overmindtech/buildkit-cache-dance -> reproducible-containers/buildkit-cache-dance #85
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
pull_request: | |
jobs: | |
release: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Reproduce the exact commit hash value | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV | |
- uses: docker/setup-buildx-action@v2 | |
- name: Cache var-cache-apt | |
uses: actions/cache@v3 | |
with: | |
path: var-cache-apt | |
key: var-cache-apt-${{ hashFiles('Dockerfile.artifact') }} | |
- name: Cache var-lib-apt | |
uses: actions/cache@v3 | |
with: | |
path: var-lib-apt | |
key: var-lib-apt-${{ hashFiles('Dockerfile.artifact') }} | |
- name: inject var-cache-apt into docker | |
uses: AkihiroSuda/buildkit-cache-dance@0896c7c47135b0fc0d4352a14b9417bef1441284 | |
with: | |
cache-source: var-cache-apt | |
cache-target: /var/cache/apt | |
- name: inject var-lib-apt into docker | |
uses: AkihiroSuda/buildkit-cache-dance@0896c7c47135b0fc0d4352a14b9417bef1441284 | |
with: | |
cache-source: var-lib-apt | |
cache-target: /var/lib/apt | |
- name: "Build binaries from Dockerfile.artifact" | |
run: docker buildx build -o /tmp/slirpbuilds --build-arg SOURCE_DATE_EPOCH --platform=amd64,arm64,arm,s390x,ppc64le,riscv64 -f Dockerfile.artifact . | |
- name: "Create /tmp/artifact" | |
run: | | |
mkdir -p /tmp/artifact | |
mv /tmp/slirpbuilds/linux_amd64/slirp4netns /tmp/artifact/slirp4netns-x86_64 | |
mv /tmp/slirpbuilds/linux_arm64/slirp4netns /tmp/artifact/slirp4netns-aarch64 | |
mv /tmp/slirpbuilds/linux_arm_v7/slirp4netns /tmp/artifact/slirp4netns-armv7l | |
mv /tmp/slirpbuilds/linux_s390x/slirp4netns /tmp/artifact/slirp4netns-s390x | |
mv /tmp/slirpbuilds/linux_ppc64le/slirp4netns /tmp/artifact/slirp4netns-ppc64le | |
mv /tmp/slirpbuilds/linux_riscv64/slirp4netns /tmp/artifact/slirp4netns-riscv64 | |
echo "${SOURCE_DATE_EPOCH}" >/tmp/artifact/SOURCE_DATE_EPOCH | |
- name: "SHA256SUMS" | |
run: (cd /tmp/artifact; sha256sum *) | tee /tmp/SHA256SUMS | |
- name: "The sha256sum of the SHA256SUMS file" | |
run: sha256sum /tmp/SHA256SUMS | |
- name: "Prepare the release note" | |
run: | | |
tag="${GITHUB_REF##*/}" | |
shasha=$(sha256sum /tmp/SHA256SUMS | awk '{print $1}') | |
libslirp_version=$(/tmp/artifact/slirp4netns-x86_64 -v | grep -oP '^libslirp: \K\S*') | |
libseccomp_version=$(/tmp/artifact/slirp4netns-x86_64 -v | grep -oP '^libseccomp: \K\S*') | |
ubuntu_version=$(grep -oP '^ARG UBUNTU_VERSION=\K\S*' Dockerfile.artifact) | |
cat << EOF | tee /tmp/release-note.txt | |
${tag} | |
#### Changes | |
(To be documented) | |
#### Install | |
\`\`\` | |
curl -o slirp4netns --fail -L https://github.com/${{ github.repository }}/releases/download/${tag}/slirp4netns-\$(uname -m) | |
chmod +x slirp4netns | |
\`\`\` | |
#### About the binaries | |
The binaries are statically linked with libslirp ${libslirp_version} and libseccomp ${libseccomp_version} using Ubuntu ${ubuntu_version}. | |
The binaries were built automatically on GitHub Actions. | |
The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
The sha256sum of the SHA256SUMS file itself is \`${shasha}\` . | |
The binaries should be reproducible with the following command: | |
\`\`\` | |
docker buildx build \ | |
-o /tmp/slirpbuilds \ | |
--build-arg SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} \ | |
--build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 \ | |
--platform=amd64,arm64,arm,s390x,ppc64le,riscv64 \ | |
-f Dockerfile.artifact \ | |
"https://github.com/${{ github.repository }}.git#${tag}" | |
\`\`\` | |
EOF | |
- name: "Create release" | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
tag="${GITHUB_REF##*/}" | |
asset_flags=() | |
for f in /tmp/artifact/* /tmp/SHA256SUMS; do asset_flags+=("-a" "$f"); done | |
hub release create "${asset_flags[@]}" -F /tmp/release-note.txt --draft "${tag}" |