Skip to main content

GitHub Action

Inputs and outputs exposed by the anodizer-action GitHub Action.

GitHub Action

The action lives at tj-smith47/anodizer-action. Each row maps to a single Action input.

Live configuration

Three excerpts from cfgd's release.yml (snapshot 2026-05-24) cover every input in the table below.

# 1. Resolve job — picks the affected workspace per tag, uses install-only
#    to install anodizer without running a release.
- uses: tj-smith47/anodizer-action@v1
  id: anodizer
  with:
    from-artifact: anodizer-linux
    artifact-run-id: auto
    artifact-workflow: ci.yml
    resolve-workspace: 'true'
    install-only: 'true'

# 2. Split build job — per-OS matrix, builds artifacts and uploads dist/.
- name: Run anodizer release --split
  uses: tj-smith47/anodizer-action@v1
  with:
    from-artifact: ${{ matrix.anodizer_artifact }}
    artifact-run-id: auto
    artifact-workflow: ci.yml
    install: zig,cargo-zigbuild,upx
    upload-dist: 'true'
    args: release --verbose --debug --strict --split --clean --crate ${{ needs.resolve.outputs.workspace }}

# 3. Final release job — merges split artifacts, publishes everything.
- name: Run anodizer release
  uses: tj-smith47/anodizer-action@v1
  with:
    from-artifact: anodizer-linux
    artifact-run-id: auto
    artifact-workflow: ci.yml
    install: nfpm,makeself,snapcraft,rpmbuild,cosign
    download-dist: ${{ needs.resolve.outputs.has-builds }}
    docker-registry: ghcr.io
    docker-password: ${{ secrets.GITHUB_TOKEN }}
    gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
InputStatusNotes
from-source✅ Verifiedcfgd release.yml (from-source: true in split-build jobs)
install-rust✅ Verifiedanodizer release.yml (uses: dtolnay/rust-toolchain@stable in the release job)
args✅ Verifiedanodizer release.yml (args: release --publish-only)
preserve-dist✅ Verifiedanodizer release.yml (preserve-dist: 'true' in determinism-check shards)
shard-label✅ Verifiedanodizer release.yml (shard-label: ${{ matrix.shard }} per matrix entry)
from-artifact✅ Verifiedcfgd release.yml (from-artifact: anodizer-linux)
artifact-run-id✅ Verifiedcfgd release.yml (artifact-run-id: auto)
artifact-workflow✅ Verifiedcfgd release.yml (artifact-workflow: ci.yml)
install✅ Verifiedcfgd release.yml (install: nfpm,makeself,snapcraft,rpmbuild,cosign + zig,cargo-zigbuild,upx)
gpg-private-key✅ Verifiedcfgd release.yml (gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }})
docker-registry✅ Verifiedcfgd release.yml (docker-registry: ghcr.io)
docker-password✅ Verifiedcfgd release.yml (docker-password: ${{ secrets.GITHUB_TOKEN }})
upload-dist✅ Verifiedcfgd release.yml (upload-dist: 'true' in split build job)
download-dist✅ Verifiedcfgd release.yml (download-dist: ${{ needs.resolve.outputs.has-builds }})
resolve-workspace✅ Verifiedcfgd release.yml (resolve-workspace: 'true' in resolve job)
version✅ Verifiedanodizer release.yml (default "latest" used in installations not specifying from-artifact; accepts exact tag, "latest", or "nightly")
from-branch🟡 In progressanodizer nightly.yml (from-branch: master — anodizer's own nightly builds the action from the live branch tip before any tag exists; runs via workflow_dispatch, no green end-to-end nightly yet)
auto-install✅ Verifiedcfgd determinism-shards.yml and cfgd release.yml (auto-install: 'true')
docker-username🤝 Help wantedaction.yml (registry username; defaults to github.actor). All live workflows rely on the default; explicit override unexercised
apk-private-key✅ Verifiedcfgd nightly.yml (apk-private-key: ${{ secrets.APK_PRIVATE_KEY }} — signs nfpm apk packages on every nightly build)
cosign-key🤝 Help wantedaction.yml (cosign private key for keyful signing; COSIGN_KEY / COSIGN_PASSWORD env). All live workflows use keyless OIDC signing; keyful path unexercised
workdir🤝 Help wantedaction.yml (working directory below repo root; default .). All live workflows use the default; non-root workdir unexercised
install-only✅ Verifiedcfgd release.yml (install-only: 'true' in the resolve job)
determinism✅ Verifiedanodizer release.yml and cfgd determinism-shards.yml (determinism: 'true' per shard)
determinism-runs⏳ PendingLive shards run with the default "2"; explicit --runs=N override unexercised
determinism-stages⏳ PendingLive shards use platform-derived stage defaults; explicit CSV override unexercised
determinism-targets✅ Verifiedcfgd determinism-shards.yml (determinism-targets: ${{ matrix.shard.targets }} — explicit target CSV from the shard matrix)
determinism-crate✅ Verifiedcfgd determinism-shards.yml (determinism-crate: ${{ inputs.crate }} — scopes each shard to one workspace crate)

Outputs

OutputStatusNotes
artifacts✅ Verifiedanodizer release.yml (contents of dist/artifacts.json)
metadata✅ Verifiedanodizer release.yml (contents of dist/metadata.json)
release-url✅ Verifiedanodizer release.yml (GitHub release URL extracted from metadata)
workspace✅ Verifiedcfgd release.yml (crate name resolved from triggering tag; requires resolve-workspace: true)
crate-path✅ Verifiedcfgd release.yml (path to resolved crate directory; requires resolve-workspace: true)
has-builds✅ Verifiedcfgd release.yml (download-dist: ${{ needs.resolve.outputs.has-builds }} — gates the merge job on whether the crate has binary builds)
split-matrix✅ Verifiedcfgd release.yml (JSON strategy.matrix for split build jobs; each entry has os, target, artifact; produced when install-only: true)
crates✅ Verifiedanodizer release.yml (JSON array of crate names tagged this run; drives per-crate downstream matrix strategies)
versions✅ Verifiedanodizer release.yml (JSON object mapping crate name → bumped version)
new-tag✅ Verifiedanodizer release.yml (tag cut this run, e.g. v1.2.3; empty on no-op)
old-tag✅ Verifiedanodizer release.yml (previous tag bumped from; empty on first release)
part✅ Verifiedanodizer release.yml (semver part bumped: major | minor | patch | none | custom)
tagged✅ Verifiedanodizer release.yml ('true' when a new tag was cut; gate downstream release jobs on this)
head-sha✅ Verifiedanodizer release.yml (commit SHA at HEAD after tag --push; check this out in downstream jobs so the tree matches the tag)