CI and Artifacts #2066
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI and Artifacts | |
on: | |
pull_request: | |
push: | |
# documentation workflow deals with this or is not relevant for this workflow | |
paths-ignore: | |
- '*.md' | |
- 'conduwuit-example.toml' | |
- 'book.toml' | |
- '.gitlab-ci.yml' | |
- '.gitignore' | |
- 'renovate.json' | |
- 'docs/**' | |
- 'debian/**' | |
- 'docker/**' | |
branches: | |
- main | |
tags: | |
- '*' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.head_ref || github.ref_name }} | |
cancel-in-progress: false | |
env: | |
# sccache only on main repo | |
SCCACHE_GHA_ENABLED: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'true' || 'false' }}" | |
RUSTC_WRAPPER: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}" | |
SCCACHE_BUCKET: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}" | |
SCCACHE_S3_USE_SSL: ${{ vars.SCCACHE_S3_USE_SSL }} | |
SCCACHE_REGION: ${{ vars.SCCACHE_REGION }} | |
SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }} | |
SCCACHE_CACHE_MULTIARCH: ${{ vars.SCCACHE_CACHE_MULTIARCH }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# Required to make some things output color | |
TERM: ansi | |
# Publishing to my nix binary cache | |
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} | |
# conduwuit.cachix.org | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
# Just in case incremental is still being set to true, speeds up CI | |
CARGO_INCREMENTAL: 0 | |
# Custom nix binary cache if fork is being used | |
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }} | |
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }} | |
# Get error output from nix that we can actually use, and use our binary caches for the earlier CI steps | |
NIX_CONFIG: | | |
show-trace = true | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= | |
experimental-features = nix-command flakes | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
# complement uses libolm | |
NIXPKGS_ALLOW_INSECURE: 1 | |
permissions: | |
packages: write | |
contents: read | |
jobs: | |
tests: | |
name: Test | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Install liburing | |
run: | | |
sudo apt install liburing-dev -y | |
- name: Free up a bit of runner space | |
run: | | |
set +o pipefail | |
sudo docker image prune --all --force || true | |
sudo apt purge -y 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-cli google-chrome-stable firefox powershell microsoft-edge-stable || true | |
sudo apt clean | |
sudo rm -v -rf /usr/local/games /usr/local/sqlpackage /usr/local/share/powershell /usr/local/share/edge_driver /usr/local/share/gecko_driver /usr/local/share/chromium /usr/local/share/chromedriver-linux64 /usr/lib/google-cloud-sdk /usr/lib/jvm /usr/lib/mono /usr/lib/heroku | |
set -o pipefail | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Tag comparison check | |
if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }} | |
run: | | |
# Tag mismatch with latest repo tag check to prevent potential downgrades | |
LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) | |
if [ $LATEST_TAG != ${{ github.ref_name }} ]; then | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
- uses: nixbuild/nix-quick-install-action@master | |
- name: Restore and cache Nix store | |
uses: nix-community/[email protected] | |
with: | |
# restore and save a cache using this key | |
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/.lock') }} | |
# if there's no cache hit, restore a cache by this prefix | |
restore-prefixes-first-match: nix-${{ runner.os }}- | |
# collect garbage until Nix store size (in bytes) is at most this number | |
# before trying to save a new cache | |
gc-max-store-size-linux: 2073741824 | |
# do purge caches | |
purge: true | |
# purge all versions of the cache | |
purge-prefixes: nix-${{ runner.os }}- | |
# created more than this number of seconds ago relative to the start of the `Post Restore` phase | |
purge-last-accessed: 86400 | |
# except the version with the `primary-key`, if it exists | |
purge-primary-key: never | |
# always save the cache | |
save-always: true | |
- name: Enable Cachix binary cache | |
run: | | |
nix profile install nixpkgs#cachix | |
cachix use crane | |
cachix use nix-community | |
- name: Apply Nix binary cache configuration | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= | |
experimental-features = nix-command flakes | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
EOF | |
- name: Use alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = ${{ env.ATTIC_ENDPOINT }} | |
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }} | |
EOF | |
- name: Prepare build environment | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
nix profile install --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv | |
direnv allow | |
nix develop .#all-features --command true | |
- name: Cache CI dependencies | |
run: | | |
bin/nix-build-and-cache ci | |
bin/nix-build-and-cache just '.#devShells.x86_64-linux.default' | |
bin/nix-build-and-cache just '.#devShells.x86_64-linux.all-features' | |
bin/nix-build-and-cache just '.#devShells.x86_64-linux.dynamic' | |
# use sccache for Rust | |
- name: Run sccache-cache | |
if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') | |
uses: mozilla-actions/sccache-action@main | |
# use rust-cache | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-all-crates: "true" | |
- name: Run CI tests | |
env: | |
CARGO_PROFILE: "test" | |
run: | | |
direnv exec . engage > >(tee -a test_output.log) | |
- name: Run Complement tests | |
env: | |
CARGO_PROFILE: "test" | |
run: | | |
# the nix devshell sets $COMPLEMENT_SRC, so "/dev/null" is no-op | |
direnv exec . bin/complement "/dev/null" complement_test_logs.jsonl complement_test_results.jsonl > >(tee -a test_output.log) | |
cp -v -f result complement_oci_image.tar.gz | |
- name: Upload Complement OCI image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_oci_image.tar.gz | |
path: complement_oci_image.tar.gz | |
if-no-files-found: error | |
- name: Upload Complement logs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_test_logs.jsonl | |
path: complement_test_logs.jsonl | |
if-no-files-found: error | |
- name: Upload Complement results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: complement_test_results.jsonl | |
path: complement_test_results.jsonl | |
if-no-files-found: error | |
- name: Diff Complement results with checked-in repo results | |
run: | | |
diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_diff_output.log) | |
- name: Update Job Summary | |
if: success() || failure() | |
run: | | |
if [ ${{ job.status }} == 'success' ]; then | |
echo '# ✅ completed suwuccessfully' >> $GITHUB_STEP_SUMMARY | |
else | |
echo '# CI failure' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
tail -n 40 test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
echo '# Complement diff results' >> $GITHUB_STEP_SUMMARY | |
echo '```diff' >> $GITHUB_STEP_SUMMARY | |
tail -n 100 complement_diff_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
fi | |
- name: Run cargo clean test artifacts to free up space | |
run: | | |
cargo clean --profile test | |
build: | |
name: Build | |
runs-on: ubuntu-24.04 | |
needs: tests | |
strategy: | |
matrix: | |
include: | |
- target: aarch64-linux-musl | |
- target: x86_64-linux-musl | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- uses: nixbuild/nix-quick-install-action@master | |
- name: Restore and cache Nix store | |
uses: nix-community/[email protected] | |
with: | |
# restore and save a cache using this key | |
primary-key: nix-${{ runner.os }}-${{ matrix.target }}-${{ hashFiles('**/*.nix', '**/.lock') }} | |
# if there's no cache hit, restore a cache by this prefix | |
restore-prefixes-first-match: nix-${{ runner.os }}- | |
# collect garbage until Nix store size (in bytes) is at most this number | |
# before trying to save a new cache | |
gc-max-store-size-linux: 2073741824 | |
# do purge caches | |
purge: true | |
# purge all versions of the cache | |
purge-prefixes: nix-${{ runner.os }}- | |
# created more than this number of seconds ago relative to the start of the `Post Restore` phase | |
purge-last-accessed: 86400 | |
# except the version with the `primary-key`, if it exists | |
purge-primary-key: never | |
# always save the cache | |
save-always: true | |
- name: Enable Cachix binary cache | |
run: | | |
nix profile install nixpkgs#cachix | |
cachix use crane | |
cachix use nix-community | |
- name: Apply Nix binary cache configuration | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = https://attic.kennel.juneis.dog/conduwuit https://attic.kennel.juneis.dog/conduit https://cache.lix.systems https://conduwuit.cachix.org https://aseipp-nix-cache.freetls.fastly.net | |
extra-trusted-public-keys = conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk= conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o= conduwuit.cachix.org-1:MFRm6jcnfTf0jSAbmvLfhO3KBMt4px+1xaereWXp8Xg= | |
experimental-features = nix-command flakes | |
extra-experimental-features = nix-command flakes | |
accept-flake-config = true | |
EOF | |
- name: Use alternative Nix binary caches if specified | |
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }} | |
run: | | |
sudo tee -a "${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" > /dev/null <<EOF | |
extra-substituters = ${{ env.ATTIC_ENDPOINT }} | |
extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }} | |
EOF | |
- name: Prepare build environment | |
run: | | |
echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' > "$HOME/.direnvrc" | |
nix profile install --impure --inputs-from . nixpkgs#direnv nixpkgs#nix-direnv | |
direnv allow | |
nix develop .#all-features --command true --impure | |
# use sccache for Rust | |
- name: Run sccache-cache | |
if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') | |
uses: mozilla-actions/sccache-action@main | |
# use rust-cache | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-all-crates: "true" | |
- name: Build static ${{ matrix.target }} | |
run: | | |
if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl" | |
elif [[ ${{ matrix.target }} == "aarch64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="aarch64-unknown-linux-musl" | |
fi | |
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) | |
bin/nix-build-and-cache just .#static-${{ matrix.target }}-all-features | |
mkdir -v -p target/release/ | |
mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/ | |
cp -v -f result/bin/conduit target/release/conduwuit | |
cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit | |
# -p conduit is the main crate name | |
direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb | |
mv -v target/release/conduwuit static-${{ matrix.target }} | |
mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb | |
# quick smoke test of the x86_64 static release binary | |
- name: Run x86_64 static release binary | |
run: | | |
# GH actions default runners are x86_64 only | |
if file result/bin/conduit | grep x86-64; then | |
result/bin/conduit --version | |
fi | |
- name: Build static debug ${{ matrix.target }} | |
run: | | |
if [[ ${{ matrix.target }} == "x86_64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="x86_64-unknown-linux-musl" | |
elif [[ ${{ matrix.target }} == "aarch64-linux-musl" ]] | |
then | |
CARGO_DEB_TARGET_TUPLE="aarch64-unknown-linux-musl" | |
fi | |
SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) | |
bin/nix-build-and-cache just .#static-${{ matrix.target }}-all-features-debug | |
# > warning: dev profile is not supported and will be a hard error in the future. cargo-deb is for making releases, and it doesn't make sense to use it with dev profiles. | |
# so we need to coerce cargo-deb into thinking this is a release binary | |
mkdir -v -p target/release/ | |
mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/ | |
cp -v -f result/bin/conduit target/release/conduwuit | |
cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit | |
# -p conduit is the main crate name | |
direnv exec . cargo deb --verbose --no-build --no-strip -p conduit --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}-debug.deb | |
mv -v target/release/conduwuit static-${{ matrix.target }}-debug | |
mv -v target/release/${{ matrix.target }}-debug.deb ${{ matrix.target }}-debug.deb | |
# quick smoke test of the x86_64 static debug binary | |
- name: Run x86_64 static debug binary | |
run: | | |
# GH actions default runners are x86_64 only | |
if file result/bin/conduit | grep x86-64; then | |
result/bin/conduit --version | |
fi | |
# check validity of produced deb package, invalid debs will error on these commands | |
- name: Validate produced deb package | |
run: | | |
# List contents | |
dpkg-deb --contents ${{ matrix.target }}.deb | |
dpkg-deb --contents ${{ matrix.target }}-debug.deb | |
# List info | |
dpkg-deb --info ${{ matrix.target }}.deb | |
dpkg-deb --info ${{ matrix.target }}-debug.deb | |
- name: Upload static-${{ matrix.target }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-${{ matrix.target }} | |
path: static-${{ matrix.target }} | |
if-no-files-found: error | |
- name: Upload deb ${{ matrix.target }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb-${{ matrix.target }} | |
path: ${{ matrix.target }}.deb | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Upload static-${{ matrix.target }}-debug | |
uses: actions/upload-artifact@v4 | |
with: | |
name: static-${{ matrix.target }}-debug | |
path: static-${{ matrix.target }}-debug | |
if-no-files-found: error | |
- name: Upload deb ${{ matrix.target }}-debug | |
uses: actions/upload-artifact@v4 | |
with: | |
name: deb-${{ matrix.target }}-debug | |
path: ${{ matrix.target }}-debug.deb | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Build OCI image ${{ matrix.target }} | |
run: | | |
bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features | |
cp -v -f result oci-image-${{ matrix.target }}.tar.gz | |
- name: Build debug OCI image ${{ matrix.target }} | |
run: | | |
bin/nix-build-and-cache just .#oci-image-${{ matrix.target }}-all-features-debug | |
cp -v -f result oci-image-${{ matrix.target }}-debug.tar.gz | |
- name: Upload OCI image ${{ matrix.target }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-${{ matrix.target }} | |
path: oci-image-${{ matrix.target }}.tar.gz | |
if-no-files-found: error | |
compression-level: 0 | |
- name: Upload OCI image ${{ matrix.target }}-debug | |
uses: actions/upload-artifact@v4 | |
with: | |
name: oci-image-${{ matrix.target }}-debug | |
path: oci-image-${{ matrix.target }}-debug.tar.gz | |
if-no-files-found: error | |
compression-level: 0 | |
build_mac_binaries: | |
name: Build MacOS Binaries | |
strategy: | |
matrix: | |
os: [macos-latest, macos-13] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Sync repository | |
uses: actions/checkout@v4 | |
- name: Tag comparison check | |
if: ${{ startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') }} | |
run: | | |
# Tag mismatch with latest repo tag check to prevent potential downgrades | |
LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) | |
if [ $LATEST_TAG != ${{ github.ref_name }} ]; then | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' | |
echo '# WARNING: Attempting to run this workflow for a tag that is not the latest repo tag. Aborting.' >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
# use sccache for Rust | |
- name: Run sccache-cache | |
if: (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') | |
uses: mozilla-actions/sccache-action@main | |
# use rust-cache | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
cache-all-crates: "true" | |
# Nix can't do portable macOS builds yet | |
- name: Build macOS x86_64 binary | |
if: ${{ matrix.os == 'macos-13' }} | |
run: | | |
CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short HEAD)" cargo build --release | |
cp -v -f target/release/conduit conduwuit-macos-x86_64 | |
otool -L conduwuit-macos-x86_64 | |
# quick smoke test of the x86_64 macOS binary | |
- name: Run x86_64 macOS release binary | |
if: ${{ matrix.os == 'macos-13' }} | |
run: | | |
./conduwuit-macos-x86_64 --version | |
- name: Build macOS arm64 binary | |
if: ${{ matrix.os == 'macos-latest' }} | |
run: | | |
CONDUWUIT_VERSION_EXTRA="$(git rev-parse --short HEAD)" cargo build --release | |
cp -v -f target/release/conduit conduwuit-macos-arm64 | |
otool -L conduwuit-macos-arm64 | |
# quick smoke test of the arm64 macOS binary | |
- name: Run arm64 macOS release binary | |
if: ${{ matrix.os == 'macos-latest' }} | |
run: | | |
./conduwuit-macos-arm64 --version | |
- name: Upload macOS x86_64 binary | |
if: ${{ matrix.os == 'macos-13' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: conduwuit-macos-x86_64 | |
path: conduwuit-macos-x86_64 | |
if-no-files-found: error | |
- name: Upload macOS arm64 binary | |
if: ${{ matrix.os == 'macos-latest' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: conduwuit-macos-arm64 | |
path: conduwuit-macos-arm64 | |
if-no-files-found: error | |
docker: | |
name: Docker publish | |
runs-on: ubuntu-24.04 | |
needs: build | |
if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && github.event.pull_request.user.login != 'renovate[bot]' | |
env: | |
DOCKER_ARM64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
DOCKER_AMD64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
DOCKER_TAG: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
DOCKER_BRANCH: docker.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
GHCR_ARM64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
GHCR_AMD64: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
GHCR_TAG: ghcr.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
GHCR_BRANCH: ghcr.io/${{ github.repository }}:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
GLCR_ARM64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8 | |
GLCR_AMD64: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64 | |
GLCR_TAG: registry.gitlab.com/conduwuit/conduwuit:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }} | |
GLCR_BRANCH: registry.gitlab.com/conduwuit/conduwuit:${{ (startsWith(github.ref, 'refs/tags/v') && !endsWith(github.ref, '-rc') && 'latest') || (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: ${{ vars.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitLab Container Registry | |
if: ${{ (vars.GITLAB_USERNAME != '') && (env.GITLAB_TOKEN != '') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: registry.gitlab.com | |
username: ${{ vars.GITLAB_USERNAME }} | |
password: ${{ secrets.GITLAB_TOKEN }} | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Move OCI images into position | |
run: | | |
mv -v oci-image-x86_64-linux-musl/*.tar.gz oci-image-amd64.tar.gz | |
mv -v oci-image-aarch64-linux-musl/*.tar.gz oci-image-arm64v8.tar.gz | |
mv -v oci-image-x86_64-linux-musl-debug/*.tar.gz oci-image-amd64-debug.tar.gz | |
mv -v oci-image-aarch64-linux-musl-debug/*.tar.gz oci-image-arm64v8-debug.tar.gz | |
- name: Load and push amd64 image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-amd64.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }} | |
docker push ${{ env.DOCKER_AMD64 }} | |
docker push ${{ env.GHCR_AMD64 }} | |
docker push ${{ env.GLCR_AMD64 }} | |
- name: Load and push arm64 image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-arm64v8.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }} | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }} | |
docker push ${{ env.DOCKER_ARM64 }} | |
docker push ${{ env.GHCR_ARM64 }} | |
docker push ${{ env.GLCR_ARM64 }} | |
- name: Load and push amd64 debug image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-amd64-debug.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_AMD64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_AMD64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_AMD64 }}-debug | |
docker push ${{ env.DOCKER_AMD64 }}-debug | |
docker push ${{ env.GHCR_AMD64 }}-debug | |
docker push ${{ env.GLCR_AMD64 }}-debug | |
- name: Load and push arm64 debug image | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker load -i oci-image-arm64v8-debug.tar.gz | |
docker tag $(docker images -q conduit:main) ${{ env.DOCKER_ARM64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GHCR_ARM64 }}-debug | |
docker tag $(docker images -q conduit:main) ${{ env.GLCR_ARM64 }}-debug | |
docker push ${{ env.DOCKER_ARM64 }}-debug | |
docker push ${{ env.GHCR_ARM64 }}-debug | |
docker push ${{ env.GLCR_ARM64 }}-debug | |
- name: Create Docker combined manifests | |
run: | | |
# Dockerhub Container Registry | |
docker manifest create ${{ env.DOCKER_TAG }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} | |
docker manifest create ${{ env.DOCKER_BRANCH }} --amend ${{ env.DOCKER_ARM64 }} --amend ${{ env.DOCKER_AMD64 }} | |
# GitHub Container Registry | |
docker manifest create ${{ env.GHCR_TAG }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} | |
docker manifest create ${{ env.GHCR_BRANCH }} --amend ${{ env.GHCR_ARM64 }} --amend ${{ env.GHCR_AMD64 }} | |
# GitLab Container Registry | |
docker manifest create ${{ env.GLCR_TAG }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }} | |
docker manifest create ${{ env.GLCR_BRANCH }} --amend ${{ env.GLCR_ARM64 }} --amend ${{ env.GLCR_AMD64 }} | |
- name: Create Docker combined debug manifests | |
run: | | |
# Dockerhub Container Registry | |
docker manifest create ${{ env.DOCKER_TAG }}-debug --amend ${{ env.DOCKER_ARM64 }}-debug --amend ${{ env.DOCKER_AMD64 }}-debug | |
docker manifest create ${{ env.DOCKER_BRANCH }}-debug --amend ${{ env.DOCKER_ARM64 }}-debug --amend ${{ env.DOCKER_AMD64 }}-debug | |
# GitHub Container Registry | |
docker manifest create ${{ env.GHCR_TAG }}-debug --amend ${{ env.GHCR_ARM64 }}-debug --amend ${{ env.GHCR_AMD64 }}-debug | |
docker manifest create ${{ env.GHCR_BRANCH }}-debug --amend ${{ env.GHCR_ARM64 }}-debug --amend ${{ env.GHCR_AMD64 }}-debug | |
# GitLab Container Registry | |
docker manifest create ${{ env.GLCR_TAG }}-debug --amend ${{ env.GLCR_ARM64 }}-debug --amend ${{ env.GLCR_AMD64 }}-debug | |
docker manifest create ${{ env.GLCR_BRANCH }}-debug --amend ${{ env.GLCR_ARM64 }}-debug --amend ${{ env.GLCR_AMD64 }}-debug | |
- name: Push manifests to Docker registries | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
docker manifest push ${{ env.DOCKER_TAG }} | |
docker manifest push ${{ env.DOCKER_BRANCH }} | |
docker manifest push ${{ env.GHCR_TAG }} | |
docker manifest push ${{ env.GHCR_BRANCH }} | |
docker manifest push ${{ env.GLCR_TAG }} | |
docker manifest push ${{ env.GLCR_BRANCH }} | |
docker manifest push ${{ env.DOCKER_TAG }}-debug | |
docker manifest push ${{ env.DOCKER_BRANCH }}-debug | |
docker manifest push ${{ env.GHCR_TAG }}-debug | |
docker manifest push ${{ env.GHCR_BRANCH }}-debug | |
docker manifest push ${{ env.GLCR_TAG }}-debug | |
docker manifest push ${{ env.GLCR_BRANCH }}-debug | |
- name: Add Image Links to Job Summary | |
if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }} | |
run: | | |
echo "- \`docker pull ${{ env.DOCKER_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GHCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GLCR_TAG }}\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.DOCKER_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GHCR_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY | |
echo "- \`docker pull ${{ env.GLCR_TAG }}-debug\`" >> $GITHUB_STEP_SUMMARY |