chore(deps): lock file maintenance #1319
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build new release | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
permissions: | |
contents: write | |
packages: write | |
pull-requests: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# Gets the build version and information about if this is a new version | |
get-version: | |
name: Get version | |
runs-on: ubuntu-latest | |
outputs: | |
is_new_version: ${{ steps.get_version.outputs.IS_NEW_VERSION }} | |
version: ${{ steps.get_version.outputs.VERSION }} | |
sane_branch_name_key: ${{ steps.get_version.outputs.SANE_BRANCH_NAME_KEY }} | |
build_date: ${{ steps.get_version.outputs.BUILD_DATE }} | |
is_prerelease: ${{ steps.get_version.outputs.IS_PRERELEASE }} | |
toolchain: ${{ steps.get_toolchain.outputs.TOOLCHAIN }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: git fetch --tags | |
- run: pip3 install yq==2.13.0 | |
- name: Get Build Version | |
id: get_version | |
run: ./scripts/check-version.sh | |
shell: bash | |
- name: Get Toolchain Version | |
id: get_toolchain | |
run: | | |
echo "TOOLCHAIN=$(cat rust-toolchain.toml | tomlq .toolchain.channel)" >> $GITHUB_OUTPUT | |
# Github releases are only performed when the release version changes | |
build-binary: | |
name: Build binary | |
runs-on: ubuntu-latest | |
needs: [get-version] | |
if: ${{ needs.get-version.outputs.is_new_version == 'true' || needs.get-version.outputs.is_prerelease == 'true'}} | |
strategy: | |
matrix: | |
architectures: | |
- arch: x86_64 | |
target-tupl: x86_64-unknown-linux-gnu | |
dependencies: protobuf-compiler | |
bindgenExtraClangArgs: "" | |
- arch: aarch64 | |
target-tupl: aarch64-unknown-linux-gnu | |
dependencies: gcc-aarch64-linux-gnu protobuf-compiler libclang-dev g++-aarch64-linux-gnu | |
bindgenExtraClangArgs: "--sysroot=/usr/aarch64-linux-gnu -mfloat-abi=hard" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install toolchains | |
run: | | |
rustup toolchain install ${{ needs.get-version.outputs.toolchain }} | |
rustup target add ${{ matrix.architectures.target-tupl }} --toolchain ${{ needs.get-version.outputs.toolchain }} | |
rustup target add wasm32-unknown-unknown --toolchain ${{ needs.get-version.outputs.toolchain }} | |
rustup component add rust-src | |
- name: install deps | |
run: sudo apt-get update && sudo apt-get install ${{ matrix.architectures.dependencies }} | |
- name: Install sccache | |
env: | |
TEMP: ${{ runner.temp }} | |
run: | | |
curl -L https://github.com/gruntwork-io/fetch/releases/download/v0.4.6/fetch_linux_amd64 --output $TEMP/fetch | |
chmod +x $TEMP/fetch | |
$TEMP/fetch --repo="https://github.com/mozilla/sccache" --tag="~>0.7.5" --release-asset="^sccache-v[0-9.]*-x86_64-unknown-linux-musl.tar.gz$" $TEMP | |
tar -xvf $TEMP/sccache-v*-x86_64-unknown-linux-musl.tar.gz -C $TEMP | |
mv $TEMP/sccache-v*-x86_64-unknown-linux-musl/sccache $TEMP/sccache | |
rm -rf $TEMP/sccache-v*-x86_64-unknown-linux-musl $TEMP/sccache-v*-x86_64-unknown-linux-musl.tar.gz $TEMP/fetch | |
chmod +x $TEMP/sccache | |
- name: Cache cargo registry | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry | |
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | |
${{ runner.os }}-cargo-registry- | |
- name: Cache cargo index | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/git | |
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} | |
${{ runner.os }}-cargo-index- | |
- name: Cache sccache | |
uses: actions/cache@v4 | |
with: | |
path: ${{ runner.temp }}/cache | |
key: ${{ runner.os }}-cargo-build-cache-release-${{ matrix.architectures.arch }}-${{ needs.get-version.outputs.toolchain }}-${{ needs.get-version.outputs.sane_branch_name_key }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-cargo-build-cache-release-${{ matrix.architectures.arch }}-${{ needs.get-version.outputs.toolchain }}-${{ needs.get-version.outputs.sane_branch_name_key }} | |
${{ runner.os }}-cargo-build-cache-release-${{ matrix.architectures.arch }}-${{ needs.get-version.outputs.toolchain }}- | |
${{ runner.os }}-cargo-build-cache-release-${{ matrix.architectures.arch }}- | |
${{ runner.os }}-cargo-build-cache-release- | |
- name: Cargo build | |
env: | |
RUSTC_WRAPPER: ${{ runner.temp }}/sccache | |
SCCACHE_DIR: ${{ runner.temp }}/cache | |
SCCACHE_CACHE_SIZE: "1G" | |
BINDGEN_EXTRA_CLANG_ARGS: ${{ matrix.architectures.bindgenExtraClangArgs }} | |
run: | | |
cargo build --profile=production --target ${{ matrix.architectures.target-tupl }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sqnc-node-${{ matrix.architectures.arch }} | |
path: | | |
./target/${{ matrix.architectures.target-tupl }}/production/sqnc-node | |
./target/${{ matrix.architectures.target-tupl }}/production/wbuild/sqnc-runtime/sqnc_runtime.compact.wasm | |
build-release: | |
name: Build release | |
runs-on: ubuntu-latest | |
needs: [get-version, build-binary] | |
if: ${{ needs.get-version.outputs.is_new_version == 'true' || needs.get-version.outputs.is_prerelease == 'true'}} | |
steps: | |
- name: Download x86_64 Artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: sqnc-node-x86_64 | |
path: x86_64 | |
- name: Download aarch64 Artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: sqnc-node-aarch64 | |
path: aarch64 | |
- name: Prepare artefacts | |
env: | |
BUILD_VERSION: ${{ needs.get-version.outputs.version }} | |
run: | | |
ls -R . | |
pushd ./x86_64 | |
echo $BUILD_VERSION | tee ./VERSION.txt | |
mv ./wbuild/sqnc-runtime/sqnc_runtime.compact.wasm ./sqnc_runtime.compact.wasm | |
chmod +x ./sqnc-node | |
shasum -a 256 ./sqnc-node | cut -d ' ' -f 1 | tee ./sqnc-node.sha256 | |
shasum -a 256 ./sqnc_runtime.compact.wasm | cut -d ' ' -f 1 | tee ./sqnc_runtime.compact.wasm.sha256 | |
tar -czvf ../sqnc-node-${BUILD_VERSION}-x86_64-unknown-linux-gnu.tar.gz ./VERSION.txt ./sqnc-node ./sqnc-node.sha256 | |
tar -czvf ../sqnc-node-${BUILD_VERSION}-runtime-wasm.tar.gz ./VERSION.txt ./sqnc_runtime.compact.wasm ./sqnc_runtime.compact.wasm.sha256 | |
popd; | |
pushd ./aarch64 | |
echo $BUILD_VERSION | tee ./VERSION.txt | |
mv ./wbuild/sqnc-runtime/sqnc_runtime.compact.wasm ./sqnc_runtime.compact.wasm | |
chmod +x ./sqnc-node | |
shasum -a 256 ./sqnc-node | cut -d ' ' -f 1 | tee ./sqnc-node.sha256 | |
tar -czvf ../sqnc-node-${BUILD_VERSION}-aarch64-unknown-linux-gnu.tar.gz ./VERSION.txt ./sqnc-node ./sqnc-node.sha256 | |
popd; | |
- name: Build release version | |
uses: softprops/action-gh-release@v2 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
tag_name: ${{ needs.get-version.outputs.version }} | |
name: ${{ needs.get-version.outputs.version }} | |
prerelease: ${{ needs.get-version.outputs.is_prerelease == 'true' }} | |
generate_release_notes: true | |
files: | | |
./sqnc-node-${{ needs.get-version.outputs.version }}-x86_64-unknown-linux-gnu.tar.gz | |
./sqnc-node-${{ needs.get-version.outputs.version }}-aarch64-unknown-linux-gnu.tar.gz | |
./sqnc-node-${{ needs.get-version.outputs.version }}-runtime-wasm.tar.gz | |
- name: Delete release latest | |
if: ${{ needs.get-version.outputs.is_prerelease != 'true' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
const { owner, repo } = context.repo | |
try { | |
await github.rest.git.deleteRef({ owner, repo, ref: 'tags/latest' }) | |
} | |
catch (err) { | |
if (err.status !== 422) throw err | |
} | |
- name: Build release latest | |
if: ${{ needs.get-version.outputs.is_prerelease != 'true' }} | |
uses: softprops/action-gh-release@v2 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
tag_name: latest | |
name: Latest ${{ needs.get-version.outputs.version }} | |
prerelease: false | |
generate_release_notes: true | |
files: | | |
./sqnc-node-${{ needs.get-version.outputs.version }}-x86_64-unknown-linux-gnu.tar.gz | |
./sqnc-node-${{ needs.get-version.outputs.version }}-aarch64-unknown-linux-gnu.tar.gz | |
./sqnc-node-${{ needs.get-version.outputs.version }}-runtime-wasm.tar.gz | |
# Docker build are always performed but are only version tagged on new version | |
build-docker: | |
name: Build Docker | |
runs-on: ubuntu-latest | |
needs: [get-version, build-release] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: linux/amd64 | |
- name: Setup Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
buildkitd-flags: --debug | |
- name: Generate tags | |
id: generate-tags | |
env: | |
VERSION: ${{ needs.get-version.outputs.version }} | |
IS_NEW_VERSION: ${{ needs.get-version.outputs.is_new_version }} | |
IS_PRERELEASE: ${{ needs.get-version.outputs.is_prerelease }} | |
# if it's a new non prerelease version tag with hash, version latest-dev and latest | |
# if it's a new prerelease version tag with hash, version and latest-dev | |
# if it's a non new version tag with hash and latest-dev | |
run: | | |
if [ "$IS_NEW_VERSION" == "true" ]; then | |
echo "GHCR_VERSION_TAG=ghcr.io/digicatapult/sqnc-node:$VERSION" >> $GITHUB_OUTPUT | |
echo "DOCKERHUB_VERSION_TAG=digicatapult/sqnc-node:$VERSION" >> $GITHUB_OUTPUT | |
if [ "$IS_PRERELEASE" == "false" ]; then | |
echo "GHCR_LATEST_TAG=ghcr.io/digicatapult/sqnc-node:latest" >> $GITHUB_OUTPUT | |
echo "DOCKERHUB_LATEST_TAG=digicatapult/sqnc-node:latest" >> $GITHUB_OUTPUT | |
else | |
echo "GHCR_LATEST_TAG=" >> $GITHUB_OUTPUT | |
echo "DOCKERHUB_LATEST_TAG=" >> $GITHUB_OUTPUT | |
fi; | |
else | |
echo "GHCR_VERSION_TAG=" >> $GITHUB_OUTPUT | |
echo "GHCR_LATEST_TAG=" >> $GITHUB_OUTPUT | |
echo "DOCKERHUB_VERSION_TAG=" >> $GITHUB_OUTPUT | |
echo "DOCKERHUB_LATEST_TAG=" >> $GITHUB_OUTPUT | |
fi; | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Dockerhub Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.SQNC_DOCKERHUB_USERNAME }} | |
password: ${{ secrets.SQNC_DOCKERHUB_TOKEN }} | |
- name: Build image | |
uses: docker/build-push-action@v6 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: . | |
build-args: | | |
RUST_TOOLCHAIN=${{ needs.get-version.outputs.toolchain }} | |
SQNC_VERSION=${{ needs.get-version.outputs.version }} | |
file: ./Dockerfile | |
platforms: linux/amd64, linux/arm64 | |
push: true | |
tags: | | |
ghcr.io/digicatapult/sqnc-node:${{ github.sha }} | |
${{ steps.generate-tags.outputs.GHCR_VERSION_TAG }} | |
${{ steps.generate-tags.outputs.GHCR_LATEST_TAG }} | |
digicatapult/sqnc-node:${{ github.sha }} | |
${{ steps.generate-tags.outputs.DOCKERHUB_VERSION_TAG }} | |
${{ steps.generate-tags.outputs.DOCKERHUB_LATEST_TAG }} | |
labels: | | |
org.opencontainers.image.title=sqnc-node | |
org.opencontainers.image.description=${{ github.event.repository.description }} | |
org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.version=${{ needs.get-version.outputs.version }} | |
org.opencontainers.image.created=${{ needs.get-version.outputs.build_date }} |