-
Notifications
You must be signed in to change notification settings - Fork 10
161 lines (149 loc) · 5.38 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Release
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "v*.*.*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
strategy:
matrix:
platform:
- host: ubuntu-latest
target: aarch64-unknown-linux-musl
test-bin: nix shell --inputs-from . 'nixpkgs#qemu' -c qemu-aarch64 ./result/bin/steward --help
test-oci: docker load < ./result
# TODO: Run the aarch64 binary within OCI
- host: ubuntu-latest
target: wasm32-wasi
test-bin: nix run --inputs-from . 'nixpkgs#wasmtime' ./result/bin/steward -- --help
test-oci: docker load < ./result
# TODO: Execute the WASM binary within OCI
- host: ubuntu-latest
target: x86_64-unknown-linux-musl
test-bin: ./result/bin/steward --help
test-oci: |
docker load < ./result
docker run --rm steward:$(nix eval --raw .#steward-x86_64-unknown-linux-musl-oci.imageTag) steward --help
runs-on: ${{ matrix.platform.host }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@V27
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- uses: cachix/cachix-action@v14
with:
name: enarx
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix build -L --show-trace '.#steward-${{ matrix.platform.target }}'
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result/bin/steward "steward-${{ matrix.platform.target }}"
- uses: actions/upload-artifact@v4
with:
name: steward-${{ matrix.platform.target }}
path: steward-${{ matrix.platform.target }}
- run: ${{ matrix.platform.test-bin }}
- run: nix build -L --show-trace '.#steward-${{ matrix.platform.target }}-oci'
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result "steward-${{ matrix.platform.target }}-oci"
- uses: actions/upload-artifact@v4
with:
name: steward-${{ matrix.platform.target }}-oci
path: steward-${{ matrix.platform.target }}-oci
- run: ${{ matrix.platform.test-oci }}
test:
needs: build
strategy:
matrix:
host: [ ubuntu-latest ]
runs-on: ${{ matrix.host }}
steps:
- uses: actions/download-artifact@v4
with:
name: steward-x86_64-unknown-linux-musl
- run: chmod +x ./steward-x86_64-unknown-linux-musl
- run: ./steward-x86_64-unknown-linux-musl --help
push_oci:
needs: build
permissions:
actions: read
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: steward-aarch64-unknown-linux-musl-oci
- uses: actions/download-artifact@v4
with:
name: steward-x86_64-unknown-linux-musl-oci
- run: skopeo copy docker-archive:./steward-aarch64-unknown-linux-musl-oci containers-storage:localhost/steward:aarch64
- run: skopeo copy docker-archive:./steward-x86_64-unknown-linux-musl-oci containers-storage:localhost/steward:x86_64
- run: podman image ls
- run: podman manifest create steward:manifest
- run: podman manifest add steward:manifest containers-storage:localhost/steward:aarch64 --arch=arm64
- run: podman manifest add steward:manifest containers-storage:localhost/steward:x86_64 --arch=amd64
- run: podman manifest inspect steward:manifest
- name: metadata
id: metadata
uses: docker/metadata-action@v5
with:
images: ghcr.io/profianinc/steward
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
sep-tags: " "
- name: add tags
if: github.event_name == 'push'
run: podman tag steward:manifest ${{ steps.metadata.outputs.tags }}
- name: push to GitHub Packages
if: github.event_name == 'push'
uses: redhat-actions/push-to-registry@v2
with:
tags: ${{ steps.metadata.outputs.tags }}
username: ${{ github.actor }}
password: ${{ github.token }}
release:
needs: build
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: steward-aarch64-unknown-linux-musl
- uses: actions/download-artifact@v4
with:
name: steward-aarch64-unknown-linux-musl-oci
- uses: actions/download-artifact@v4
with:
name: steward-wasm32-wasi
- uses: actions/download-artifact@v4
with:
name: steward-wasm32-wasi-oci
- uses: actions/download-artifact@v4
with:
name: steward-x86_64-unknown-linux-musl
- uses: actions/download-artifact@v4
with:
name: steward-x86_64-unknown-linux-musl-oci
- uses: softprops/action-gh-release@v2
with:
draft: true
prerelease: true
files: |
steward-aarch64-unknown-linux-musl
steward-aarch64-unknown-linux-musl-oci
steward-wasm32-wasi
steward-wasm32-wasi-oci
steward-x86_64-unknown-linux-musl
steward-x86_64-unknown-linux-musl-oci