feat: add binary + sha256 to GitHub Release artifacts

2026-04-12 08:00:32 +00:00 · 2026-02-24 12:14:29 +00:00
parent dd29707395
commit 3a6d3eeb9a
2 changed files with 35 additions and 7 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,7 +17,7 @@ jobs:
      packages: write

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4

      - name: Set up Rust
        run: |
@@ -52,7 +52,7 @@ jobs:
            type=raw,value=latest

      - name: Build and push (alpine)
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile
@@ -76,7 +76,7 @@ jobs:
            type=raw,value=redos

      - name: Build and push (redos)
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile.redos
@@ -120,7 +120,7 @@ jobs:
      # ── CVE scan of the pushed image ────────────────────────────────────────
      # Images are FROM scratch — no OS packages, only binary CVE scan
      - name: Trivy — image scan (${{ matrix.name }})
-        uses: aquasecurity/trivy-action@0.34.1
+        uses: aquasecurity/trivy-action@0.30.0
        with:
          scan-type: image
          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}${{ matrix.suffix }}
@@ -145,7 +145,7 @@ jobs:
      packages: read  # to pull image for SBOM generation

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4

      - name: Log in to Container Registry
        uses: docker/login-action@v3
@@ -158,6 +158,18 @@ jobs:
        id: ver
        run: echo "tag=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT

+      # ── Binary — extract from Docker image ──────────────────────────────────
+      - name: Extract binary from image
+        run: |
+          docker create --name nora-extract \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}
+          docker cp nora-extract:/nora ./nora-linux-amd64
+          docker rm nora-extract
+          chmod +x ./nora-linux-amd64
+          sha256sum ./nora-linux-amd64 > nora-linux-amd64.sha256
+          echo "Binary size: $(du -sh nora-linux-amd64 | cut -f1)"
+          cat nora-linux-amd64.sha256
+
      # ── SBOM — Software Bill of Materials ───────────────────────────────────
      - name: Generate SBOM (SPDX)
        uses: anchore/sbom-action@v0
@@ -178,13 +190,29 @@ jobs:
          registry-password: ${{ secrets.GITHUB_TOKEN }}

      - name: Create Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v1
        with:
          generate_release_notes: true
          files: |
+            nora-linux-amd64
+            nora-linux-amd64.sha256
            nora-${{ github.ref_name }}.sbom.spdx.json
            nora-${{ github.ref_name }}.sbom.cdx.json
          body: |
+            ## Install
+
+            ```bash
+            curl -fsSL https://getnora.io/install.sh | sh
+            ```
+
+            Or download the binary directly:
+
+            ```bash
+            curl -LO https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }}/nora-linux-amd64
+            chmod +x nora-linux-amd64
+            sudo mv nora-linux-amd64 /usr/local/bin/nora
+            ```
+
            ## Docker

            **Alpine (standard):**
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,7 +7,7 @@ members = [
 ]

 [workspace.package]
-version = "0.2.22"
+version = "0.2.23"
 edition = "2021"
 license = "MIT"
 authors = ["DevITWay <devitway@gmail.com>"]