Implement release process for rustup #205
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: {} | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone the source code | |
uses: actions/checkout@v3 | |
- name: Ensure Rust Stable is up to date | |
run: rustup self update && rustup update stable | |
- name: Ensure the source code is formatted | |
run: cargo fmt -- --check | |
- name: Ensure there are no Clippy warnings | |
run: cargo clippy -- -Dwarnings | |
- name: Ensure tests are passing | |
run: cargo test -- --nocapture | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
local: | |
name: Local release | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
channel: [stable, beta, nightly] | |
steps: | |
- name: Clone the source code | |
uses: actions/checkout@v3 | |
- name: Ensure Rust Stable is up to date | |
run: rustup self update && rustup update stable | |
- name: Start the local environment | |
run: docker-compose up -d | |
- name: Run the local release process for channel ${{ matrix.channel }} | |
run: ./run.sh ${{ matrix.channel }} | |
- name: Validate the generated signatures | |
run: docker-compose exec -T local /src/local/check-signature.sh ${{ matrix.channel }} | |
- name: Remove the previously installed ${{ matrix.channel }} toolchain | |
run: rustup toolchain remove ${{ matrix.channel }} | |
- name: Install the ${{ matrix.channel }} toolchain from the local environment | |
run: rustup toolchain install ${{ matrix.channel }} --profile=minimal | |
env: | |
RUSTUP_DIST_SERVER: http://localhost:9000/static | |
docker: | |
name: Build Docker image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone the source code | |
uses: actions/checkout@v3 | |
- name: Build the Docker image | |
run: docker build -t promote-release -f prod/Dockerfile . | |
- name: Create a tarball of the Docker image built previously | |
run: docker save promote-release | zstd -5 - > promote-release.tar.zstd | |
if: github.event_name == 'push' && github.repository == 'rust-lang/promote-release' && github.ref == 'refs/heads/master' | |
- name: Upload the Docker image we built to GitHub Actions artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: docker-image | |
path: promote-release.tar.zstd | |
retention-days: 1 | |
if: github.event_name == 'push' && github.repository == 'rust-lang/promote-release' && github.ref == 'refs/heads/master' | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
needs: [test, local, docker] | |
if: github.event_name == 'push' && github.repository == 'rust-lang/promote-release' && github.ref == 'refs/heads/master' | |
steps: | |
- name: Download the Docker image previously built | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-image | |
- name: Import the Docker image previously built | |
run: cat promote-release.tar.zstd | zstd -d | docker load | |
- name: Configure AWS credentials | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::890664054962:role/ci--rust-lang-promote-release | |
aws-region: us-west-1 | |
- name: Login to Amazon ECR Private | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Tag and push docker image to Amazon ECR | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: promote-release | |
run: | | |
docker tag promote-release $REGISTRY/$REPOSITORY:latest | |
docker push $REGISTRY/$REPOSITORY:latest |