pulseengine · avrabe · Mar 15, 2026 · Mar 15, 2026
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,9 +1,8 @@
-name: Release Test Evidence
+name: Release
 
 on:
   push:
-    tags:
-      - "v*"
+    tags: ["v*"]
 
 permissions:
   contents: write
@@ -12,92 +11,130 @@
   CARGO_TERM_COLOR: always
 
 jobs:
-  test-evidence:
-    name: Build Test Evidence Bundle
+  build-binaries:
+    name: Build ${{ matrix.target }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        include:
+          - { target: x86_64-unknown-linux-gnu, os: ubuntu-latest, archive: tar.gz }
+          - { target: aarch64-unknown-linux-gnu, os: ubuntu-latest, archive: tar.gz, cross: true }
+          - { target: x86_64-apple-darwin, os: macos-14, archive: tar.gz }
+          - { target: aarch64-apple-darwin, os: macos-latest, archive: tar.gz }
+          - { target: x86_64-pc-windows-msvc, os: windows-latest, archive: zip }
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@stable
+        with: { targets: "${{ matrix.target }}" }
+      - uses: Swatinem/rust-cache@v2
+        with: { key: "release-${{ matrix.target }}" }
+      - name: Install cross
+        if: matrix.cross
+        run: cargo install cross --git https://github.com/cross-rs/cross
+      - name: Build (native)
+        if: ${{ !matrix.cross }}
+        run: cargo build --release --target ${{ matrix.target }} -p rivet-cli
+      - name: Build (cross)
+        if: matrix.cross
+        run: cross build --release --target ${{ matrix.target }} -p rivet-cli
+      - name: Strip binary
+        if: runner.os != 'Windows'
+        run: strip "target/${{ matrix.target }}/release/rivet" 2>/dev/null || true
+      - name: Package (tar.gz)
+        if: matrix.archive == 'tar.gz'
+        env: { TARGET: "${{ matrix.target }}" }
+        run: |
+          VERSION="${GITHUB_REF#refs/tags/}"
+          mkdir -p staging && cp "target/${TARGET}/release/rivet" staging/
+          tar -czf "rivet-${VERSION}-${TARGET}.tar.gz" -C staging .
+          echo "ARCHIVE=rivet-${VERSION}-${TARGET}.tar.gz" >> "$GITHUB_ENV"
+      - name: Package (zip)
+        if: matrix.archive == 'zip'
+        shell: bash
+        env: { TARGET: "${{ matrix.target }}" }
+        run: |
+          VERSION="${GITHUB_REF#refs/tags/}"
+          mkdir -p staging && cp "target/${TARGET}/release/rivet.exe" staging/
+          cd staging && 7z a "../rivet-${VERSION}-${TARGET}.zip" . && cd ..
+          echo "ARCHIVE=rivet-${VERSION}-${TARGET}.zip" >> "$GITHUB_ENV"
+      - uses: actions/upload-artifact@v4
+        with: { name: "binary-${{ matrix.target }}", path: "${{ env.ARCHIVE }}" }
+
+  build-compliance:
+    name: Build compliance report
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      - id: report
+        uses: ./.github/actions/compliance
+        with: { theme: dark }
+      - uses: actions/upload-artifact@v4
+        with: { name: compliance-report, path: "${{ steps.report.outputs.archive-path }}" }
+
+  build-test-evidence:
+    name: Build test evidence
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
       - uses: dtolnay/rust-toolchain@nightly
-        with:
-          components: llvm-tools-preview
-
+        with: { components: llvm-tools-preview, targets: wasm32-wasip2 }
       - uses: Swatinem/rust-cache@v2
-
-      # Install tools: cargo-nextest for JUnit XML, cargo-llvm-cov for coverage
-      - name: Install cargo-nextest and cargo-llvm-cov
-        uses: taiki-e/install-action@v2
-        with:
-          tool: cargo-nextest,cargo-llvm-cov
-
-      # ── 1. Test suite with JUnit XML output ─────────────────────────────
-      - name: Run tests with JUnit XML output
+      - uses: taiki-e/install-action@v2
+        with: { tool: "cargo-nextest,cargo-llvm-cov" }
+      - name: Build spar WASM assets
+        run: |
+          git clone --depth 1 https://github.com/pulseengine/spar.git ../spar
+          npm install -g @bytecodealliance/jco
+          ./scripts/build-wasm.sh ../spar
+      - name: Tests (JUnit XML)
         run: |
           mkdir -p test-evidence/test-results
           cargo nextest run --all --profile ci
           cp target/nextest/ci/junit.xml test-evidence/test-results/junit.xml
-
-      # ── 2. Code coverage (LCOV) ────────────────────────────────────────
-      - name: Generate code coverage (LCOV)
+      - name: Coverage (LCOV)
         run: |
           mkdir -p test-evidence/coverage
           cargo llvm-cov --all-features --workspace --lcov --output-path test-evidence/coverage/lcov.info
           cargo llvm-cov report --workspace > test-evidence/coverage/summary.txt
-
-      # ── 3. Benchmarks (criterion HTML reports) ─────────────────────────
-      - name: Run criterion benchmarks
+      - name: Benchmarks
         run: |
           cargo bench --bench core_benchmarks -- --output-format=criterion
           mkdir -p test-evidence/benchmarks
           cp -r target/criterion/* test-evidence/benchmarks/ 2>/dev/null || true
-
-      # ── 4. Rivet validate ──────────────────────────────────────────────
-      - name: Run rivet validate
+      - name: Validate
         run: |
           mkdir -p test-evidence/validation
-          set +e
-          cargo run --release -- validate > test-evidence/validation/validate-output.txt 2>&1
-          rc=$?
-          set -e
-          echo "" >> test-evidence/validation/validate-output.txt
-          echo "exit_code=${rc}" >> test-evidence/validation/validate-output.txt
-
-      # ── 5. Metadata ────────────────────────────────────────────────────
-      - name: Generate metadata.json
+          cargo run --release -- validate > test-evidence/validation/output.txt 2>&1 || true
+      - name: Metadata
         run: |
           TAG="${GITHUB_REF#refs/tags/}"
-          RUST_VERSION="$(rustc --version)"
-          OS_INFO="$(uname -srm)"
-          TIMESTAMP="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
-
-          jq -n \
-            --arg tag "${TAG}" \
-            --arg commit "${GITHUB_SHA}" \
-            --arg timestamp "${TIMESTAMP}" \
-            --arg rust_version "${RUST_VERSION}" \
-            --arg os "${OS_INFO}" \
-            '{tag: $tag, commit: $commit, timestamp: $timestamp, rust_version: $rust_version, os: $os}' \
-            > test-evidence/metadata.json
-
-      # ── 6. Package everything ──────────────────────────────────────────
-      - name: Package test evidence tarball
-        id: package
+          jq -n --arg t "${TAG}" --arg c "${GITHUB_SHA}" --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+            '{tag: $t, commit: $c, timestamp: $ts, rust: "'"$(rustc --version)"'"}' > test-evidence/metadata.json
+      - name: Package
         run: |
-          TAG="${GITHUB_REF#refs/tags/}"
-          ARCHIVE="test-evidence-${TAG}.tar.gz"
-          tar czf "${ARCHIVE}" test-evidence/
-          echo "archive=${ARCHIVE}" >> "$GITHUB_OUTPUT"
-          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
-
-      # ── 7. Create GitHub Release with asset ────────────────────────────
-      - name: Create GitHub Release
+          VERSION="${GITHUB_REF#refs/tags/}"
+          tar czf "rivet-${VERSION}-test-evidence.tar.gz" test-evidence/
+      - uses: actions/upload-artifact@v4
+        with: { name: test-evidence, path: "rivet-*-test-evidence.tar.gz" }
+
+  create-release:
+    name: Create GitHub Release
+    needs: [build-binaries, build-compliance, build-test-evidence]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/download-artifact@v4
+        with: { path: artifacts }
+      - name: Collect and checksum
+        run: |
+          mkdir -p release
+          find artifacts -type f \( -name "*.tar.gz" -o -name "*.zip" \) -exec mv {} release/ \;
+          cd release && sha256sum * > SHA256SUMS.txt && cat SHA256SUMS.txt
+      - name: Create Release
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          TAG="${{ steps.package.outputs.tag }}"
-          ARCHIVE="${{ steps.package.outputs.archive }}"
-
-          gh release create "${TAG}" \
-            --title "Release ${TAG}" \
-            --generate-notes \
-            "${ARCHIVE}#Test Evidence (tar.gz)"
+          VERSION="${GITHUB_REF#refs/tags/}"
+          gh release create "$VERSION" --title "Rivet $VERSION" --generate-notes release/*