Skip to content

Implement Provider Actuation #18

Implement Provider Actuation

Implement Provider Actuation #18

# /********************************************************************************
# * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
# *
# * See the NOTICE file(s) distributed with this work for additional
# * information regarding copyright ownership.
# *
# * This program and the accompanying materials are made available under the
# * terms of the Apache License 2.0 which is available at
# * http://www.apache.org/licenses/LICENSE-2.0
# *
# * SPDX-License-Identifier: Apache-2.0
# ********************************************************************************/
name: Build kuksa-databroker-cli
on:
push:
branches: [ main ]
pull_request:
paths:
- ".github/workflows/kuksa_databroker-cli_build.yml"
- "**"
- "proto/**"
- "Cargo.*"
- "Cross.toml"
workflow_call:
secrets:
QUAY_IO_TOKEN:
required: true
QUAY_IO_USERNAME:
required: true
workflow_dispatch:
# suffix to avoid cancellation when running from release workflow
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}-databroker-cli
cancel-in-progress: true
# Needed as default_workflow_permissions is "read"
permissions:
packages: write
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.cargo/.crates.toml
~/.cargo/.crates2.json
target/
key: databroker-cli-lint-${{ hashFiles('**/Cargo.lock') }}
- name: cargo fmt
working-directory: ${{github.workspace}}
run: cargo fmt -- --check
- name: cargo clippy
working-directory: ${{github.workspace}}
run: cargo clippy --all-targets -- -W warnings -D warnings
check_ghcr_push:
name: Check access rights
uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@4
secrets: inherit
build:
name: Build databroker-cli
runs-on: ubuntu-latest
env:
CARGO_TERM_COLOR: always
strategy:
matrix:
platform:
- name: amd64
- name: arm64
- name: riscv64
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.cargo/.crates.toml
~/.cargo/.crates2.json
~/.cache/pip/
target-*/
key: databroker-cli-release-${{ matrix.platform.name }}-${{ hashFiles('**/Cargo.lock') }}
- name: Install build prerequisites
working-directory: ${{github.workspace}}/
run: |
cargo install cross cargo-license cargo-cyclonedx
pip install "git+https://github.com/eclipse-kuksa/kuksa-common.git@v1#subdirectory=sbom-tools"
- name: Build
working-directory: ${{github.workspace}}
env:
KUKSA_DATABROKERCLI_SBOM: y
run: |
./scripts/build-databroker-cli.sh ${{ matrix.platform.name }}
- name: "Archiving artifacts"
shell: bash
working-directory: ${{github.workspace}}/dist/${{ matrix.platform.name }}
run: |
tar -czf ../databroker-cli-${{ matrix.platform.name }}.tar.gz *
- name: "Uploading artifacts"
uses: actions/upload-artifact@v4
with:
name: databroker-cli-${{ matrix.platform.name }}
path: ${{github.workspace}}/dist/databroker-cli-${{ matrix.platform.name}}.tar.gz
if-no-files-found: error
create-container:
name: Create multiarch container
runs-on: ubuntu-latest
needs: [build, check_ghcr_push]
steps:
- uses: actions/checkout@v4
- name: Retrieve artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
pattern: databroker-cli*
merge-multiple: true
- name: Unpack binaries
run: |
mkdir -p dist/amd64 dist/arm64 dist/riscv64
tar xf artifacts/databroker-cli-arm64.tar.gz -C dist/arm64
tar xf artifacts/databroker-cli-amd64.tar.gz -C dist/amd64
tar xf artifacts/databroker-cli-riscv64.tar.gz -C dist/riscv64
- name: Set container metadata
id: meta
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base name for tags
images: |
ghcr.io/eclipse-kuksa/kuksa-databroker-cli
quay.io/eclipse-kuksa/kuksa-databroker-cli
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Log in to ghcr.io container registry
if: needs.check_ghcr_push.outputs.push == 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to quay.io container registry
if: needs.check_ghcr_push.outputs.push == 'true'
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_IO_USERNAME }}
password: ${{ secrets.QUAY_IO_TOKEN }}
- name: Build kuksa-databroker-cli container and push to ghcr.io, quay.io and ttl.sh
id: ghcr-build
if: needs.check_ghcr_push.outputs.push == 'true'
uses: docker/build-push-action@v5
with:
platforms: |
linux/amd64
linux/arm64
linux/riscv64
file: ./scripts/Dockerfile-cli
context: .
push: true
tags: |
${{ steps.meta.outputs.tags }}
ttl.sh/eclipse-kuksa/kuksa-databroker-cli-${{github.sha}}
labels: ${{ steps.meta.outputs.labels }}
# Provenance to solve that an unknown/unkown image is shown on ghcr.io
# Same problem as described in https://github.com/orgs/community/discussions/45969
provenance: false
- name: Build ephemeral kuksa-databroker-cli container and push to ttl.sh
if: needs.check_ghcr_push.outputs.push == 'false'
id: tmp-build
uses: docker/build-push-action@v5
with:
platforms: |
linux/amd64
linux/arm64
linux/riscv64
file: ./scripts/Dockerfile-cli
context: .
push: true
tags: "ttl.sh/eclipse-kuksa/kuksa-databroker-cli-${{github.sha}}"
labels: ${{ steps.meta.outputs.labels }}
# Provenance to solve that an unknown/unkown image is shown on ghcr.io
# Same problem as described in https://github.com/orgs/community/discussions/45969
provenance: false
- name: Posting message
uses: eclipse-kuksa/kuksa-actions/post-container-location@4
with:
image: ttl.sh/eclipse-kuksa/kuksa-databroker-cli-${{github.sha}}
bom:
name: License Compliance Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: databroker-cli-bom-${{ hashFiles('**/Cargo.lock') }}
# Follows the pattern from
# https://github.com/eclipse/dash-licenses?tab=readme-ov-file#example-rustcargo
- name: "Using cargo to create Dash input"
working-directory: ${{github.workspace}}/
# target all is not really needed, and will also return i.e. wasm deps, however
# better safe than sorry, the alternative would be running this for each currently
# built target and combining the lists, but that would need adapting, when
# adding targets, or also when i.e. switching between MUSL/glibc. So this is safer
run: |
cargo tree -e normal --prefix none --no-dedupe -p databroker-cli --target all --all-features > ${{github.workspace}}/cargodeps
cat ${{github.workspace}}/cargodeps | sort -u \
| grep -v '^[[:space:]]*$' | grep -v kuksa | grep -v databroker \
| sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \
> ${{github.workspace}}/dash-databrokercli-deps
- name: Dash license check
uses: eclipse-kuksa/kuksa-actions/check-dash@4
with:
dashinput: ${{github.workspace}}/dash-databrokercli-deps
dashtoken: ${{ secrets.ECLIPSE_GITLAB_API_TOKEN }}