Skip to content
Build

Build #35

Sign in to view logs

Build

Build #35

Workflow file for this run

.github/workflows/build.yml at 17046c3
---
name: Build
on:
release:
types: [published]
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
cargo-build:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
- target: aarch64-unknown-linux-gnu
os: ubuntu-latest
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
- target: x86_64-apple-darwin
os: macos-latest
- target: aarch64-apple-darwin
os: macos-latest
- target: x86_64-pc-windows-msvc
os: windows-latest
runs-on: ${{ matrix.os }}
env:
ARCHIVE_FILENAME: >-
hanko-${{ github.ref_name }}-${{ matrix.target }}.${{ startsWith(matrix.os, 'windows') && 'zip' || 'tar.gz' }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: stable
targets: "${{ matrix.target }}"
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab
- name: Install GCC for aarch64
run: |
sudo apt install -y gcc-aarch64-linux-gnu
echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
if: ${{ contains(matrix.target, 'aarch64') && contains(matrix.target, 'linux') }}
- name: Install musl tools
run: sudo apt install -y musl-tools
if: ${{ contains(matrix.target, 'musl') && contains(matrix.target, 'linux') }}
- name: Print versions
shell: bash
run: |
gcc --version || true
rustup -V
rustup toolchain list
rustup default
cargo -V
rustc -V
- name: Build
run: cargo build --release --locked --target ${{ matrix.target }}
- name: Create Release Tar Archive
run: >-
tar -czvf "${ARCHIVE_FILENAME}"
-C target/${{ matrix.target }}/release
hanko
shell: bash
if: ${{ !startsWith(matrix.os, 'windows') }}
- name: Create Release Zip Archive
run: >-
7z a "${ARCHIVE_FILENAME}"
./target/${{ matrix.target }}/release/hanko.exe
shell: bash
if: ${{ startsWith(matrix.os, 'windows') }}
- name: Upload Release Archive
run: >-
gh release upload "${GITHUB_REF_NAME}"
"${ARCHIVE_FILENAME}"
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
cargo-deb:
permissions:
contents: write
needs: cargo-build
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-musl
arch: amd64
- target: aarch64-unknown-linux-musl
arch: arm64
runs-on: ubuntu-latest
env:
TARGET_DIR: target/${{ matrix.target }}
DEB_FILENAME: hanko-${{ github.ref_name }}-${{ matrix.arch }}.deb
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
with:
toolchain: stable
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab
- uses: taiki-e/install-action@684122deb17127bf60d1d99224e12e8fc0012210
with:
tool: cargo-deb
- name: Create Target Release Directory
run: mkdir -p ${TARGET_DIR}/release
- name: Download Release Binary
run: >-
gh release download ${GITHUB_REF_NAME} --pattern "*${{ matrix.target }}.tar.gz"
--output - | tar -xz -C ${TARGET_DIR}/release
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Create Debian Package
run: >-
cargo deb --no-build --target ${{ matrix.target }}
--output ${TARGET_DIR}/debian/${DEB_FILENAME}
- name: Upload Debian Package
run: >-
gh release upload "${GITHUB_REF_NAME}"
"${TARGET_DIR}/debian/${DEB_FILENAME}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
attest-build-provenance:
permissions:
id-token: write
attestations: write
contents: write
needs:
- cargo-build
- cargo-deb
runs-on: ubuntu-latest
env:
DOWNLOAD_DIR: release-files
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Download Release Files
run: >-
gh release download ${GITHUB_REF_NAME} --dir ${DOWNLOAD_DIR} --pattern "hanko-*"
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Attest Build Provenance of Release Files
id: provenance
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c
with:
subject-path: ${{ env.DOWNLOAD_DIR }}/*
- name: Upload Provenance of Release Files
run: >-
gh release upload ${GITHUB_REF_NAME}
${{ steps.provenance.outputs.bundle-path }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-container-image:
permissions:
id-token: write
attestations: write
packages: write
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-musl
platform: linux/amd64
- target: aarch64-unknown-linux-musl
platform: linux/arm64
needs: cargo-build
runs-on: ubuntu-latest
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
- name: Container Registry Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Metadata (tags, labels)
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Download Release Binary
run: >-
gh release download ${GITHUB_REF_NAME} --pattern "*${{ matrix.target }}.tar.gz"
--output - | tar -xz
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Build & Push Image
id: push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ matrix.platform }}
- name: Attest Build Provenance
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true