mirror of
https://forgejo.ellis.link/continuwuation/continuwuity.git
synced 2025-07-12 15:56:22 +02:00
233 lines
9.7 KiB
YAML
233 lines
9.7 KiB
YAML
name: CI and Artifacts
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
- dev
|
|
# Allows you to run this workflow manually from the Actions tab
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
# Required to make some things output color
|
|
TERM: ansi
|
|
# Publishing to my nix binary cache
|
|
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
|
|
# Just in case incremental is still being set to true, speeds up CI
|
|
CARGO_INCREMENTAL: 0
|
|
# Custom nix binary cache if fork is being used
|
|
ATTIC_ENDPOINT: ${{ vars.ATTIC_ENDPOINT }}
|
|
ATTIC_PUBLIC_KEY: ${{ vars.ATTIC_PUBLIC_KEY }}
|
|
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
|
|
jobs:
|
|
setup:
|
|
name: Setup Environment
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Sync repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Nix (with flakes and nix-command enabled)
|
|
uses: cachix/install-nix-action@v26
|
|
with:
|
|
nix_path: nixpkgs=channel:nixos-unstable
|
|
extra_nix_config: |
|
|
experimental-features = nix-command flakes
|
|
extra-substituters = https://nix-community.cachix.org
|
|
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
|
|
extra-substituters = https://crane.cachix.org
|
|
extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=
|
|
extra-substituters = https://nix.computer.surgery/conduit
|
|
extra-trusted-public-keys = conduit:ZGAf6P6LhNvnoJJ3Me3PRg7tlLSrPxcQ2RiE5LIppjo=
|
|
extra-substituters = https://attic.kennel.juneis.dog/conduit
|
|
extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg=
|
|
extra-substituters = https://attic.kennel.juneis.dog/conduwuit
|
|
extra-trusted-public-keys = conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
|
|
|
|
- name: Add alternative Nix binary caches if specified
|
|
if: ${{ (env.ATTIC_ENDPOINT != '') && (env.ATTIC_PUBLIC_KEY != '') }}
|
|
run: |
|
|
echo "extra-substituters = ${{ env.ATTIC_ENDPOINT }}" >> /etc/nix/nix.conf
|
|
echo "extra-trusted-public-keys = ${{ env.ATTIC_PUBLIC_KEY }}" >> /etc/nix/nix.conf
|
|
|
|
- name: Install `direnv` and `nix-direnv`
|
|
run: nix-env -f "<nixpkgs>" -iA direnv -iA nix-direnv
|
|
|
|
- name: Populate `/nix/store`
|
|
run: nix develop --command true
|
|
|
|
- name: Package `/nix/store` for Artifact
|
|
run: |
|
|
tar -czf nix-store.tar.gz /nix/store
|
|
|
|
# Store the build environment in an artifact
|
|
- name: Cache build environment
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: build-environment
|
|
path: |
|
|
nix-store.tar.gz
|
|
~/.cargo
|
|
$HOME/.direnvrc
|
|
/etc/nix/nix.conf
|
|
|
|
build_and_package:
|
|
needs: setup
|
|
name: Build and Package
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
max-parallel: 8
|
|
matrix:
|
|
target:
|
|
[
|
|
"x86_64-unknown-linux-musl",
|
|
"x86_64-unknown-linux-musl-jemalloc",
|
|
"aarch64-unknown-linux-musl",
|
|
"aarch64-unknown-linux-musl-jemalloc",
|
|
]
|
|
|
|
steps:
|
|
- name: Download Build Environment
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: build-environment
|
|
|
|
- name: Extract Nix Store Archive
|
|
run: |
|
|
mkdir -p ${{ github.workspace }}/nix-store
|
|
tar -xzf nix-store.tar.gz -C ${{ github.workspace }}/nix-store
|
|
|
|
- name: Move Nix Store to Proper Location
|
|
run: |
|
|
sudo rsync -a ${{ github.workspace }}/nix-store/ /nix/store/
|
|
sudo chown -R root:root /nix/store
|
|
sudo restorecon -Rv /nix/store # If SELinux is enforcing
|
|
|
|
- name: Sync repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Reuse Build Environment
|
|
run: |
|
|
# Ensure the nix configuration is correct
|
|
sudo cp -R /etc/nix/nix.conf /etc/nix/nix.conf.bak
|
|
sudo cp -R nix.conf /etc/nix/nix.conf
|
|
# Source direnv
|
|
source $HOME/.direnvrc
|
|
direnv allow
|
|
|
|
- name: Build static ${{ matrix.target }}
|
|
run: |
|
|
./bin/nix-build-and-cache .#static-${{ matrix.target }}
|
|
mkdir -p target/release
|
|
cp -v -f result/bin/conduit target/release
|
|
direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb
|
|
|
|
- name: Upload static ${{ matrix.target }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: static-${{ matrix.target }}
|
|
path: result/bin/conduit
|
|
if-no-files-found: error
|
|
|
|
- name: Upload deb ${{ matrix.target }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ${{ matrix.target }}.deb
|
|
path: target/debian/${{ matrix.target }}.deb
|
|
if-no-files-found: error
|
|
|
|
- name: Build OCI for ${{ matrix.target }}
|
|
run: |
|
|
./bin/nix-build-and-cache .#oci-image-${{ matrix.target }}
|
|
cp -v -f result oci-image-${{ matrix.target }}.tar.gz
|
|
|
|
- name: Upload OCI ${{ matrix.target }}
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: oci-image-${{ matrix.target }}
|
|
path: oci-image-${{ matrix.target }}.tar.gz
|
|
if-no-files-found: error
|
|
# don't compress again
|
|
compression-level: 0
|
|
|
|
docker-push:
|
|
needs: build_and_package
|
|
name: Publish to Docker Registries
|
|
runs-on: ubuntu-latest
|
|
if: github.event_name != 'pull_request'
|
|
steps:
|
|
- name: Download OCI Images Artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
merge-multiple: true
|
|
|
|
- name: Load OCI Images and tag
|
|
run: |
|
|
ID_AARCH64=$(docker load -i oci-image-aarch64-unknown-linux-musl-jemalloc.tar.gz | sed -n 's/Loaded image: \(.*\)/\1/p')
|
|
docker tag $ID_AARCH64 conduwuit:${{ github.sha }}-aarch64-jemalloc
|
|
ID_X86_64=$(docker load -i oci-image-x86_64-unknown-linux-musl-jemalloc.tar.gz | sed -n 's/Loaded image: \(.*\)/\1/p')
|
|
docker tag $ID_X86_64 conduwuit:${{ github.sha }}-x86_64-jemalloc
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Create and push Manifest to GitHub
|
|
run: |
|
|
REPO_GHCR="ghcr.io/${{ github.repository }}"
|
|
SHA_TAG="${{ github.ref_name }}-${{ github.sha }}"
|
|
BRANCH_TAG="${{ github.ref_name }}"
|
|
if [ "$BRANCH_TAG" == "main" ]; then
|
|
BRANCH_TAG="latest"
|
|
fi
|
|
|
|
docker manifest create $REPO_GHCR:$SHA_TAG \
|
|
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
|
|
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
|
|
docker manifest push $REPO_GHCR:$SHA_TAG
|
|
|
|
docker manifest create $REPO_GHCR:$BRANCH_TAG \
|
|
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
|
|
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
|
|
docker manifest push $REPO_GHCR:$BRANCH_TAG
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
env:
|
|
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
|
|
if: ${{ (env.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
|
|
with:
|
|
username: ${{ env.DOCKER_USERNAME }}
|
|
password: ${{ env.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Create and push manifest to Docker Hub
|
|
env:
|
|
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
DOCKER_USERNAME: ${{ vars.DOCKER_USERNAME }}
|
|
if: ${{ (env.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}
|
|
run: |
|
|
REPO_DOCKER="docker.io/${{ github.repository }}"
|
|
SHA_TAG="${{ github.ref_name }}-${{ github.sha }}"
|
|
BRANCH_TAG="${{ github.ref_name }}"
|
|
if [ "$BRANCH_TAG" == "main" ]; then
|
|
BRANCH_TAG="latest"
|
|
fi
|
|
|
|
docker manifest create $REPO_DOCKER:$SHA_TAG \
|
|
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
|
|
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
|
|
docker manifest push $REPO_DOCKER:$SHA_TAG
|
|
|
|
docker manifest create $REPO_DOCKER:$BRANCH_TAG \
|
|
--amend conduwuit:${{ github.sha }}-x86_64-jemalloc \
|
|
--amend conduwuit:${{ github.sha }}-aarch64-jemalloc
|
|
docker manifest push $REPO_DOCKER:$BRANCH_TAG
|