-
Notifications
You must be signed in to change notification settings - Fork 1
201 lines (195 loc) · 8.08 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
name: CI/CD
on:
# By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened.
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
# So we add default event types and ready_for_review type here.
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
push:
branches:
- main
tags:
- v*
env:
RUST_BACKTRACE: full
CARGO_TERM_COLOR: always
jobs:
ci:
if: github.event.pull_request.draft == false
name: Run CI tasks
timeout-minutes: 20
runs-on:
group: large-github-hosted-runner-production
labels: large-github-hosted-runner-production-32cores
steps:
- uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa # Latest
with:
toolchain: stable
components: rustfmt,clippy
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
- name: Check "cargo fmt"
run: cargo fmt -- --check
- name: Run "cargo check"
run: cargo check --locked --all-features --all-targets
- name: Run "cargo clippy"
run: cargo clippy --locked --all-features -- -D warnings
- name: Run "cargo test"
run: cargo test --locked --verbose --all-targets --all-features
crate-metadata:
if: startsWith(github.ref, 'refs/tags/v')
timeout-minutes: 5
name: Extract crate metadata
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Extract crate information
id: crate-metadata
shell: bash
run: |
crate_version="$(cargo metadata --no-deps --format-version 1 | jq -r '"v" + .packages[0].version')"
if [ "${{ github.ref_name }}" != "${crate_version}" ]; then
echo "Tag does not match version in Cargo.toml: ${{ github.ref_name }} != ${crate_version}"
exit 1
fi
cargo metadata --no-deps --format-version 1 | jq -r '"name=" + .packages[0].name' | tee -a $GITHUB_OUTPUT
cargo metadata --no-deps --format-version 1 | jq -r '"version=" + .packages[0].version' | tee -a $GITHUB_OUTPUT
cargo metadata --no-deps --format-version 1 | jq -r '"msrv=" + .packages[0].rust_version' | tee -a $GITHUB_OUTPUT
outputs:
name: ${{ steps.crate-metadata.outputs.name }}
version: ${{ steps.crate-metadata.outputs.version }}
msrv: ${{ steps.crate-metadata.outputs.msrv }}
build-release:
name: Build and release binary
if: startsWith(github.ref, 'refs/tags/v')
timeout-minutes: 120
needs:
- ci
- crate-metadata
permissions:
contents: write
env:
BUILD_CMD: cargo
runs-on: ${{ matrix.job.runner }}
strategy:
fail-fast: false
matrix:
job:
# To sort the matrix, use inline syntax.
- { target: aarch64-apple-darwin, runner: macos-14-xlarge }
steps:
- uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa # Latest
with:
toolchain: stable
targets: ${{ matrix.job.target }}
- if: ${{ contains(matrix.job.os, 'macos')}}
run: brew install [email protected]
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build release binary
run: $BUILD_CMD build --release --locked --verbose --target=${{ matrix.job.target }}
- name: Archive release binary
run: |
tar --create --gzip --verbose --file=${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz --directory=target/${{ matrix.job.target }}/release ${{ needs.crate-metadata.outputs.name }}
- name: Install coreutils for macOS runner
if: ${{ contains(matrix.job.runner, 'macos')}}
run: brew install coreutils
- name: Calculate checksum
run: |
sha256sum ${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz > ${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz.sha256
- name: Upload release binary
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
files: |
${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz
${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz.sha256
# refs:
# - https://docs.github.com/en/actions/publishing-packages/publishing-docker-images#publishing-images-to-github-packages
# - https://github.com/docker/metadata-action#semver
build-release-docker:
name: Build and push Docker image and release binary
if: startsWith(github.ref, 'refs/tags/v')
timeout-minutes: 120
needs:
- crate-metadata
- ci
runs-on:
group: large-github-hosted-runner-production
labels: large-github-hosted-runner-production-64cores
permissions:
contents: write
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
strategy:
fail-fast: false
matrix:
job:
# To sort the matrix, use inline syntax.
- { target-os: alpine, target: x86_64-unknown-linux-musl }
- { target-os: ubuntu, target: x86_64-unknown-linux-gnu }
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Generates tags for alpine:
# latest
# latest-alpine
# 0.1
# 0.1-alpine
# 0.1.3
# 0.1.3-alpine
#
# For ubuntu:
# 0.1.3-ubuntu
# 0.1-ubuntu
# latest-ubuntu
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
latest=false
suffix=-${{ matrix.job.target-os }},onlatest=true
tags: |
type=raw,value=latest,suffix=,enable=${{ matrix.job.target-os == 'alpine' }}
type=raw,value=latest
type=semver,pattern={{major}}.{{minor}},suffix=,enable=${{ matrix.job.target-os == 'alpine' }}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}},suffix=,enable=${{ matrix.job.target-os == 'alpine' }}
type=semver,pattern={{version}}
- name: Build and push Docker image
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: .
file: Dockerfile-${{ matrix.job.target-os }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Extract binary from Docker image
run: |
image_name="$(echo ${{ env.IMAGE_NAME }} | tr [:upper:] [:lower:])"
container_id="$(docker create "${{ env.REGISTRY }}/${image_name}:latest-${{ matrix.job.target-os }}")"
docker cp "${container_id}:/usr/local/bin/orgu" ./orgu
docker rm "${container_id}"
- name: Archive extracted binary
run: |
tar --create --gzip --verbose --file=${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz ${{ needs.crate-metadata.outputs.name }}
- name: Calculate checksum
run: |
sha256sum ${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz > ${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz.sha256
- name: Upload release binary
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
files: |
${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz
${{ needs.crate-metadata.outputs.name }}-${{ matrix.job.target }}.tar.gz.sha256