2024 03 16 #630
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI and Artifacts | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
# Required to make some things output color | |
TERM: ansi | |
# Publishing to my nix binary cache | |
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
# Just in case incremental is still being set to true, speeds up CI | |
CARGO_INCREMENTAL: 0 | |
# Custom nix binary cache if fork is being used | |
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }} | |
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }} | |
permissions: | |
packages: write | |
contents: read | |
jobs: | |
ci: | |
name: CI and Artifacts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Install Nix (with flakes and nix-command enabled) | |
uses: cachix/install-nix-action@v26 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
# Add `nix-community`, Crane, upstream Conduit, and conduwuit binary caches | |
extra_nix_config: | | |
experimental-features = nix-command flakes | |
extra-substituters = https://nix-community.cachix.org | |
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
extra-substituters = https://crane.cachix.org | |
extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk= | |
extra-substituters = https://nix.computer.surgery/conduit | |
extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo= | |
extra-substituters = https://attic.kennel.juneis.dog/conduit | |
extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg= | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit | |
extra-trusted-public-keys = conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw= | |
- name: Add alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
echo "extra-substituters = ${{ env.ATTIC_ENDPOINT }}" >> /etc/nix/nix.conf | |
echo "extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}" >> /etc/nix/nix.conf | |
- name: Pop/push Magic Nix Cache | |
uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Configure `nix-direnv` | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
- name: Install `direnv` and `nix-direnv` | |
run: nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv | |
- name: Pop/push downloaded crate cache | |
uses: actions/cache@v4 | |
with: | |
key: downloaded-crates | |
path: ~/.cargo | |
- name: Pop/push compiled crate cache | |
uses: actions/cache@v4 | |
with: | |
key: compiled-crates-${{runner.os}} | |
path: target | |
# Do this to shorten the logs for the real CI step | |
- name: Populate `/nix/store` | |
run: nix develop --command true | |
- name: Allow direnv | |
run: direnv allow | |
- name: Cache x86_64 inputs for devShell | |
run: | | |
./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation | |
- name: Perform continuous integration | |
run: direnv exec . engage | |
- name: Build static-x86_64-unknown-linux-musl and Create static deb-x86_64-unknown-linux-musl | |
run: | | |
./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl | |
mkdir -p target/release | |
cp -v -f result/bin/conduit target/release | |
direnv exec . cargo deb --no-build | |
- name: Upload artifact static-x86_64-unknown-linux-musl | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-x86_64-unknown-linux-musl | |
path: result/bin/conduit | |
if-no-files-found: error | |
- name: Upload artifact deb-x86_64-unknown-linux-musl | |
uses: actions/upload-artifact@v4 | |
with: | |
name: x86_64-unknown-linux-musl.deb | |
path: target/debian/*.deb | |
if-no-files-found: error | |
- name: Build static-aarch64-unknown-linux-musl | |
run: | | |
./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl | |
- name: Upload artifact static-aarch64-unknown-linux-musl | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-aarch64-unknown-linux-musl | |
path: result/bin/conduit | |
if-no-files-found: error | |
- name: Build oci-image-x86_64-unknown-linux-gnu | |
run: | | |
./bin/nix-build-and-cache .#oci-image | |
cp -v -f result oci-image-amd64.tar.gz | |
- name: Upload artifact oci-image-x86_64-unknown-linux-gnu | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-x86_64-unknown-linux-gnu | |
path: oci-image-amd64.tar.gz | |
if-no-files-found: error | |
# don't compress again | |
compression-level: 0 | |
- name: Build oci-image-aarch64-unknown-linux-musl | |
run: | | |
./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl | |
cp -v -f result oci-image-arm64v8.tar.gz | |
- name: Upload artifact oci-image-aarch64-unknown-linux-musl | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-aarch64-unknown-linux-musl | |
path: oci-image-arm64v8.tar.gz | |
if-no-files-found: error | |
# don't compress again | |
compression-level: 0 | |
- name: Extract metadata for Dockerhub | |
env: | |
REGISTRY: registry.hub.docker.com | |
IMAGE_NAME: ${{ github.repository }} | |
id: meta-dockerhub | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Extract metadata for GitHub Container Registry | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
id: meta-ghcr | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Login to Dockerhub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
username: girlbossceo | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
env: | |
REGISTRY: ghcr.io | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: girlbossceo | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish to Dockerhub | |
if: github.event_name != 'pull_request' | |
env: | |
IMAGE_NAME: docker.io/${{ github.repository }} | |
IMAGE_SUFFIX_AMD64: amd64 | |
IMAGE_SUFFIX_ARM64V8: arm64v8 | |
run: | | |
docker load -i oci-image-amd64.tar.gz | |
IMAGE_ID_AMD64=$(docker images -q conduit:main) | |
docker load -i oci-image-arm64v8.tar.gz | |
IMAGE_ID_ARM64V8=$(docker images -q conduit:main) | |
# Tag and push the architecture specific images | |
docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 | |
docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 | |
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
# Tag the multi-arch image | |
docker manifest create $IMAGE_NAME:$GITHUB_SHA --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker manifest push $IMAGE_NAME:$GITHUB_SHA | |
# Tag and push the git ref | |
docker manifest create $IMAGE_NAME:$GITHUB_REF_NAME --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker manifest push $IMAGE_NAME:$GITHUB_REF_NAME | |
# Tag git tags as 'latest' | |
if [[ -n "$GITHUB_REF_NAME" ]]; then | |
docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker manifest push $IMAGE_NAME:latest | |
fi | |
- name: Publish to GitHub Container Registry | |
if: github.event_name != 'pull_request' | |
env: | |
IMAGE_NAME: ghcr.io/${{ github.repository }} | |
IMAGE_SUFFIX_AMD64: amd64 | |
IMAGE_SUFFIX_ARM64V8: arm64v8 | |
run: | | |
docker load -i oci-image-amd64.tar.gz | |
IMAGE_ID_AMD64=$(docker images -q conduit:main) | |
docker load -i oci-image-arm64v8.tar.gz | |
IMAGE_ID_ARM64V8=$(docker images -q conduit:main) | |
# Tag and push the architecture specific images | |
docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 | |
docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 | |
docker push $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
# Tag the multi-arch image | |
docker manifest create $IMAGE_NAME:$GITHUB_SHA --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker manifest push $IMAGE_NAME:$GITHUB_SHA | |
# Tag and push the git ref | |
docker manifest create $IMAGE_NAME:$GITHUB_REF_NAME --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker manifest push $IMAGE_NAME:$GITHUB_REF_NAME | |
# Tag git tags as 'latest' | |
if [[ -n "$GITHUB_REF_NAME" ]]; then | |
docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$GITHUB_SHA-$IMAGE_SUFFIX_ARM64V8 | |
docker manifest push $IMAGE_NAME:latest | |
fi |