conduit/.github/workflows/ci.yml

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

250 lines
9.4 KiB
YAML
Raw Normal View History

name: CI and Artifacts
2023-12-21 01:35:52 +01:00
on:
pull_request:
push:
branches:
- main
env:
# Required to make some things output color
TERM: ansi
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
CARGO_INCREMENTAL: 0
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }}
2023-12-21 01:35:52 +01:00
permissions:
packages: write
2023-12-21 01:35:52 +01:00
jobs:
ci:
name: CI and Artifacts
2023-12-21 01:35:52 +01:00
runs-on: ubuntu-latest
steps:
- name: Sync repository
uses: actions/checkout@v4
2023-12-21 01:35:52 +01:00
- name: Install Nix (with flakes and nix-command enabled)
uses: cachix/install-nix-action@v26
2023-12-21 01:35:52 +01:00
with:
nix_path: nixpkgs=channel:nixos-unstable
# Add `nix-community`, Crane, upstream Conduit, and conduwuit binary caches
2023-12-21 01:35:52 +01:00
extra_nix_config: |
experimental-features = nix-command flakes
2023-12-21 01:35:52 +01:00
extra-substituters = https://nix-community.cachix.org
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
extra-substituters = https://crane.cachix.org
extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=
extra-substituters = https://nix.computer.surgery/conduit
extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=
extra-substituters = https://attic.kennel.juneis.dog/conduit
extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
extra-substituters = https://attic.kennel.juneis.dog/conduwuit
extra-trusted-public-keys = conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
- name: Add alternative Nix binary caches if specified
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
run: |
echo "extra-substituters = ${{ env.ATTIC_ENDPOINT }}" >> /etc/nix/nix.conf
echo "extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}" >> /etc/nix/nix.conf
2023-12-21 01:35:52 +01:00
- name: Pop/push Magic Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@main
2023-12-21 01:35:52 +01:00
- name: Configure `nix-direnv`
run: |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
- name: Install `direnv` and `nix-direnv`
run: nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv
2023-12-21 01:35:52 +01:00
- name: Pop/push downloaded crate cache
uses: actions/cache@v4
2023-12-21 01:35:52 +01:00
with:
key: downloaded-crates
path: ~/.cargo
- name: Pop/push compiled crate cache
uses: actions/cache@v4
2023-12-21 01:35:52 +01:00
with:
key: compiled-crates-${{runner.os}}
path: target
# Do this to shorten the logs for the real CI step
- name: Populate `/nix/store`
run: nix develop --command true
- name: Allow direnv
run: direnv allow
- name: Cache x86_64 inputs for devShell
2023-12-21 01:35:52 +01:00
run: |
./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation
- name: Perform continuous integration
run: direnv exec . engage
- name: Build static-x86_64-unknown-linux-musl and Create static deb-x86_64-unknown-linux-musl
run: |
./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl
mkdir -p target/release
cp -v -f result/bin/conduit target/release
direnv exec . cargo deb --no-build
- name: Upload artifact static-x86_64-unknown-linux-musl
uses: actions/upload-artifact@v4
with:
name: static-x86_64-unknown-linux-musl
path: result/bin/conduit
if-no-files-found: error
- name: Upload artifact deb-x86_64-unknown-linux-musl
uses: actions/upload-artifact@v4
with:
name: x86_64-unknown-linux-musl.deb
path: target/debian/*.deb
if-no-files-found: error
- name: Build static-aarch64-unknown-linux-musl
run: |
./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
- name: Upload artifact static-aarch64-unknown-linux-musl
uses: actions/upload-artifact@v4
with:
name: static-aarch64-unknown-linux-musl
path: result/bin/conduit
if-no-files-found: error
- name: Build oci-image-x86_64-unknown-linux-gnu
run: |
./bin/nix-build-and-cache .#oci-image
cp -v -f result oci-image-amd64.tar.gz
- name: Upload artifact oci-image-x86_64-unknown-linux-gnu
uses: actions/upload-artifact@v4
with:
name: oci-image-x86_64-unknown-linux-gnu
path: oci-image-amd64.tar.gz
if-no-files-found: error
# don't compress again
compression-level: 0
- name: Build oci-image-aarch64-unknown-linux-musl
run: |
./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl
cp -v -f result oci-image-arm64v8.tar.gz
- name: Upload artifact oci-image-aarch64-unknown-linux-musl
uses: actions/upload-artifact@v4
with:
name: oci-image-aarch64-unknown-linux-musl
path: oci-image-arm64v8.tar.gz
if-no-files-found: error
# don't compress again
compression-level: 0
- name: Extract metadata for Dockerhub
env:
REGISTRY: registry.hub.docker.com
IMAGE_NAME: ${{ github.repository }}
id: meta-dockerhub
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Extract metadata for GitHub Container Registry
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
id: meta-ghcr
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Login to Dockerhub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: girlbossceo
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
env:
REGISTRY: ghcr.io
with:
registry: ${{ env.REGISTRY }}
username: girlbossceo
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish to Dockerhub
if: github.event_name != 'pull_request'
env:
IMAGE_NAME: docker.io/${{ github.repository }}
IMAGE_SUFFIX_AMD64: amd64
IMAGE_SUFFIX_ARM64V8: arm64v8
run: |
docker load -i oci-image-amd64.tar.gz
IMAGE_ID_AMD64=$(docker images -q conduit:main)
docker load -i oci-image-arm64v8.tar.gz
IMAGE_ID_ARM64V8=$(docker images -q conduit:main)
# Tag and push the architecture specific images
docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64
docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
# Tag the multi-arch image
docker manifest create $IMAGE_NAME:$GITHUB_SHA --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:$GITHUB_SHA
# Tag and push the git ref
docker manifest create $IMAGE_NAME:$GITHUB_REF_NAME --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:$GITHUB_REF_NAME
# Tag git tags as 'latest'
if [[ -n "$GITHUB_REF_NAME" ]]; then
docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:latest
fi
- name: Publish to GitHub Container Registry
if: github.event_name != 'pull_request'
env:
IMAGE_NAME: ghcr.io/${{ github.repository }}
IMAGE_SUFFIX_AMD64: amd64
IMAGE_SUFFIX_ARM64V8: arm64v8
run: |
docker load -i oci-image-amd64.tar.gz
IMAGE_ID_AMD64=$(docker images -q conduit:main)
docker load -i oci-image-arm64v8.tar.gz
IMAGE_ID_ARM64V8=$(docker images -q conduit:main)
# Tag and push the architecture specific images
docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64
docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
# Tag the multi-arch image
docker manifest create $IMAGE_NAME:$GITHUB_SHA --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:$GITHUB_SHA
# Tag and push the git ref
docker manifest create $IMAGE_NAME:$GITHUB_REF_NAME --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:$GITHUB_REF_NAME
# Tag git tags as 'latest'
if [[ -n "$GITHUB_REF_NAME" ]]; then
docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:latest
fi