Implement Provider Actuation #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /******************************************************************************** | |
# * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation | |
# * | |
# * See the NOTICE file(s) distributed with this work for additional | |
# * information regarding copyright ownership. | |
# * | |
# * This program and the accompanying materials are made available under the | |
# * terms of the Apache License 2.0 which is available at | |
# * http://www.apache.org/licenses/LICENSE-2.0 | |
# * | |
# * SPDX-License-Identifier: Apache-2.0 | |
# ********************************************************************************/ | |
name: Build kuksa-databroker-cli | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
paths: | |
- ".github/workflows/kuksa_databroker-cli_build.yml" | |
- "**" | |
- "proto/**" | |
- "Cargo.*" | |
- "Cross.toml" | |
workflow_call: | |
secrets: | |
QUAY_IO_TOKEN: | |
required: true | |
QUAY_IO_USERNAME: | |
required: true | |
workflow_dispatch: | |
# suffix to avoid cancellation when running from release workflow | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }}-databroker-cli | |
cancel-in-progress: true | |
# Needed as default_workflow_permissions is "read" | |
permissions: | |
packages: write | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
~/.cargo/.crates.toml | |
~/.cargo/.crates2.json | |
target/ | |
key: databroker-cli-lint-${{ hashFiles('**/Cargo.lock') }} | |
- name: cargo fmt | |
working-directory: ${{github.workspace}} | |
run: cargo fmt -- --check | |
- name: cargo clippy | |
working-directory: ${{github.workspace}} | |
run: cargo clippy --all-targets -- -W warnings -D warnings | |
check_ghcr_push: | |
name: Check access rights | |
uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@4 | |
secrets: inherit | |
build: | |
name: Build databroker-cli | |
runs-on: ubuntu-latest | |
env: | |
CARGO_TERM_COLOR: always | |
strategy: | |
matrix: | |
platform: | |
- name: amd64 | |
- name: arm64 | |
- name: riscv64 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
~/.cargo/.crates.toml | |
~/.cargo/.crates2.json | |
~/.cache/pip/ | |
target-*/ | |
key: databroker-cli-release-${{ matrix.platform.name }}-${{ hashFiles('**/Cargo.lock') }} | |
- name: Install build prerequisites | |
working-directory: ${{github.workspace}}/ | |
run: | | |
cargo install cross cargo-license cargo-cyclonedx | |
pip install "git+https://github.com/eclipse-kuksa/kuksa-common.git@v1#subdirectory=sbom-tools" | |
- name: Build | |
working-directory: ${{github.workspace}} | |
env: | |
KUKSA_DATABROKERCLI_SBOM: y | |
run: | | |
./scripts/build-databroker-cli.sh ${{ matrix.platform.name }} | |
- name: "Archiving artifacts" | |
shell: bash | |
working-directory: ${{github.workspace}}/dist/${{ matrix.platform.name }} | |
run: | | |
tar -czf ../databroker-cli-${{ matrix.platform.name }}.tar.gz * | |
- name: "Uploading artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: databroker-cli-${{ matrix.platform.name }} | |
path: ${{github.workspace}}/dist/databroker-cli-${{ matrix.platform.name}}.tar.gz | |
if-no-files-found: error | |
create-container: | |
name: Create multiarch container | |
runs-on: ubuntu-latest | |
needs: [build, check_ghcr_push] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Retrieve artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: artifacts | |
pattern: databroker-cli* | |
merge-multiple: true | |
- name: Unpack binaries | |
run: | | |
mkdir -p dist/amd64 dist/arm64 dist/riscv64 | |
tar xf artifacts/databroker-cli-arm64.tar.gz -C dist/arm64 | |
tar xf artifacts/databroker-cli-amd64.tar.gz -C dist/amd64 | |
tar xf artifacts/databroker-cli-riscv64.tar.gz -C dist/riscv64 | |
- name: Set container metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
# list of Docker images to use as base name for tags | |
images: | | |
ghcr.io/eclipse-kuksa/kuksa-databroker-cli | |
quay.io/eclipse-kuksa/kuksa-databroker-cli | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
- name: Setup Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to ghcr.io container registry | |
if: needs.check_ghcr_push.outputs.push == 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to quay.io container registry | |
if: needs.check_ghcr_push.outputs.push == 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_IO_USERNAME }} | |
password: ${{ secrets.QUAY_IO_TOKEN }} | |
- name: Build kuksa-databroker-cli container and push to ghcr.io, quay.io and ttl.sh | |
id: ghcr-build | |
if: needs.check_ghcr_push.outputs.push == 'true' | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
linux/riscv64 | |
file: ./scripts/Dockerfile-cli | |
context: . | |
push: true | |
tags: | | |
${{ steps.meta.outputs.tags }} | |
ttl.sh/eclipse-kuksa/kuksa-databroker-cli-${{github.sha}} | |
labels: ${{ steps.meta.outputs.labels }} | |
# Provenance to solve that an unknown/unkown image is shown on ghcr.io | |
# Same problem as described in https://github.com/orgs/community/discussions/45969 | |
provenance: false | |
- name: Build ephemeral kuksa-databroker-cli container and push to ttl.sh | |
if: needs.check_ghcr_push.outputs.push == 'false' | |
id: tmp-build | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
linux/riscv64 | |
file: ./scripts/Dockerfile-cli | |
context: . | |
push: true | |
tags: "ttl.sh/eclipse-kuksa/kuksa-databroker-cli-${{github.sha}}" | |
labels: ${{ steps.meta.outputs.labels }} | |
# Provenance to solve that an unknown/unkown image is shown on ghcr.io | |
# Same problem as described in https://github.com/orgs/community/discussions/45969 | |
provenance: false | |
- name: Posting message | |
uses: eclipse-kuksa/kuksa-actions/post-container-location@4 | |
with: | |
image: ttl.sh/eclipse-kuksa/kuksa-databroker-cli-${{github.sha}} | |
bom: | |
name: License Compliance Check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: databroker-cli-bom-${{ hashFiles('**/Cargo.lock') }} | |
# Follows the pattern from | |
# https://github.com/eclipse/dash-licenses?tab=readme-ov-file#example-rustcargo | |
- name: "Using cargo to create Dash input" | |
working-directory: ${{github.workspace}}/ | |
# target all is not really needed, and will also return i.e. wasm deps, however | |
# better safe than sorry, the alternative would be running this for each currently | |
# built target and combining the lists, but that would need adapting, when | |
# adding targets, or also when i.e. switching between MUSL/glibc. So this is safer | |
run: | | |
cargo tree -e normal --prefix none --no-dedupe -p databroker-cli --target all --all-features > ${{github.workspace}}/cargodeps | |
cat ${{github.workspace}}/cargodeps | sort -u \ | |
| grep -v '^[[:space:]]*$' | grep -v kuksa | grep -v databroker \ | |
| sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \ | |
> ${{github.workspace}}/dash-databrokercli-deps | |
- name: Dash license check | |
uses: eclipse-kuksa/kuksa-actions/check-dash@4 | |
with: | |
dashinput: ${{github.workspace}}/dash-databrokercli-deps | |
dashtoken: ${{ secrets.ECLIPSE_GITLAB_API_TOKEN }} |