TudbuT/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
conduit/.github/workflows/ci.yml
strawberry e2c460ec54 ci: define packages permission in publish step 
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-04-26 02:03:40 -04:00

249 lines
11 KiB
YAML
Raw Blame History

name: CI and Artifacts
on:
pull_request:
push:
branches:
- main
- dev
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
# Required to make some things output color
TERM: ansi
# Publishing to my nix binary cache
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
# Just in case incremental is still being set to true, speeds up CI
CARGO_INCREMENTAL: 0
# Custom nix binary cache if fork is being used
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }}
permissions:
packages: write
contents: read
jobs:
tests:
name: Prepare and test
runs-on: ubuntu-latest
steps:
- name: Sync repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Enable Cachix binary cache
run: |
nix-env -iA cachix -f https://cachix.org/api/v1/install
cachix use crane
cachix use nix-community
- name: Configure Magic Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Apply Nix binary cache configuration
run: |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
extra-substituters = https://nix.computer.surgery/conduit https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit
extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo= conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg= conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
EOF
- name: Use alternative Nix binary caches if specified
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
run: |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
extra-substituters = ${{ env.ATTIC_ENDPOINT }}
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
EOF
- name: Install and activate `direnv`
run: |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv
direnv allow
- name: Update `/nix/store`
run: |
nix develop --command true
- name: Run CI tests
run: |
direnv exec . engage
build:
name: Build
runs-on: ubuntu-latest
needs: tests
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev'
strategy:
matrix:
include:
- target: aarch64-unknown-linux-musl
- target: aarch64-unknown-linux-musl-jemalloc
- target: x86_64-unknown-linux-musl
- target: x86_64-unknown-linux-musl-jemalloc
steps:
- name: Sync repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Enable Cachix binary cache
run: |
nix-env -iA cachix -f https://cachix.org/api/v1/install
cachix use crane
cachix use nix-community
- name: Configure Magic Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Apply Nix binary cache configuration
run: |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
extra-substituters = https://nix.computer.surgery/conduit https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit
extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo= conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg= conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
EOF
- name: Use alternative Nix binary caches if specified
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
run: |
sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
extra-substituters = ${{ env.ATTIC_ENDPOINT }}
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}
EOF
- name: Install and activate `direnv`
run: |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc"
nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv
direnv allow
- name: Update `/nix/store`
run: |
nix develop --command true
- name: Build static ${{ matrix.target }}
run: |
bin/nix-build-and-cache .#static-${{ matrix.target }}
mkdir -p target/release
cp -v -f result/bin/conduit target/release/
direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb
mv target/release/conduit static-${{ matrix.target }}
- name: Upload static-${{ matrix.target }}
uses: actions/upload-artifact@v4
with:
name: static-${{ matrix.target }}
path: static-${{ matrix.target }}
if-no-files-found: error
- name: Upload deb ${{ matrix.target }}
uses: actions/upload-artifact@v4
with:
name: deb-${{ matrix.target }}
path: target/debian/${{ matrix.target }}.deb
if-no-files-found: error
- name: Build OCI image ${{ matrix.target }}
run: |
bin/nix-build-and-cache .#oci-image-${{ matrix.target }}
cp -v -f result oci-image-${{ matrix.target }}.tar.gz
- name: Upload OCI image ${{ matrix.target }}
uses: actions/upload-artifact@v4
with:
name: oci-image-${{ matrix.target }}
path: oci-image-${{ matrix.target }}.tar.gz
if-no-files-found: error
compression-level: 0
docker:
name: Publish Docker manifests
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev'
permissions:
packages: write
contents: read
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Load OCI Images and tag
run: |
mv oci-image-*/*.tar.gz .
ID_AARCH64=$(docker load -i oci-image-aarch64-unknown-linux-musl-jemalloc.tar.gz | sed -n 's/Loaded image: \(.*\)/\1/p')
docker tag $ID_AARCH64 conduwuit:${{ github.sha }}-aarch64-jemalloc
ID_X86_64=$(docker load -i oci-image-x86_64-unknown-linux-musl-jemalloc.tar.gz | sed -n 's/Loaded image: \(.*\)/\1/p')
docker tag $ID_X86_64 conduwuit:${{ github.sha }}-x86_64-jemalloc
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
env:
GITHUB_USERNAME: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: ${{ (env.GITHUB_USERNAME != '') && (env.GITHUB_TOKEN != '') }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create and push combined manifest to GitHub
env:
GITHUB_USERNAME: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && (github.event_name != 'pull_request') && (env.GITHUB_USERNAME != '') && (env.GITHUB_TOKEN != '') }}
run: |
REPO_GHCR="ghcr.io/${{ github.repository }}"
SHA_TAG="${{ github.ref_name }}-${{ github.sha }}"
BRANCH_TAG="${{ github.ref_name }}"
if [ "$BRANCH_TAG" == "main" ]; then
BRANCH_TAG="latest"
fi
docker manifest create $REPO_GHCR:$SHA_TAG \
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
docker manifest push $REPO_GHCR:$SHA_TAG
docker manifest create $REPO_GHCR:$BRANCH_TAG \
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
docker manifest push $REPO_GHCR:$BRANCH_TAG
- name: Login to Docker Hub
uses: docker/login-action@v3
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
if: ${{ (env.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
with:
username: ${{ env.DOCKER_USERNAME }}
password: ${{ env.DOCKERHUB_TOKEN }}
- name: Create and push combined manifest to Docker Hub
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
if: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && (github.event_name != 'pull_request') && (env.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
run: |
REPO_DOCKER="docker.io/${{ github.repository }}"
SHA_TAG="${{ github.ref_name }}-${{ github.sha }}"
BRANCH_TAG="${{ github.ref_name }}"
if [ "$BRANCH_TAG" == "main" ]; then
BRANCH_TAG="latest"
fi
docker manifest create $REPO_DOCKER:$SHA_TAG \
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
docker manifest push $REPO_DOCKER:$SHA_TAG
docker manifest create $REPO_DOCKER:$BRANCH_TAG \
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
docker manifest push $REPO_DOCKER:$BRANCH_TAG
Reference in a new issue View git blame Copy permalink