mirror of https://github.com/telemt/telemt.git
Compare commits
No commits in common. "a95678988a3dbd87c3758a26642062ca3559f93f" and "24594e648e68c99b0d67ed98fc04a25360f01873" have entirely different histories.
a95678988a
...
24594e648e
|
|
@ -21,13 +21,16 @@ env:
|
|||
|
||||
jobs:
|
||||
prepare:
|
||||
name: Prepare metadata
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
version: ${{ steps.meta.outputs.version }}
|
||||
prerelease: ${{ steps.meta.outputs.prerelease }}
|
||||
release_enabled: ${{ steps.meta.outputs.release_enabled }}
|
||||
steps:
|
||||
- id: meta
|
||||
- name: Derive version
|
||||
id: meta
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
|
|
@ -50,38 +53,67 @@ jobs:
|
|||
echo "release_enabled=$RELEASE_ENABLED" >> "$GITHUB_OUTPUT"
|
||||
|
||||
checks:
|
||||
name: Checks
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: debian:trixie
|
||||
steps:
|
||||
- run: |
|
||||
- name: Install system dependencies
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
apt-get update
|
||||
apt-get install -y build-essential clang llvm pkg-config curl git
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
git \
|
||||
build-essential \
|
||||
pkg-config \
|
||||
clang \
|
||||
llvm \
|
||||
python3 \
|
||||
python3-pip
|
||||
update-ca-certificates
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
components: rustfmt, clippy
|
||||
|
||||
- uses: actions/cache@v4
|
||||
- name: Cache cargo
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
/github/home/.cargo/registry
|
||||
/github/home/.cargo/git
|
||||
target
|
||||
key: checks-${{ hashFiles('**/Cargo.lock') }}
|
||||
key: checks-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
|
||||
restore-keys: |
|
||||
checks-${{ runner.os }}-
|
||||
|
||||
- run: cargo fetch --locked
|
||||
- run: cargo fmt --all -- --check
|
||||
- run: cargo clippy
|
||||
- run: cargo test
|
||||
- name: Cargo fetch
|
||||
shell: bash
|
||||
run: cargo fetch --locked
|
||||
|
||||
- name: Format
|
||||
shell: bash
|
||||
run: cargo fmt --all -- --check
|
||||
|
||||
- name: Clippy
|
||||
shell: bash
|
||||
run: cargo clippy --workspace --all-targets --locked -- -D warnings
|
||||
|
||||
- name: Tests
|
||||
shell: bash
|
||||
run: cargo test --workspace --all-targets --locked
|
||||
|
||||
build-binaries:
|
||||
name: Build ${{ matrix.asset_name }}
|
||||
needs: [prepare, checks]
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: debian:trixie
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
|
|
@ -100,80 +132,156 @@ jobs:
|
|||
asset_name: telemt-aarch64-linux-musl
|
||||
|
||||
steps:
|
||||
- run: |
|
||||
- name: Install system dependencies
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
apt-get update
|
||||
apt-get install -y clang llvm pkg-config curl git python3 python3-pip file tar xz-utils
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
git \
|
||||
build-essential \
|
||||
pkg-config \
|
||||
clang \
|
||||
llvm \
|
||||
file \
|
||||
tar \
|
||||
xz-utils \
|
||||
python3 \
|
||||
python3-pip
|
||||
update-ca-certificates
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
targets: ${{ matrix.rust_target }}
|
||||
|
||||
- uses: actions/cache@v4
|
||||
- name: Cache cargo
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
/github/home/.cargo/registry
|
||||
/github/home/.cargo/git
|
||||
target
|
||||
key: build-${{ matrix.zig_target }}-${{ hashFiles('**/Cargo.lock') }}
|
||||
restore-keys: |
|
||||
build-${{ matrix.zig_target }}-
|
||||
|
||||
- run: |
|
||||
- name: Install cargo-zigbuild + Zig
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
python3 -m pip install --user --break-system-packages cargo-zigbuild
|
||||
echo "/github/home/.local/bin" >> "$GITHUB_PATH"
|
||||
|
||||
- run: cargo fetch --locked
|
||||
- name: Cargo fetch
|
||||
shell: bash
|
||||
run: cargo fetch --locked
|
||||
|
||||
- run: |
|
||||
- name: Build release
|
||||
shell: bash
|
||||
env:
|
||||
CARGO_PROFILE_RELEASE_LTO: "fat"
|
||||
CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "1"
|
||||
CARGO_PROFILE_RELEASE_PANIC: "abort"
|
||||
run: |
|
||||
set -euo pipefail
|
||||
cargo zigbuild --release --locked --target "${{ matrix.zig_target }}"
|
||||
|
||||
- run: |
|
||||
BIN="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
|
||||
llvm-strip "$BIN" || true
|
||||
- name: Strip binary
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
llvm-strip "target/${{ matrix.zig_target }}/release/${BINARY_NAME}" || true
|
||||
|
||||
- run: |
|
||||
BIN="target/${{ matrix.rust_target }}/release/${BINARY_NAME}"
|
||||
OUT="$RUNNER_TEMP/${{ matrix.asset_name }}"
|
||||
mkdir -p "$OUT"
|
||||
install -m755 "$BIN" "$OUT/${BINARY_NAME}"
|
||||
- name: Inspect binary
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
file "target/${{ matrix.zig_target }}/release/${BINARY_NAME}"
|
||||
|
||||
tar -C "$RUNNER_TEMP" -czf "${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
|
||||
sha256sum "${{ matrix.asset_name }}.tar.gz" > "${{ matrix.asset_name }}.sha256"
|
||||
- name: Package
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
OUTDIR="$RUNNER_TEMP/pkg/${{ matrix.asset_name }}"
|
||||
mkdir -p "$OUTDIR"
|
||||
|
||||
install -m 0755 "target/${{ matrix.zig_target }}/release/${BINARY_NAME}" "$OUTDIR/${BINARY_NAME}"
|
||||
|
||||
if [[ -f LICENSE ]]; then cp LICENSE "$OUTDIR/"; fi
|
||||
if [[ -f README.md ]]; then cp README.md "$OUTDIR/"; fi
|
||||
|
||||
cat > "$OUTDIR/BUILD-INFO.txt" <<EOF
|
||||
project=${GITHUB_REPOSITORY}
|
||||
version=${{ needs.prepare.outputs.version }}
|
||||
git_ref=${GITHUB_REF}
|
||||
git_sha=${GITHUB_SHA}
|
||||
rust_target=${{ matrix.rust_target }}
|
||||
zig_target=${{ matrix.zig_target }}
|
||||
built_at=$(date -u +%Y-%m-%dT%H:%M:%SZ)
|
||||
EOF
|
||||
|
||||
mkdir -p dist
|
||||
tar -C "$RUNNER_TEMP/pkg" -czf "dist/${{ matrix.asset_name }}.tar.gz" "${{ matrix.asset_name }}"
|
||||
sha256sum "dist/${{ matrix.asset_name }}.tar.gz" > "dist/${{ matrix.asset_name }}.sha256"
|
||||
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.asset_name }}
|
||||
path: |
|
||||
${{ matrix.asset_name }}.tar.gz
|
||||
${{ matrix.asset_name }}.sha256
|
||||
dist/${{ matrix.asset_name }}.tar.gz
|
||||
dist/${{ matrix.asset_name }}.sha256
|
||||
if-no-files-found: error
|
||||
retention-days: 14
|
||||
|
||||
attest-binaries:
|
||||
name: Attest binary archives
|
||||
needs: build-binaries
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
attestations: write
|
||||
id-token: write
|
||||
steps:
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
path: dist
|
||||
|
||||
- name: Flatten artifacts
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
mkdir -p upload
|
||||
find dist -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
|
||||
ls -lah upload
|
||||
|
||||
- name: Attest release archives
|
||||
uses: actions/attest-build-provenance@v3
|
||||
with:
|
||||
subject-path: 'upload/*.tar.gz'
|
||||
|
||||
docker-image:
|
||||
name: Docker ${{ matrix.platform }}
|
||||
needs: [prepare, build-binaries]
|
||||
name: Build and push GHCR image
|
||||
needs: [prepare, checks]
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- platform: linux/amd64
|
||||
artifact: telemt-x86_64-linux-gnu
|
||||
- platform: linux/arm64
|
||||
artifact: telemt-aarch64-linux-gnu
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.artifact }}
|
||||
path: dist
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- run: |
|
||||
mkdir docker-build
|
||||
tar -xzf dist/*.tar.gz -C docker-build --strip-components=1
|
||||
- name: Set up Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Login
|
||||
- name: Log in to GHCR
|
||||
if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
|
|
@ -181,20 +289,43 @@ jobs:
|
|||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- uses: docker/build-push-action@v6
|
||||
- name: Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
context: ./docker-build
|
||||
platforms: ${{ matrix.platform }}
|
||||
images: ghcr.io/${{ github.repository }}
|
||||
tags: |
|
||||
type=raw,value=${{ needs.prepare.outputs.version }}
|
||||
type=raw,value=latest,enable=${{ needs.prepare.outputs.prerelease != 'true' && needs.prepare.outputs.release_enabled == 'true' }}
|
||||
labels: |
|
||||
org.opencontainers.image.title=telemt
|
||||
org.opencontainers.image.description=telemt
|
||||
org.opencontainers.image.source=https://github.com/${{ github.repository }}
|
||||
org.opencontainers.image.version=${{ needs.prepare.outputs.version }}
|
||||
org.opencontainers.image.revision=${{ github.sha }}
|
||||
|
||||
- name: Build and push
|
||||
id: build
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: ${{ needs.prepare.outputs.release_enabled == 'true' }}
|
||||
tags: ghcr.io/${{ github.repository }}:${{ needs.prepare.outputs.version }}
|
||||
cache-from: type=gha,scope=telemt-${{ matrix.platform }}
|
||||
cache-to: type=gha,mode=max,scope=telemt-${{ matrix.platform }}
|
||||
provenance: false
|
||||
sbom: false
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
provenance: mode=max
|
||||
sbom: true
|
||||
build-args: |
|
||||
TELEMT_VERSION=${{ needs.prepare.outputs.version }}
|
||||
VCS_REF=${{ github.sha }}
|
||||
|
||||
release:
|
||||
name: Create GitHub Release
|
||||
if: ${{ needs.prepare.outputs.release_enabled == 'true' }}
|
||||
needs: [prepare, build-binaries]
|
||||
needs: [prepare, build-binaries, attest-binaries, docker-image]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
|
|
@ -203,14 +334,19 @@ jobs:
|
|||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
path: release-artifacts
|
||||
pattern: telemt-*
|
||||
|
||||
- run: |
|
||||
mkdir upload
|
||||
- name: Flatten artifacts
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
mkdir -p upload
|
||||
find release-artifacts -type f \( -name '*.tar.gz' -o -name '*.sha256' \) -exec cp {} upload/ \;
|
||||
ls -lah upload
|
||||
|
||||
- uses: softprops/action-gh-release@v2
|
||||
- name: Create release
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
files: upload/*
|
||||
generate_release_notes: true
|
||||
draft: false
|
||||
prerelease: ${{ needs.prepare.outputs.prerelease == 'true' }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue