conduit/.gitlab-ci.yml

stages:
  - ci
  - artifacts
  - publish

variables:
  # Makes some things print in color
  TERM: ansi

# Avoid duplicate pipelines
# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
      when: never
    - if: $CI

before_script:
  # Enable nix-command and flakes
  - if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi

  # Add our own binary cache
  - if command -v nix > /dev/null; then echo "extra-substituters = https://nix.computer.surgery/conduit" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=" >> /etc/nix/nix.conf; fi

  # Add alternate binary cache
  - if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi

  # Add crane binary cache
  - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi

  # Add nix-community binary cache
  - if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi
  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi

  # Install direnv and nix-direnv
  - if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi

  # Allow .envrc
  - if command -v nix > /dev/null; then direnv allow; fi

  # Set CARGO_HOME to a cacheable path
  - export CARGO_HOME="$(git rev-parse --show-toplevel)/.gitlab-ci.d/cargo"

ci:
  stage: ci
  image: nixos/nix:2.20.4
  script:
    # Cache the inputs required for the devShell
    - ./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation

    - direnv exec . engage
  cache:
    key: nix
    paths:
      - target
      - .gitlab-ci.d
  rules:
    # CI on upstream runners (only available for maintainers)
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $IS_UPSTREAM_CI == "true"
    # Manual CI on unprotected branches that are not MRs
    - if: $CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "false"
      when: manual
    # Manual CI on forks
    - if: $IS_UPSTREAM_CI != "true"
      when: manual
    - if: $CI
  interruptible: true

artifacts:
  stage: artifacts
  image: nixos/nix:2.20.4
  script:
    - ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl
    - cp result/bin/conduit x86_64-unknown-linux-musl

    - mkdir -p target/release
    - cp result/bin/conduit target/release
    - direnv exec . cargo deb --no-build
    - mv target/debian/*.deb x86_64-unknown-linux-musl.deb

    # Since the OCI image package is based on the binary package, this has the
    # fun side effect of uploading the normal binary too. Conduit users who are
    # deploying with Nix can leverage this fact by adding our binary cache to
    # their systems.
    #
    # Note that although we have an `oci-image-x86_64-unknown-linux-musl`
    # output, we don't build it because it would be largely redundant to this
    # one since it's all containerized anyway.
    - ./bin/nix-build-and-cache .#oci-image
    - cp result oci-image-amd64.tar.gz

    - ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
    - cp result/bin/conduit aarch64-unknown-linux-musl

    - ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl
    - cp result oci-image-arm64v8.tar.gz

    - ./bin/nix-build-and-cache .#book
    # We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746
    - cp -r --dereference result public
  artifacts:
    paths:
      - x86_64-unknown-linux-musl
      - aarch64-unknown-linux-musl
      - x86_64-unknown-linux-musl.deb
      - oci-image-amd64.tar.gz
      - oci-image-arm64v8.tar.gz
      - public
  rules:
    # CI required for all MRs
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    # Optional CI on forks
    - if: $IS_UPSTREAM_CI != "true"
      when: manual
      allow_failure: true
    - if: $CI
  interruptible: true

.push-oci-image:
  stage: publish
  image: docker:25.0.0
  services:
    - docker:25.0.0-dind
  variables:
    IMAGE_SUFFIX_AMD64: amd64
    IMAGE_SUFFIX_ARM64V8: arm64v8
  script:
    - docker load -i oci-image-amd64.tar.gz
    - IMAGE_ID_AMD64=$(docker images -q conduit:next)
    - docker load -i oci-image-arm64v8.tar.gz
    - IMAGE_ID_ARM64V8=$(docker images -q conduit:next)
    # Tag and push the architecture specific images
    - docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64
    - docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
    - docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64
    - docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
    # Tag the multi-arch image
    - docker manifest create $IMAGE_NAME:$CI_COMMIT_SHA --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
    - docker manifest push $IMAGE_NAME:$CI_COMMIT_SHA
    # Tag and push the git ref
    - docker manifest create $IMAGE_NAME:$CI_COMMIT_REF_NAME --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
    - docker manifest push $IMAGE_NAME:$CI_COMMIT_REF_NAME
    # Tag git tags as 'latest'
    - |
      if [[ -n "$CI_COMMIT_TAG" ]]; then
        docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
        docker manifest push $IMAGE_NAME:latest
      fi
  dependencies:
    - artifacts
  only:
    - next
    - master
    - tags

oci-image:push-gitlab:
  extends: .push-oci-image
  variables:
    IMAGE_NAME: $CI_REGISTRY_IMAGE/matrix-conduit
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

oci-image:push-dockerhub:
  extends: .push-oci-image
  variables:
    IMAGE_NAME: matrixconduit/matrix-conduit
  before_script:
    - docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_PASSWORD

pages:
  stage: publish
  dependencies:
    - artifacts
  only:
    - next
  script:
    - "true"
  artifacts:
    paths:
      - public
Generate binaries for 3 architectures in the CI The result is stored in the gitlab package registry 2021-06-01 02:58:50 +02:00			`stages:`
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`- ci`
redo docker image and build it in ci 2024-01-18 22:31:46 +01:00			`- artifacts`
Publish oci image to the gitlab registry 2024-01-30 18:04:47 +01:00			`- publish`
Try to improve CI build times by caching 2021-05-13 09:57:11 +02:00
Add .gitlab-ci.yml 2021-03-13 20:00:13 +01:00			`variables:`
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`# Makes some things print in color`
			`TERM: ansi`
Use full optimizations for master and faster config else Signed-off-by: Jonas Zohren <git-pbkyr@jzohren.de> 2021-08-13 17:20:40 +02:00
fix(ci): avoid duplicate pipelines 2024-03-11 11:43:05 +01:00			`# Avoid duplicate pipelines`
			`# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines`
			`workflow:`
			`rules:`
			`- if: $CI_PIPELINE_SOURCE == "merge_request_event"`
			`- if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS`
			`when: never`
			`- if: $CI`

use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`before_script:`
			`# Enable nix-command and flakes`
add debian package building in ci This uses a separate step and docker image, which I'm not a huge fan of. At least I could get this to work for now, but I won't be shocked when it breaks later. I know, I know, fixing this kind of problem is the exact reason I bothered to do this, but I was really struggling to do better here. Maybe I can take a second pass at this later. Also, this explicitly names the caches, because without this, various things related to linking will break. 2024-01-19 21:10:23 +01:00			`- if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi`
CI: Create docker image with musl binary 2021-07-19 17:18:25 +02:00
add our own binary cache The machine I'm hosting this on doesn't have incredible upload speeds but it should be good enough? 2024-01-25 07:20:48 +01:00			`# Add our own binary cache`
			`- if command -v nix > /dev/null; then echo "extra-substituters = https://nix.computer.surgery/conduit" >> /etc/nix/nix.conf; fi`
			`- if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=" >> /etc/nix/nix.conf; fi`

allow overriding the attic endpoint And also the public key so that pulling from the new endpoint will work. This allows other people to host their own attic instances and configure their (CI) environment to override the default endpoint so e.g. they can take advantage of a binary cache without having write access to the official one. I didn't actually test this change but I think it should work. Also why'd I format the script like that, ew lol 2024-03-05 08:47:46 +01:00			`# Add alternate binary cache`
			`- if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi`
			`- if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi`

add crane binary cache This way we don't need to build e.g. crane-utils every time. 2024-01-25 07:16:29 +01:00			`# Add crane binary cache`
			`- if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi`
			`- if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi`

use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`# Add nix-community binary cache`
add debian package building in ci This uses a separate step and docker image, which I'm not a huge fan of. At least I could get this to work for now, but I won't be shocked when it breaks later. I know, I know, fixing this kind of problem is the exact reason I bothered to do this, but I was really struggling to do better here. Maybe I can take a second pass at this later. Also, this explicitly names the caches, because without this, various things related to linking will break. 2024-01-19 21:10:23 +01:00			`- if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi`
			`- if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi`
Use full optimizations for master and faster config else Signed-off-by: Jonas Zohren <git-pbkyr@jzohren.de> 2021-08-13 17:20:40 +02:00
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`# Install direnv and nix-direnv`
add debian package building in ci This uses a separate step and docker image, which I'm not a huge fan of. At least I could get this to work for now, but I won't be shocked when it breaks later. I know, I know, fixing this kind of problem is the exact reason I bothered to do this, but I was really struggling to do better here. Maybe I can take a second pass at this later. Also, this explicitly names the caches, because without this, various things related to linking will break. 2024-01-19 21:10:23 +01:00			`- if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi`
feat(ci): Split clippy into own fallible job For some reason, the clippy build does not work. This change allows the cargo:test job to still succeed and the pipeline to pass 2022-06-23 00:14:53 +02:00
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`# Allow .envrc`
add debian package building in ci This uses a separate step and docker image, which I'm not a huge fan of. At least I could get this to work for now, but I won't be shocked when it breaks later. I know, I know, fixing this kind of problem is the exact reason I bothered to do this, but I was really struggling to do better here. Maybe I can take a second pass at this later. Also, this explicitly names the caches, because without this, various things related to linking will break. 2024-01-19 21:10:23 +01:00			`- if command -v nix > /dev/null; then direnv allow; fi`
Use full optimizations for master and faster config else Signed-off-by: Jonas Zohren <git-pbkyr@jzohren.de> 2021-08-13 17:20:40 +02:00
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`# Set CARGO_HOME to a cacheable path`
			`- export CARGO_HOME="$(git rev-parse --show-toplevel)/.gitlab-ci.d/cargo"`
chore(ci): Split up tests 2022-02-18 22:29:55 +01:00
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`ci:`
			`stage: ci`
upgrade nixos/nix image 2024-03-05 05:44:15 +01:00			`image: nixos/nix:2.20.4`
feat(ci): Add dependency audit to CI tests 2022-02-18 22:30:02 +01:00			`script:`
upload all devshell inputs to the cache This will also include attic, so we don't need to explicitly do this in `./bin/nix-build-and-cache` anymore, which is good because that script gets called a good number of times and doing that repeatedly was a bit of a waste. 2024-03-05 21:05:50 +01:00			`# Cache the inputs required for the devShell`
			`- ./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation`

use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`- direnv exec . engage`
			`cache:`
add debian package building in ci This uses a separate step and docker image, which I'm not a huge fan of. At least I could get this to work for now, but I won't be shocked when it breaks later. I know, I know, fixing this kind of problem is the exact reason I bothered to do this, but I was really struggling to do better here. Maybe I can take a second pass at this later. Also, this explicitly names the caches, because without this, various things related to linking will break. 2024-01-19 21:10:23 +01:00			`key: nix`
use nix and engage to manage ci 2024-01-18 20:36:51 +01:00			`paths:`
			`- target`
			`- .gitlab-ci.d`
feat: run ci on demand to prevent unnecessary job executions 2024-03-06 11:47:15 +01:00			`rules:`
			`# CI on upstream runners (only available for maintainers)`
			`- if: $CI_PIPELINE_SOURCE == "merge_request_event" && $IS_UPSTREAM_CI == "true"`
fix(ci): avoid duplicate pipelines 2024-03-11 11:43:05 +01:00			`# Manual CI on unprotected branches that are not MRs`
			`- if: $CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "false"`
			`when: manual`
feat: run ci on demand to prevent unnecessary job executions 2024-03-06 11:47:15 +01:00			`# Manual CI on forks`
			`- if: $IS_UPSTREAM_CI != "true"`
			`when: manual`
			`- if: $CI`
fix(ci): avoid duplicate pipelines 2024-03-11 11:43:05 +01:00			`interruptible: true`
redo docker image and build it in ci 2024-01-18 22:31:46 +01:00
use nix-built binary to produce debian package Currently just for `x86_64-unknown-linux-musl`. Theoretically, we can use this same mechanism for `aarch64-unknown-linux-musl`. Practically, I'm not sure just this will even work. 2024-03-05 08:12:17 +01:00			`artifacts:`
add static cross to x86_64-unknown-linux-musl 2024-01-23 20:22:18 +01:00			`stage: artifacts`
upgrade nixos/nix image 2024-03-05 05:44:15 +01:00			`image: nixos/nix:2.20.4`
add static cross to x86_64-unknown-linux-musl 2024-01-23 20:22:18 +01:00			`script:`
			`- ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl`
build all nix-based artifacts in a single job This will reduce the amount of full builds that need to be done by runs that don't have write access to the nix binary cache. 2024-03-05 05:38:57 +01:00			`- cp result/bin/conduit x86_64-unknown-linux-musl`
add static cross to x86_64-unknown-linux-musl 2024-01-23 20:22:18 +01:00
use nix-built binary to produce debian package Currently just for `x86_64-unknown-linux-musl`. Theoretically, we can use this same mechanism for `aarch64-unknown-linux-musl`. Practically, I'm not sure just this will even work. 2024-03-05 08:12:17 +01:00			`- mkdir -p target/release`
			`- cp result/bin/conduit target/release`
			`- direnv exec . cargo deb --no-build`
			`- mv target/debian/*.deb x86_64-unknown-linux-musl.deb`

push oci image and x86_64-*-gnu build to bin cache This will allow most Nix users to use the `default` package and without having to build from source. And also allows any weirdos to get the OCI image from the Nix binary cache if they want. No idea why that would be desireable though lol 2024-01-25 20:37:35 +01:00			`# Since the OCI image package is based on the binary package, this has the`
			`# fun side effect of uploading the normal binary too. Conduit users who are`
			`# deploying with Nix can leverage this fact by adding our binary cache to`
			`# their systems.`
build all nix-based artifacts in a single job This will reduce the amount of full builds that need to be done by runs that don't have write access to the nix binary cache. 2024-03-05 05:38:57 +01:00			`#`
			# Note that although we have an `oci-image-x86_64-unknown-linux-musl`
			`# output, we don't build it because it would be largely redundant to this`
			`# one since it's all containerized anyway.`
push oci image and x86_64-*-gnu build to bin cache This will allow most Nix users to use the `default` package and without having to build from source. And also allows any weirdos to get the OCI image from the Nix binary cache if they want. No idea why that would be desireable though lol 2024-01-25 20:37:35 +01:00			`- ./bin/nix-build-and-cache .#oci-image`
Publish oci image to the gitlab registry 2024-01-30 18:04:47 +01:00			`- cp result oci-image-amd64.tar.gz`
add debian package building in ci This uses a separate step and docker image, which I'm not a huge fan of. At least I could get this to work for now, but I won't be shocked when it breaks later. I know, I know, fixing this kind of problem is the exact reason I bothered to do this, but I was really struggling to do better here. Maybe I can take a second pass at this later. Also, this explicitly names the caches, because without this, various things related to linking will break. 2024-01-19 21:10:23 +01:00
build all nix-based artifacts in a single job This will reduce the amount of full builds that need to be done by runs that don't have write access to the nix binary cache. 2024-03-05 05:38:57 +01:00			`- ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl`
			`- cp result/bin/conduit aarch64-unknown-linux-musl`
add package to build an aarch64 oci image And build it as an artifact in CI. 2024-01-26 04:38:25 +01:00
build all nix-based artifacts in a single job This will reduce the amount of full builds that need to be done by runs that don't have write access to the nix binary cache. 2024-03-05 05:38:57 +01:00			`- ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl`
Publish oci image to the gitlab registry 2024-01-30 18:04:47 +01:00			`- cp result oci-image-arm64v8.tar.gz`
build book in ci, deploy it to gitlab pages 2024-03-15 04:27:44 +01:00
			`- ./bin/nix-build-and-cache .#book`
			`# We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746`
			`- cp -r --dereference result public`
add package to build an aarch64 oci image And build it as an artifact in CI. 2024-01-26 04:38:25 +01:00			`artifacts:`
			`paths:`
build all nix-based artifacts in a single job This will reduce the amount of full builds that need to be done by runs that don't have write access to the nix binary cache. 2024-03-05 05:38:57 +01:00			`- x86_64-unknown-linux-musl`
			`- aarch64-unknown-linux-musl`
use nix-built binary to produce debian package Currently just for `x86_64-unknown-linux-musl`. Theoretically, we can use this same mechanism for `aarch64-unknown-linux-musl`. Practically, I'm not sure just this will even work. 2024-03-05 08:12:17 +01:00			`- x86_64-unknown-linux-musl.deb`
build all nix-based artifacts in a single job This will reduce the amount of full builds that need to be done by runs that don't have write access to the nix binary cache. 2024-03-05 05:38:57 +01:00			`- oci-image-amd64.tar.gz`
Publish oci image to the gitlab registry 2024-01-30 18:04:47 +01:00			`- oci-image-arm64v8.tar.gz`
build book in ci, deploy it to gitlab pages 2024-03-15 04:27:44 +01:00			`- public`
feat: run ci on demand to prevent unnecessary job executions 2024-03-06 11:47:15 +01:00			`rules:`
			`# CI required for all MRs`
			`- if: $CI_PIPELINE_SOURCE == "merge_request_event"`
			`# Optional CI on forks`
			`- if: $IS_UPSTREAM_CI != "true"`
			`when: manual`
			`allow_failure: true`
			`- if: $CI`
fix(ci): avoid duplicate pipelines 2024-03-11 11:43:05 +01:00			`interruptible: true`
add package to build an aarch64 oci image And build it as an artifact in CI. 2024-01-26 04:38:25 +01:00
feat(ci): push oci-image to docker hub 2024-02-18 02:36:50 +01:00			`.push-oci-image:`
Publish oci image to the gitlab registry 2024-01-30 18:04:47 +01:00			`stage: publish`
			`image: docker:25.0.0`
			`services:`
			`- docker:25.0.0-dind`
			`variables:`
			`IMAGE_SUFFIX_AMD64: amd64`
			`IMAGE_SUFFIX_ARM64V8: arm64v8`
			`script:`
			`- docker load -i oci-image-amd64.tar.gz`
			`- IMAGE_ID_AMD64=$(docker images -q conduit:next)`
			`- docker load -i oci-image-arm64v8.tar.gz`
			`- IMAGE_ID_ARM64V8=$(docker images -q conduit:next)`
			`# Tag and push the architecture specific images`
			`- docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64`
			`- docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8`
			`- docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64`
			`- docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8`
			`# Tag the multi-arch image`
			`- docker manifest create $IMAGE_NAME:$CI_COMMIT_SHA --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8`
			`- docker manifest push $IMAGE_NAME:$CI_COMMIT_SHA`
			`# Tag and push the git ref`
			`- docker manifest create $IMAGE_NAME:$CI_COMMIT_REF_NAME --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8`
			`- docker manifest push $IMAGE_NAME:$CI_COMMIT_REF_NAME`
			`# Tag git tags as 'latest'`
			`- \|`
			`if [[ -n "$CI_COMMIT_TAG" ]]; then`
			`docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8`
			`docker manifest push $IMAGE_NAME:latest`
			`fi`
			`dependencies:`
use nix-built binary to produce debian package Currently just for `x86_64-unknown-linux-musl`. Theoretically, we can use this same mechanism for `aarch64-unknown-linux-musl`. Practically, I'm not sure just this will even work. 2024-03-05 08:12:17 +01:00			`- artifacts`
Publish oci image to the gitlab registry 2024-01-30 18:04:47 +01:00			`only:`
			`- next`
			`- master`
			`- tags`
feat(ci): push oci-image to docker hub 2024-02-18 02:36:50 +01:00
			`oci-image:push-gitlab:`
			`extends: .push-oci-image`
			`variables:`
			`IMAGE_NAME: $CI_REGISTRY_IMAGE/matrix-conduit`
			`before_script:`
			`- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY`

			`oci-image:push-dockerhub:`
			`extends: .push-oci-image`
			`variables:`
			`IMAGE_NAME: matrixconduit/matrix-conduit`
			`before_script:`
add trailing newline to file Please fix your editor configuration... 2024-03-05 05:42:58 +01:00			`- docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_PASSWORD`
build book in ci, deploy it to gitlab pages 2024-03-15 04:27:44 +01:00
			`pages:`
			`stage: publish`
			`dependencies:`
			`- artifacts`
			`only:`
			`- next`
			`script:`
			`- "true"`
			`artifacts:`
			`paths:`
			`- public`