release: provide zip for release

[PastaPastaPasta]

This provides attested to zips as release artifacts as opposed to raw binaries.

You can see a build in my repo here: https://github.com/PastaPastaPasta/dash-evo-tool/actions/runs/11451944148

Note that my repo excluded arm64 (as GitHub doesn't provide those runners), so that part is untested. Additionally, my run doesn't actually publish the release as I haven't setup a "GITHUB_SECRET" as was done in this repo. Should work, but needs to be tested in this repo / with arm64 linux

Summary by CodeRabbit

• New Features

  • Enhanced GitHub Actions workflow for improved release process of the Dash Evo Tool.
  • Introduced caching for the Cargo registry and setup of prerequisites.
  • New packaging step to create zip files for the built tool.

• Improvements

  • Updated platform identifiers for better clarity and organization.
  • Streamlined installation commands for various architectures.
  • Refined artifact upload and download steps with standardized naming conventions.

[coderabbitai]

Walkthrough

The changes in the .github/workflows/release.yml file enhance the GitHub Actions workflow for the Dash Evo Tool. Key modifications include the addition of a permissions section, updates to the job matrix for platform identifiers, and new steps for caching the Cargo registry and setting up prerequisites. The build process has been refined to organize output files, and a new packaging step has been introduced. Artifact upload and download steps have been updated to reflect new naming conventions, improving the overall clarity and organization of the workflow.

Changes

File	Change Summary
.github/workflows/release.yml	- Added permissions for id-token and attestations.
	- Updated job matrix platform identifiers (e.g., amd64 to amd64-linux).
	- Added steps: Cache Cargo registry, Setup prerequisites, and Package release.
	- Updated artifact upload step with new zip file names.
	- Updated download artifact steps to use new names.

Poem

In the meadow where the code does flow,
A rabbit hops where the changes grow.
With permissions granted, the tools align,
Packaging magic, all in good time.
Zip files ready, the artifacts gleam,
Hooray for the workflow, a coder's dream! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/workflows/release.yml (2)

Line range hint 92-113: Consider refactoring protoc installation steps.

The protoc installation steps contain duplicated logic that could be simplified using a composite action or a shared script.

Create a composite action install-protoc.yml:

name: 'Install Protoc'
description: 'Installs Protocol Buffers compiler'
inputs:
  arch:
    description: 'Architecture identifier (linux-x86_64, linux-aarch_64, osx-x86_64, osx-aarch_64)'
    required: true
runs:
  using: 'composite'
  steps:
    - shell: bash
      run: |
        PROTOC_VERSION="25.2"
        curl -OL "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-${{ inputs.arch }}.zip"
        sudo unzip -o "protoc-${PROTOC_VERSION}-${{ inputs.arch }}.zip" -d /usr/local bin/protoc
        sudo unzip -o "protoc-${PROTOC_VERSION}-${{ inputs.arch }}.zip" -d /usr/local 'include/*'
        rm -f "protoc-${PROTOC_VERSION}-${{ inputs.arch }}.zip"

---

Line range hint 147-179: Consider adding release type configuration.

The release is always marked as prerelease, which might not be desired for stable releases. Consider making this configurable based on the tag format or workflow input.

Update the release configuration:

       with:
         tag_name: ${{ github.event.inputs.tag }}
         files: |
           ./dash-evo-tool-amd64-linux.zip
           ./dash-evo-tool-arm64-linux.zip
           ./dash-evo-tool-amd64-mac.zip
           ./dash-evo-tool-arm64-mac.zip
           ./dash-evo-tool-windows.zip
         draft: false
-        prerelease: true
+        prerelease: ${{ !startsWith(github.event.inputs.tag, 'v') || contains(github.event.inputs.tag, '-dev') }}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 0b155a2 and 386ba7f.

📒 Files selected for processing (1)

• .github/workflows/release.yml (6 hunks)

🔇 Additional comments (5)

.github/workflows/release.yml (5)

17-20: LGTM: Required permissions for build attestation.

The added permissions are correctly configured for generating attested release artifacts.

---

55-65: LGTM: Efficient caching configuration.

The Cargo registry caching is well-configured and will significantly improve build times.

---

127-140: LGTM: Well-structured packaging and attestation.

The packaging and attestation steps are correctly configured to provide verified release artifacts. The zip files include all necessary components and are properly attested using GitHub's official action.

---

67-72: Verify environment configuration.

The setup copies .env.example to .env. Ensure that the example environment file contains safe default values suitable for releases.

#!/bin/bash
# Check .env.example for sensitive information or placeholder values
if [ -f ".env.example" ]; then
    echo "Contents of .env.example:"
    cat .env.example
fi

---

30-42: Verify ARM64 build configuration.

The ARM64 build is configured to use a self-hosted runner with specific tags. As mentioned in the PR description, ARM64 support needs testing in the original repository.

[ktechmidas]

LGTM