astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #530 from telemt/workflow 

Update release.yml
This commit is contained in:
Alexey 2026-03-21 21:45:23 +03:00 committed by GitHub
parent e7a1d26e6e b17482ede3
commit a95678988a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 61 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

249
.github/workflows/release.yml vendored
View File

@ -21,16 +21,13 @@ env:
jobs: jobs:
prepare: prepare:
name: Prepare metadata
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
version: ${{ steps.meta.outputs.version }} version: ${{ steps.meta.outputs.version }}
prerelease: ${{ steps.meta.outputs.prerelease }} prerelease: ${{ steps.meta.outputs.prerelease }}
release_enabled: ${{ steps.meta.outputs.release_enabled }} release_enabled: ${{ steps.meta.outputs.release_enabled }}
steps: steps:
- name: Derive version - id: meta
id: meta
shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
@ -53,62 +50,38 @@ jobs:
echo "release_enabled=$RELEASE_ENABLED" >> "$GITHUB_OUTPUT" echo "release_enabled=$RELEASE_ENABLED" >> "$GITHUB_OUTPUT"
checks: checks:
name: Checks
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: debian:trixie image: debian:trixie
steps: steps:
- name: Install system dependencies - run: |
run: |
set -euo pipefail
apt-get update apt-get update
apt-get install -y --no-install-recommends \ apt-get install -y build-essential clang llvm pkg-config curl git
ca-certificates \
curl \
git \
build-essential \
pkg-config \
clang \
llvm \
python3 \
python3-pip
update-ca-certificates
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable - uses: dtolnay/rust-toolchain@stable
with: with:
components: rustfmt, clippy components: rustfmt, clippy
- name: Cache cargo - uses: actions/cache@v4
uses: actions/cache@v4
with: with:
path: | path: |
/github/home/.cargo/registry /github/home/.cargo/registry
/github/home/.cargo/git /github/home/.cargo/git
target target
key: checks-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} key: checks-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
checks-${{ runner.os }}-
- name: Cargo fetch - run: cargo fetch --locked
run: cargo fetch --locked - run: cargo fmt --all -- --check
- run: cargo clippy
- name: Format - run: cargo test
run: cargo fmt --all -- --check
- name: Clippy
run: cargo clippy
- name: Tests
run: cargo test
build-binaries: build-binaries:
name: Build ${{ matrix.asset_name }}
needs: [prepare, checks] needs: [prepare, checks]
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: container:
image: debian:trixie image: debian:trixie
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -127,154 +100,80 @@ jobs:
asset_name: telemt-aarch64-linux-musl asset_name: telemt-aarch64-linux-musl
steps: steps:
- name: Install system dependencies - run: |
run: |
set -euo pipefail
apt-get update apt-get update
apt-get install -y --no-install-recommends \ apt-get install -y clang llvm pkg-config curl git python3 python3-pip file tar xz-utils
ca-certificates \
curl \
git \
build-essential \
pkg-config \
clang \
llvm \
file \
tar \
xz-utils \
python3 \
python3-pip
update-ca-certificates
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable - uses: dtolnay/rust-toolchain@stable
with: with:
targets: ${{ matrix.rust_target }} targets: ${{ matrix.rust_target }}
- name: Cache cargo - uses: actions/cache@v4
uses: actions/cache@v4
with: with:
path: | path: |
/github/home/.cargo/registry /github/home/.cargo/registry
/github/home/.cargo/git /github/home/.cargo/git
target target
key: build-${{ matrix.zig_target }}-${{ hashFiles('**/Cargo.lock') }} key: build-${{ matrix.zig_target }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
build-${{ matrix.zig_target }}-
- name: Install cargo-zigbuild + Zig - run: |
run: |
set -euo pipefail
python3 -m pip install --user --break-system-packages cargo-zigbuild python3 -m pip install --user --break-system-packages cargo-zigbuild
echo "/github/home/.local/bin" >> "$GITHUB_PATH" echo "/github/home/.local/bin" >> "$GITHUB_PATH"
- name: Cargo fetch - run: cargo fetch --locked
run: cargo fetch --locked
- name: Build release - run: |
env:
CARGO_PROFILE_RELEASE_LTO: "fat"
CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "1"
CARGO_PROFILE_RELEASE_PANIC: "abort"
run: |
set -euo pipefail
cargo zigbuild --release --locked --target "${{ matrix.zig_target }}" cargo zigbuild --release --locked --target "${{ matrix.zig_target }}"
- name: Debug target dir (optional but useful) - run: |
run: | BIN="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
set -euo pipefail llvm-strip "$BIN" || true
ls -lah "target/${{ matrix.rust_target }}/release/" || true
- name: Strip binary - run: |
run: | BIN="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
set -euo pipefail OUT="$RUNNER_TEMP/${{ matrix.asset_name }}"
llvm-strip "target/${{ matrix.rust_target }}/release/${BINARY_NAME}" || true mkdir -p "$OUT"
install -m755 "$BIN" "$OUT/${BINARY_NAME}"
- name: Inspect binary tar -C "$RUNNER_TEMP" -czf "${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
run: | sha256sum "${{ matrix.asset_name }}.tar.gz" > "${{ matrix.asset_name }}.sha256"
set -euo pipefail
file "target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
- name: Package
run: |
set -euo pipefail
BIN_PATH="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
test -f "$BIN_PATH"
OUTDIR="$RUNNER_TEMP/pkg/${{ matrix.asset_name }}"
mkdir -p "$OUTDIR"
install -m 0755 "$BIN_PATH" "$OUTDIR/${BINARY_NAME}"
if [[ -f LICENSE ]]; then cp LICENSE "$OUTDIR/"; fi
if [[ -f README.md ]]; then cp README.md "$OUTDIR/"; fi
cat > "$OUTDIR/BUILD-INFO.txt" <<EOF
project=${GITHUB_REPOSITORY}
version=${{ needs.prepare.outputs.version }}
git_ref=${GITHUB_REF}
git_sha=${GITHUB_SHA}
rust_target=${{ matrix.rust_target }}
zig_target=${{ matrix.zig_target }}
built_at=$(date -u +%Y-%m-%dT%H:%M:%SZ)
EOF
mkdir -p dist
tar -C "$RUNNER_TEMP/pkg" -czf "dist/${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
sha256sum "dist/${{ matrix.asset_name }}.tar.gz" > "dist/${{ matrix.asset_name }}.sha256"
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v4
with: with:
name: ${{ matrix.asset_name }} name: ${{ matrix.asset_name }}
path: | path: |
dist/${{ matrix.asset_name }}.tar.gz ${{ matrix.asset_name }}.tar.gz
dist/${{ matrix.asset_name }}.sha256 ${{ matrix.asset_name }}.sha256
if-no-files-found: error
retention-days: 14
attest-binaries:
name: Attest binary archives
needs: build-binaries
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/download-artifact@v4
with:
path: dist
- name: Flatten artifacts
run: |
set -euo pipefail
mkdir -p upload
find dist -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
ls -lah upload
- name: Attest release archives
uses: actions/attest-build-provenance@v3
with:
subject-path: 'upload/*.tar.gz'
docker-image: docker-image:
name: Build and push GHCR image name: Docker ${{ matrix.platform }}
needs: [prepare, checks] needs: [prepare, build-binaries]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read strategy:
packages: write matrix:
include:
- platform: linux/amd64
artifact: telemt-x86_64-linux-gnu
- platform: linux/arm64
artifact: telemt-aarch64-linux-gnu
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3 - uses: actions/download-artifact@v4
with:
name: ${{ matrix.artifact }}
path: dist
- run: |
mkdir docker-build
tar -xzf dist/*.tar.gz -C docker-build --strip-components=1
- uses: docker/setup-buildx-action@v3 - uses: docker/setup-buildx-action@v3
- name: Log in to GHCR - name: Login
if: ${{ needs.prepare.outputs.release_enabled == 'true' }} if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@ -282,42 +181,20 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker metadata - uses: docker/build-push-action@v6
id: meta
uses: docker/metadata-action@v5
with: with:
images: ghcr.io/${{ github.repository }} context: ./docker-build
tags: | platforms: ${{ matrix.platform }}
type=raw,value=${{ needs.prepare.outputs.version }}
type=raw,value=latest,enable=${{ needs.prepare.outputs.prerelease != 'true' && needs.prepare.outputs.release_enabled == 'true' }}
labels: |
org.opencontainers.image.title=telemt
org.opencontainers.image.description=telemt
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.version=${{ needs.prepare.outputs.version }}
org.opencontainers.image.revision=${{ github.sha }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ needs.prepare.outputs.release_enabled == 'true' }} push: ${{ needs.prepare.outputs.release_enabled == 'true' }}
tags: ${{ steps.meta.outputs.tags }} tags: ghcr.io/${{ github.repository }}:${{ needs.prepare.outputs.version }}
labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha,scope=telemt-${{ matrix.platform }}
cache-from: type=gha cache-to: type=gha,mode=max,scope=telemt-${{ matrix.platform }}
cache-to: type=gha,mode=max provenance: false
provenance: mode=max sbom: false
sbom: true
build-args: |
TELEMT_VERSION=${{ needs.prepare.outputs.version }}
VCS_REF=${{ github.sha }}
release: release:
name: Create GitHub Release
if: ${{ needs.prepare.outputs.release_enabled == 'true' }} if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
needs: [prepare, build-binaries, attest-binaries, docker-image] needs: [prepare, build-binaries]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: write contents: write
@ -326,18 +203,14 @@ jobs:
- uses: actions/download-artifact@v4 - uses: actions/download-artifact@v4
with: with:
path: release-artifacts path: release-artifacts
pattern: telemt-*
- name: Flatten artifacts - run: |
run: | mkdir upload
set -euo pipefail
mkdir -p upload
find release-artifacts -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \; find release-artifacts -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
ls -lah upload
- name: Create release - uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v2
with: with:
files: upload/* files: upload/*
generate_release_notes: true generate_release_notes: true
draft: false
prerelease: ${{ needs.prepare.outputs.prerelease == 'true' }} prerelease: ${{ needs.prepare.outputs.prerelease == 'true' }}