: |
44 set -euo pipefail
45 BASE="${{ inputs.base_version }}"
46 git fetch --tags --force
47 # Highest existing rc number for this base version, 0 if none yet.
48 LATEST=$(git tag -l "v${BASE}-rc*" \
49 | sed -E "s/^v${BASE}-rc//" \
50 | grep -E '^[0-9]+$' \
51 | sort -n | tail -1 || true)
52 NEXT=$(( ${LATEST:-0} + 1 ))
53 TAG="v${BASE}-rc${NEXT}"
54 echo "Next release candidate: $TAG"
55 echo "tag=$TAG" >> "$GITHUB_OUTPUT"
56
57 # Last STABLE release tag (no -rc / nightly / preview). Used as the
58 # changelog base so every rc's notes are cumulative since the last
59 # stable — covering all prior rc changes too, not just the last rc.
60 PREV_STABLE=$(git tag -l 'v*' \
61 | grep -vE '\-rc|nightly|preview' \
62 | sort -V | tail -1 || true)
63 echo "Changelog base (last stable): ${PREV_STABLE:-<none>}"
64 echo "prev_stable=$PREV_STABLE" >> "$GITHUB_OUTPUT"
65
66 - name: Create and push tag
67 if: ${{ !inputs.dry_run }}
68 run: |
69 set -euo pipefail
70 TAG="${{ steps.compute.outputs.tag }}"
71 git config user.name "Floatpane Bot"
72 git config user.email "us@floatpane.com"
73 git tag -a "$TAG" -m "Release candidate $TAG"
74 git push origin "$TAG"
75
76 goreleaser:
77 needs: tag
78 if: ${{ !inputs.dry_run }}
79 runs-on: macos-latest
80 steps:
81 - name: Checkout
82 uses: actions/checkout@v6
83 with:
84 fetch-depth: 0
85 ref: ${{ needs.tag.outputs.tag }}
86
87 - name: Set up Go
88 uses: actions/setup-go@v6
89 with:
90 go-version: "1.26.3"
91
92 - name: Set up Zig
93 uses: goto-bus-stop/setup-zig@v2
94
95 - name: Set up libpcsclite for Linux cross-compilation
96 run: |
97 PCSC_DIR="$RUNNER_TEMP/pcsclite"
98 mkdir -p "$PCSC_DIR/include" "$PCSC_DIR/lib/pkgconfig"
99
100 # Download pcsc-lite headers from upstream
101 PCSC_URL="https://raw.githubusercontent.com/LudovicRousseau/PCSC/master/src/PCSC"
102 for header in winscard.h wintypes.h; do
103 curl -fsSL "$PCSC_URL/$header" -o "$PCSC_DIR/include/$header"
104 done
105 # pcsclite.h is generated from pcsclite.h.in — download and substitute the version placeholder
106 curl -fsSL "$PCSC_URL/pcsclite.h.in" -o "$PCSC_DIR/include/pcsclite.h"
107 sed -i '' 's/@VERSION@/1.9.0/' "$PCSC_DIR/include/pcsclite.h"
108
109 # Build stub library — the real libpcsclite is loaded at runtime on the user's system,
110 # but the linker needs symbols to resolve during cross-compilation.
111 cat > "$RUNNER_TEMP/pcsclite_stub.c" << 'STUB'
112 #include <stddef.h>
113 typedef long LONG;
114 typedef unsigned long DWORD;
115 typedef void *LPCVOID;
116 typedef char *LPSTR;
117 typedef const char *LPCSTR;
118 typedef unsigned char *LPBYTE;
119 typedef unsigned char BYTE;
120 typedef LONG SCARDCONTEXT;
121 typedef LONG SCARDHANDLE;
122 typedef struct { DWORD dwProtocol; DWORD cbPciLength; } SCARD_IO_REQUEST;
123 typedef struct { LPCSTR szReader; DWORD dwCurrentState; DWORD dwEventState; DWORD cbAtr; unsigned char rgbAtr[36]; void *pvUserData; } SCARD_READERSTATE;
124 LONG SCardEstablishContext(DWORD s, LPCVOID r1, LPCVOID r2, SCARDCONTEXT *c) { return 0; }
125 LONG SCardReleaseContext(SCARDCONTEXT c) { return 0; }
126 LONG SCardIsValidContext(SCARDCONTEXT c) { return 0; }
127 LONG SCardCancel(SCARDCONTEXT c) { return 0; }
128 LONG SCardConnect(SCARDCONTEXT c, LPCSTR r, DWORD s, DWORD p, SCARDHANDLE *h, DWORD *ap) { return 0; }
129 LONG SCardReconnect(SCARDHANDLE h, DWORD s, DWORD p, DWORD d, DWORD *ap) { return 0; }
130 LONG SCardDisconnect(SCARDHANDLE h, DWORD d) { return 0; }
131 LONG SCardBeginTransaction(SCARDHANDLE h) { return 0; }
132 LONG SCardEndTransaction(SCARDHANDLE h, DWORD d) { return 0; }
133 LONG SCardStatus(SCARDHANDLE h, LPSTR r, DWORD *rl, DWORD *s, DWORD *p, LPBYTE a, DWORD *al) { return 0; }
134 LONG SCardTransmit(SCARDHANDLE h, const SCARD_IO_REQUEST *si, const BYTE *s, DWORD sl, SCARD_IO_REQUEST *ri, BYTE *r, DWORD *rl) { return 0; }
135 LONG SCardControl(SCARDHANDLE h, DWORD c, LPCVOID i, DWORD il, void *o, DWORD ol, DWORD *br) { return 0; }
136 LONG SCardGetAttrib(SCARDHANDLE h, DWORD a, LPBYTE b, DWORD *bl) { return 0; }
137 LONG SCardSetAttrib(SCARDHANDLE h, DWORD a, const BYTE *b, DWORD bl) { return 0; }
138 LONG SCardListReaders(SCARDCONTEXT c, LPCSTR g, LPSTR r, DWORD *rl) { return 0; }
139 LONG SCardListReaderGroups(SCARDCONTEXT c, LPSTR g, DWORD *gl) { return 0; }
140 LONG SCardGetStatusChange(SCARDCONTEXT c, DWORD t, SCARD_READERSTATE *s, DWORD n) { return 0; }
141 LONG SCardFreeMemory(SCARDCONTEXT c, LPCVOID m) { return 0; }
142 const char *pcsc_stringify_error(LONG e) { return "stub"; }
143 STUB
144
145 zig cc -c -target x86_64-linux-musl -o "$RUNNER_TEMP/pcsclite_stub_amd64.o" "$RUNNER_TEMP/pcsclite_stub.c"
146 zig cc -c -target aarch64-linux-musl -o "$RUNNER_TEMP/pcsclite_stub_arm64.o" "$RUNNER_TEMP/pcsclite_stub.c"
147
148 mkdir -p "$PCSC_DIR/lib/amd64" "$PCSC_DIR/lib/arm64"
149 ar rcs "$PCSC_DIR/lib/amd64/libpcsclite.a" "$RUNNER_TEMP/pcsclite_stub_amd64.o"
150 ar rcs "$PCSC_DIR/lib/arm64/libpcsclite.a" "$RUNNER_TEMP/pcsclite_stub_arm64.o"
151
152 # Create pkg-config file — Libs will be overridden per-arch via CGO_LDFLAGS in goreleaser
153 cat > "$PCSC_DIR/lib/pkgconfig/libpcsclite.pc" << EOF
154 Name: libpcsclite
155 Description: PC/SC Lite
156 Version: 1.9.0
157 Cflags: -I$PCSC_DIR/include
158 Libs: -L$PCSC_DIR/lib/amd64 -lpcsclite
159 EOF
160
161 echo "PKG_CONFIG_PATH=$PCSC_DIR/lib/pkgconfig" >> $GITHUB_ENV
162 echo "PCSC_DIR=$PCSC_DIR" >> $GITHUB_ENV
163
164 - name: Get macOS SDK path
165 id: macos_sdk
166 run: echo "path=$(xcrun --show-sdk-path)" >> $GITHUB_OUTPUT
167
168 - name: Run GoReleaser
169 uses: goreleaser/goreleaser-action@v7
170 with:
171 version: latest
172 args: release --clean --config .goreleaser.rc.yml
173 env:
174 SDK_PATH: ${{ steps.macos_sdk.outputs.path }}
175 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
176 # Force the changelog base to the last stable tag so rc notes are
177 # cumulative across every rc since that release.
178 GORELEASER_PREVIOUS_TAG: ${{ needs.tag.outputs.prev_stable }}
179
180 snapcraft:
181 needs: [tag, goreleaser]
182 if: ${{ !inputs.dry_run }}
183 runs-on: ${{ matrix.runner }}
184 strategy:
185 matrix:
186 include:
187 - arch: amd64
188 runner: ubuntu-latest
189 - arch: arm64
190 runner: ubuntu-24.04-arm
191 steps:
192 - name: Checkout
193 uses: actions/checkout@v6
194 with:
195 fetch-depth: 0
196 ref: ${{ needs.tag.outputs.tag }}
197
198 - name: Install Snapcraft and LXD
199 run: |
200 sudo snap install snapcraft --classic
201 sudo snap install lxd
202 sudo lxd init --auto
203 sudo iptables -P FORWARD ACCEPT
204 sudo usermod -aG lxd $USER
205
206 - name: Build snap
207 run: sg lxd -c 'snapcraft pack --use-lxd --build-for=${{ matrix.arch }}'
208
209 - name: Upload snap to candidate channel
210 env:
211 SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
212 run: snapcraft upload --release=candidate *.snap