.github/workflows/release.yml

@@ -4,269 +4,85 @@ on:
   push:
     tags:
       - '[0-9]+.[0-9]+.[0-9]+'
-      - '[0-9]+.[0-9]+.[0-9]+-*'
   workflow_dispatch:
 
-concurrency:
-  group: release-${{ github.ref }}
-  cancel-in-progress: true
-
 permissions:
   contents: read
+  packages: write
 
 env:
   CARGO_TERM_COLOR: always
-  RUST_BACKTRACE: "1"
-  BINARY_NAME: telemt
 
 jobs:
-  prepare:
+  build:
-    name: Prepare metadata
+    name: Build ${{ matrix.target }}
     runs-on: ubuntu-latest
-    outputs:
+    permissions:
-      version: ${{ steps.meta.outputs.version }}
+      contents: read
-      prerelease: ${{ steps.meta.outputs.prerelease }}
-      release_enabled: ${{ steps.meta.outputs.release_enabled }}
-    steps:
-      - name: Derive version
-        id: meta
-        shell: bash
-        run: |
-          set -euo pipefail
 
-          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
-            VERSION="${GITHUB_REF#refs/tags/}"
-            RELEASE_ENABLED=true
-          else
-            VERSION="manual-${GITHUB_SHA::7}"
-            RELEASE_ENABLED=false
-          fi
-
-          if [[ "$VERSION" == *"-alpha"* || "$VERSION" == *"-beta"* || "$VERSION" == *"-rc"* ]]; then
-            PRERELEASE=true
-          else
-            PRERELEASE=false
-          fi
-
-          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
-          echo "prerelease=$PRERELEASE" >> "$GITHUB_OUTPUT"
-          echo "release_enabled=$RELEASE_ENABLED" >> "$GITHUB_OUTPUT"
-
-  checks:
-    name: Checks
-    runs-on: ubuntu-latest
-    container:
-      image: debian:trixie
-    steps:
-      - name: Install system dependencies
-        shell: bash
-        run: |
-          set -euo pipefail
-          apt-get update
-          apt-get install -y --no-install-recommends \
-            ca-certificates \
-            curl \
-            git \
-            build-essential \
-            pkg-config \
-            clang \
-            llvm \
-            python3 \
-            python3-pip
-          update-ca-certificates
-
-      - uses: actions/checkout@v4
-
-      - uses: dtolnay/rust-toolchain@stable
-        with:
-          components: rustfmt, clippy
-
-      - name: Cache cargo
-        uses: actions/cache@v4
-        with:
-          path: |
-            /github/home/.cargo/registry
-            /github/home/.cargo/git
-            target
-          key: checks-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: |
-            checks-${{ runner.os }}-
-
-      - name: Cargo fetch
-        shell: bash
-        run: cargo fetch --locked
-
-      - name: Format
-        shell: bash
-        run: cargo fmt --all -- --check
-
-      - name: Clippy
-        shell: bash
-        run: cargo clippy --workspace --all-targets --locked -- -D warnings
-
-      - name: Tests
-        shell: bash
-        run: cargo test --workspace --all-targets --locked
-
-  build-binaries:
-    name: Build ${{ matrix.asset_name }}
-    needs: [prepare, checks]
-    runs-on: ubuntu-latest
-    container:
-      image: debian:trixie
     strategy:
       fail-fast: false
       matrix:
         include:
-          - rust_target: x86_64-unknown-linux-gnu
+          - target: x86_64-unknown-linux-gnu
-            zig_target: x86_64-unknown-linux-gnu.2.28
+            artifact_name: telemt
             asset_name: telemt-x86_64-linux-gnu
-          - rust_target: aarch64-unknown-linux-gnu
+          - target: aarch64-unknown-linux-gnu
-            zig_target: aarch64-unknown-linux-gnu.2.28
+            artifact_name: telemt
             asset_name: telemt-aarch64-linux-gnu
-          - rust_target: x86_64-unknown-linux-musl
+          - target: x86_64-unknown-linux-musl
-            zig_target: x86_64-unknown-linux-musl
+            artifact_name: telemt
             asset_name: telemt-x86_64-linux-musl
-          - rust_target: aarch64-unknown-linux-musl
+          - target: aarch64-unknown-linux-musl
-            zig_target: aarch64-unknown-linux-musl
+            artifact_name: telemt
             asset_name: telemt-aarch64-linux-musl
 
     steps:
-      - name: Install system dependencies
-        shell: bash
-        run: |
-          set -euo pipefail
-          apt-get update
-          apt-get install -y --no-install-recommends \
-            ca-certificates \
-            curl \
-            git \
-            build-essential \
-            pkg-config \
-            clang \
-            llvm \
-            file \
-            tar \
-            xz-utils \
-            python3 \
-            python3-pip
-          update-ca-certificates
-
       - uses: actions/checkout@v4
 
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@v1
         with:
-          targets: ${{ matrix.rust_target }}
+          toolchain: stable
+          targets: ${{ matrix.target }}
 
-      - name: Cache cargo
+      - name: Install cross-compilation tools
-        uses: actions/cache@v4
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gcc-aarch64-linux-gnu
+
+      - uses: actions/cache@v4
         with:
           path: |
-            /github/home/.cargo/registry
+            ~/.cargo/registry
-            /github/home/.cargo/git
+            ~/.cargo/git
             target
-          key: build-${{ matrix.zig_target }}-${{ hashFiles('**/Cargo.lock') }}
+          key: ${{ runner.os }}-${{ matrix.target }}-cargo-${{ hashFiles('**/Cargo.lock') }}
           restore-keys: |
-            build-${{ matrix.zig_target }}-
+            ${{ runner.os }}-${{ matrix.target }}-cargo-
 
-      - name: Install cargo-zigbuild + Zig
+      - name: Install cross
-        shell: bash
+        run: cargo install cross --git https://github.com/cross-rs/cross
-        run: |
-          set -euo pipefail
-          python3 -m pip install --user --break-system-packages cargo-zigbuild
-          echo "/github/home/.local/bin" >> "$GITHUB_PATH"
 
-      - name: Cargo fetch
+      - name: Build Release
-        shell: bash
-        run: cargo fetch --locked
-
-      - name: Build release
-        shell: bash
         env:
-          CARGO_PROFILE_RELEASE_LTO: "fat"
+          RUSTFLAGS: ${{ contains(matrix.target, 'musl') && '-C target-feature=+crt-static' || '' }}
-          CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "1"
+        run: cross build --release --target ${{ matrix.target }}
-          CARGO_PROFILE_RELEASE_PANIC: "abort"
+
+      - name: Package binary
         run: |
-          set -euo pipefail
+          cd target/${{ matrix.target }}/release
-          cargo zigbuild --release --locked --target "${{ matrix.zig_target }}"
+          tar -czvf ${{ matrix.asset_name }}.tar.gz ${{ matrix.artifact_name }}
-
+          sha256sum ${{ matrix.asset_name }}.tar.gz > ${{ matrix.asset_name }}.sha256
-      - name: Strip binary
-        shell: bash
-        run: |
-          set -euo pipefail
-          llvm-strip "target/${{ matrix.zig_target }}/release/${BINARY_NAME}" || true
-
-      - name: Inspect binary
-        shell: bash
-        run: |
-          set -euo pipefail
-          file "target/${{ matrix.zig_target }}/release/${BINARY_NAME}"
-
-      - name: Package
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          OUTDIR="$RUNNER_TEMP/pkg/${{ matrix.asset_name }}"
-          mkdir -p "$OUTDIR"
-
-          install -m 0755 "target/${{ matrix.zig_target }}/release/${BINARY_NAME}" "$OUTDIR/${BINARY_NAME}"
-
-          if [[ -f LICENSE ]]; then cp LICENSE "$OUTDIR/"; fi
-          if [[ -f README.md ]]; then cp README.md "$OUTDIR/"; fi
-
-          cat > "$OUTDIR/BUILD-INFO.txt" <<EOF
-          project=${GITHUB_REPOSITORY}
-          version=${{ needs.prepare.outputs.version }}
-          git_ref=${GITHUB_REF}
-          git_sha=${GITHUB_SHA}
-          rust_target=${{ matrix.rust_target }}
-          zig_target=${{ matrix.zig_target }}
-          built_at=$(date -u +%Y-%m-%dT%H:%M:%SZ)
-          EOF
-
-          mkdir -p dist
-          tar -C "$RUNNER_TEMP/pkg" -czf "dist/${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
-          sha256sum "dist/${{ matrix.asset_name }}.tar.gz" > "dist/${{ matrix.asset_name }}.sha256"
 
       - uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.asset_name }}
           path: |
-            dist/${{ matrix.asset_name }}.tar.gz
+            target/${{ matrix.target }}/release/${{ matrix.asset_name }}.tar.gz
-            dist/${{ matrix.asset_name }}.sha256
+            target/${{ matrix.target }}/release/${{ matrix.asset_name }}.sha256
-          if-no-files-found: error
-          retention-days: 14
 
-  attest-binaries:
+  build-docker-image:
-    name: Attest binary archives
+    needs: build
-    needs: build-binaries
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      attestations: write
-      id-token: write
-    steps:
-      - uses: actions/download-artifact@v4
-        with:
-          path: dist
-
-      - name: Flatten artifacts
-        shell: bash
-        run: |
-          set -euo pipefail
-          mkdir -p upload
-          find dist -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
-          ls -lah upload
-
-      - name: Attest release archives
-        uses: actions/attest-build-provenance@v3
-        with:
-          subject-path: 'upload/*.tar.gz'
-
-  docker-image:
-    name: Build and push GHCR image
-    needs: [prepare, checks]
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -275,78 +91,49 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up QEMU
+      - uses: docker/setup-qemu-action@v3
-        uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
-      - name: Set up Buildx
+      - name: Login to GHCR
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to GHCR
-        if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Docker metadata
+      - name: Extract version
-        id: meta
+        id: vars
-        uses: docker/metadata-action@v5
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
-        with:
-          images: ghcr.io/${{ github.repository }}
-          tags: |
-            type=raw,value=${{ needs.prepare.outputs.version }}
-            type=raw,value=latest,enable=${{ needs.prepare.outputs.prerelease != 'true' && needs.prepare.outputs.release_enabled == 'true' }}
-          labels: |
-            org.opencontainers.image.title=telemt
-            org.opencontainers.image.description=telemt
-            org.opencontainers.image.source=https://github.com/${{ github.repository }}
-            org.opencontainers.image.version=${{ needs.prepare.outputs.version }}
-            org.opencontainers.image.revision=${{ github.sha }}
 
       - name: Build and push
-        id: build
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./Dockerfile
+          push: true
-          platforms: linux/amd64,linux/arm64
+          tags: |
-          push: ${{ needs.prepare.outputs.release_enabled == 'true' }}
+            ghcr.io/${{ github.repository }}:${{ steps.vars.outputs.VERSION }}
-          tags: ${{ steps.meta.outputs.tags }}
+            ghcr.io/${{ github.repository }}:latest
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          provenance: mode=max
-          sbom: true
-          build-args: |
-            TELEMT_VERSION=${{ needs.prepare.outputs.version }}
-            VCS_REF=${{ github.sha }}
 
   release:
-    name: Create GitHub Release
+    name: Create Release
-    if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
+    needs: build
-    needs: [prepare, build-binaries, attest-binaries, docker-image]
     runs-on: ubuntu-latest
     permissions:
       contents: write
 
     steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
       - uses: actions/download-artifact@v4
         with:
-          path: release-artifacts
+          path: artifacts
 
-      - name: Flatten artifacts
+      - name: Create Release
-        shell: bash
-        run: |
-          set -euo pipefail
-          mkdir -p upload
-          find release-artifacts -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
-          ls -lah upload
-
-      - name: Create release
         uses: softprops/action-gh-release@v2
         with:
-          files: upload/*
+          files: artifacts/**/*
           generate_release_notes: true
           draft: false
-          prerelease: ${{ needs.prepare.outputs.prerelease == 'true' }}
+          prerelease: ${{ contains(github.ref, '-rc') || contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}

docs/QUICK_START_GUIDE.ru.md

@@ -178,7 +178,7 @@ docker compose down
 > - По умолчанию публикуются порты 443:443, а контейнер запускается со сброшенными привилегиями (добавлена только `NET_BIND_SERVICE`)  
 > - Если вам действительно нужна сеть хоста (обычно это требуется только для некоторых конфигураций IPv6), раскомментируйте `network_mode: host`
 
-**Запуск без Docker Compose**
+**Запуск в Docker Compose**
 ```bash
 docker build -t telemt:local .
 docker run --name telemt --restart unless-stopped \