diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 46dd5dd..a32410e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,11 +36,11 @@ jobs: matrix: include: - os: ubuntu-latest - target: x86_64-unknown-linux-gnu + target: x86_64-unknown-linux-musl arch_name: linux_amd64 ext: tar.gz - os: ubuntu-latest - target: aarch64-unknown-linux-gnu + target: aarch64-unknown-linux-musl arch_name: linux_arm64 ext: tar.gz - os: macos-latest @@ -67,29 +67,33 @@ jobs: with: targets: ${{ matrix.target }} - - name: Install aarch64 linux toolchain - if: matrix.target == 'aarch64-unknown-linux-gnu' - run: | - sudo apt-get update - sudo apt-get install -y gcc-aarch64-linux-gnu + - name: Install cross + if: runner.os == 'Linux' + uses: taiki-e/install-action@v2 + with: + tool: cross - - name: Configure aarch64 linux linker - if: matrix.target == 'aarch64-unknown-linux-gnu' + - name: Build release (Linux musl) + if: runner.os == 'Linux' run: | - mkdir -p .cargo - cat > .cargo/config.toml <<'EOF' - [target.aarch64-unknown-linux-gnu] - linker = "aarch64-linux-gnu-gcc" - ar = "aarch64-linux-gnu-ar" - EOF - echo "CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV" - echo "AR_aarch64_unknown_linux_gnu=aarch64-linux-gnu-ar" >> "$GITHUB_ENV" - echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV" + cross build --release --locked --target ${{ matrix.target }} - name: Build release + if: runner.os != 'Linux' run: | cargo build --release --locked --target ${{ matrix.target }} + - name: Verify Linux binary is fully static + if: runner.os == 'Linux' + shell: bash + run: | + set -euxo pipefail + BIN="target/${{ matrix.target }}/release/sshpod" + readelf -d "$BIN" > dynamic-deps.txt + ! grep -F "Shared library:" dynamic-deps.txt + readelf -l "$BIN" > program-headers.txt + ! grep -F "Requesting program interpreter" program-headers.txt + - name: Verify dynamic dependencies (unix) if: runner.os != 'Windows' shell: bash