v0.5.0 #34
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| cargo-build: | |
| permissions: | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| - target: x86_64-unknown-linux-musl | |
| os: ubuntu-latest | |
| - target: aarch64-unknown-linux-musl | |
| os: ubuntu-latest | |
| - target: x86_64-apple-darwin | |
| os: macos-latest | |
| - target: aarch64-apple-darwin | |
| os: macos-latest | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| ARCHIVE_FILENAME: >- | |
| hanko-${{ github.ref_name }}-${{ matrix.target }}.${{ startsWith(matrix.os, 'windows') && 'zip' || 'tar.gz' }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a | |
| with: | |
| toolchain: stable | |
| targets: "${{ matrix.target }}" | |
| - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab | |
| - name: Install GCC for aarch64 | |
| run: | | |
| sudo apt install -y gcc-aarch64-linux-gnu | |
| echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV | |
| echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV | |
| if: ${{ contains(matrix.target, 'aarch64') && contains(matrix.target, 'linux') }} | |
| - name: Install musl tools | |
| run: sudo apt install -y musl-tools | |
| if: ${{ contains(matrix.target, 'musl') && contains(matrix.target, 'linux') }} | |
| - name: Print versions | |
| shell: bash | |
| run: | | |
| gcc --version || true | |
| rustup -V | |
| rustup toolchain list | |
| rustup default | |
| cargo -V | |
| rustc -V | |
| - name: Build | |
| run: cargo build --release --locked --target ${{ matrix.target }} | |
| - name: Create Release Tar Archive | |
| run: >- | |
| tar -czvf "${ARCHIVE_FILENAME}" | |
| -C target/${{ matrix.target }}/release | |
| hanko | |
| shell: bash | |
| if: ${{ !startsWith(matrix.os, 'windows') }} | |
| - name: Create Release Zip Archive | |
| run: >- | |
| 7z a "${ARCHIVE_FILENAME}" | |
| ./target/${{ matrix.target }}/release/hanko.exe | |
| shell: bash | |
| if: ${{ startsWith(matrix.os, 'windows') }} | |
| - name: Upload Release Archive | |
| run: >- | |
| gh release upload "${GITHUB_REF_NAME}" | |
| "${ARCHIVE_FILENAME}" | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| attest-build-provenance: | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: write | |
| needs: cargo-build | |
| runs-on: ubuntu-latest | |
| env: | |
| ARCHIVE_DIR: release-archives | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Download Release Archives | |
| run: >- | |
| gh release download ${GITHUB_REF_NAME} --dir ${ARCHIVE_DIR} --pattern "hanko-*" | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Attest Build Provenance of Release Archives | |
| id: provenance | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c | |
| with: | |
| subject-path: ${{ env.ARCHIVE_DIR }}/* | |
| - name: Upload Provenance of Release Archives | |
| run: >- | |
| gh release upload ${GITHUB_REF_NAME} | |
| ${{ steps.provenance.outputs.bundle-path }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build-container-image: | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-musl | |
| platform: linux/amd64 | |
| - target: aarch64-unknown-linux-musl | |
| platform: linux/arm64 | |
| needs: cargo-build | |
| runs-on: ubuntu-latest | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 | |
| - name: Container Registry Login | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Metadata (tags, labels) | |
| id: meta | |
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Download Release Binary | |
| run: >- | |
| gh release download ${GITHUB_REF_NAME} --pattern "*${{ matrix.target }}*" | |
| --output - | tar -xz | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Build & Push Image | |
| id: push | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: ${{ matrix.platform }} | |
| - name: Attest Build Provenance | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true |