diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 116c1d4..87a8e30 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,11 +3,12 @@ name: Release on: push: tags: - - '[0-9]+.[0-9]+.[0-9]+' # Matches tags like 3.0.0, 3.1.2, etc. - workflow_dispatch: # Manual trigger from GitHub Actions UI + - '[0-9]+.[0-9]+.[0-9]+' + workflow_dispatch: permissions: contents: read + packages: write env: CARGO_TERM_COLOR: always @@ -37,11 +38,9 @@ jobs: asset_name: telemt-aarch64-linux-musl steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4 - - name: Install stable Rust toolchain - uses: dtolnay/rust-toolchain@888c2e1ea69ab0d4330cbf0af1ecc7b68f368cc1 # v1 + - uses: dtolnay/rust-toolchain@v1 with: toolchain: stable targets: ${{ matrix.target }} @@ -51,8 +50,7 @@ jobs: sudo apt-get update sudo apt-get install -y gcc-aarch64-linux-gnu - - name: Cache cargo registry & build artifacts - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 + - uses: actions/cache@v4 with: path: | ~/.cargo/registry @@ -76,8 +74,7 @@ jobs: tar -czvf ${{ matrix.asset_name }}.tar.gz ${{ matrix.artifact_name }} sha256sum ${{ matrix.asset_name }}.tar.gz > ${{ matrix.asset_name }}.sha256 - - name: Upload artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + - uses: actions/upload-artifact@v4 with: name: ${{ matrix.asset_name }} path: | @@ -85,30 +82,37 @@ jobs: target/${{ matrix.target }}/release/${{ matrix.asset_name }}.sha256 build-docker-image: + needs: build runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: - - name: Checkout - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + - name: Login to GHCR + uses: docker/login-action@v3 with: registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.TOKEN_GH_DEPLOY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract version + id: vars + run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT - name: Build and push uses: docker/build-push-action@v6 with: context: . push: true - tags: ${{ github.ref }} + tags: | + ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }} + ghcr.io/${{ github.repository }}:latest release: name: Create Release @@ -118,40 +122,14 @@ jobs: contents: write steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} - - name: Download all artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@v4 with: path: artifacts - - name: Update version in Cargo.toml and Cargo.lock - run: | - # Extract version from tag (remove 'v' prefix if present) - VERSION="${GITHUB_REF#refs/tags/}" - VERSION="${VERSION#v}" - - # Install cargo-edit for version bumping - cargo install cargo-edit - - # Update Cargo.toml version - cargo set-version "$VERSION" - - # Configure git - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - - # Commit and push changes - #git add Cargo.toml Cargo.lock - #git commit -m "chore: bump version to $VERSION" || echo "No changes to commit" - #git push origin HEAD:main - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Create Release uses: softprops/action-gh-release@v2 with: