-
Notifications
You must be signed in to change notification settings - Fork 11
134 lines (124 loc) · 4.67 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Release
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "v*.*.*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
strategy:
matrix:
platform:
- host: ubuntu-latest
target: x86_64-unknown-linux-musl
test-bin: ./result/bin/drawbridge --help
test-oci: |
docker load < ./result
docker run --rm drawbridge:$(nix eval --raw .#drawbridge-x86_64-unknown-linux-musl-oci.imageTag) drawbridge --help
- host: ubuntu-latest
target: aarch64-unknown-linux-musl
test-bin: nix shell --inputs-from . 'nixpkgs#qemu' -c qemu-aarch64 ./result/bin/drawbridge --help
test-oci: docker load < ./result
# TODO: Run the aarch64 binary within OCI
runs-on: ${{ matrix.platform.host }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- uses: cachix/cachix-action@v14
with:
name: enarx
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix build -L --show-trace '.#drawbridge-${{ matrix.platform.target }}'
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result/bin/drawbridge "drawbridge-${{ matrix.platform.target }}"
- uses: actions/upload-artifact@v4
with:
name: drawbridge-${{ matrix.platform.target }}
path: drawbridge-${{ matrix.platform.target }}
- run: ${{ matrix.platform.test-bin }}
- run: nix build -L --show-trace '.#drawbridge-${{ matrix.platform.target }}-oci'
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result "drawbridge-${{ matrix.platform.target }}-oci"
- uses: actions/upload-artifact@v4
with:
name: drawbridge-${{ matrix.platform.target }}-oci
path: drawbridge-${{ matrix.platform.target }}-oci
- run: ${{ matrix.platform.test-oci }}
push_oci:
needs: build
permissions:
actions: read
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: drawbridge-aarch64-unknown-linux-musl-oci
- uses: actions/download-artifact@v4
with:
name: drawbridge-x86_64-unknown-linux-musl-oci
- run: skopeo copy docker-archive:./drawbridge-aarch64-unknown-linux-musl-oci containers-storage:localhost/drawbridge:aarch64
- run: skopeo copy docker-archive:./drawbridge-x86_64-unknown-linux-musl-oci containers-storage:localhost/drawbridge:x86_64
- run: podman image ls
- run: podman manifest create drawbridge:manifest
- run: podman manifest add drawbridge:manifest containers-storage:localhost/drawbridge:aarch64 --arch=arm64
- run: podman manifest add drawbridge:manifest containers-storage:localhost/drawbridge:x86_64 --arch=amd64
- run: podman manifest inspect drawbridge:manifest
- name: metadata
id: metadata
uses: docker/metadata-action@v5
with:
images: ghcr.io/profianinc/drawbridge
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
sep-tags: " "
- name: add tags
if: github.event_name == 'push'
run: podman tag drawbridge:manifest ${{ steps.metadata.outputs.tags }}
- name: push to GitHub Packages
if: github.event_name == 'push'
uses: redhat-actions/push-to-registry@v2
with:
tags: ${{ steps.metadata.outputs.tags }}
username: ${{ github.actor }}
password: ${{ github.token }}
release:
needs: build
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: drawbridge-aarch64-unknown-linux-musl
- uses: actions/download-artifact@v4
with:
name: drawbridge-aarch64-unknown-linux-musl-oci
- uses: actions/download-artifact@v4
with:
name: drawbridge-x86_64-unknown-linux-musl
- uses: actions/download-artifact@v4
with:
name: drawbridge-x86_64-unknown-linux-musl-oci
- uses: softprops/action-gh-release@v1
with:
draft: true
prerelease: true
files: |
drawbridge-aarch64-unknown-linux-musl
drawbridge-aarch64-unknown-linux-musl-oci
drawbridge-x86_64-unknown-linux-musl
drawbridge-x86_64-unknown-linux-musl-oci