Skip to content
Build

Use join function for path #40

Sign in to view logs

Use join function for path

Use join function for path #40

Workflow file for this run

.github/workflows/build.yml at 587ad78
---
name: Build
on: push
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
build-release-archive:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
- target: aarch64-unknown-linux-gnu
os: ubuntu-latest
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
- target: x86_64-apple-darwin
os: macos-latest
- target: aarch64-apple-darwin
os: macos-latest
- target: x86_64-pc-windows-msvc
os: windows-latest
runs-on: ${{ matrix.os }}
env:
ARCHIVE_FILENAME: >-
hanko-${{ github.ref_name }}-${{ matrix.target }}.${{ startsWith(matrix.os, 'windows') && 'zip' || 'tar.gz' }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: stable
targets: "${{ matrix.target }}"
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab
- uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6
- name: Install GCC for aarch64
run: |
sudo apt install -y gcc-aarch64-linux-gnu
echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
if: ${{ contains(matrix.target, 'aarch64') && contains(matrix.target, 'linux') }}
- name: Install musl tools
run: sudo apt install -y musl-tools
if: ${{ contains(matrix.target, 'musl') && contains(matrix.target, 'linux') }}
- name: Print versions
shell: bash
run: |
gcc --version || true
rustup -V
rustup toolchain list
rustup default
cargo -V
rustc -V
- name: Create Release Archive
run: just release-archive ${{ matrix.target }} ${{ env.ARCHIVE_FILENAME }}
cargo-deb:
permissions:
contents: write
needs: build-release-archive
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-musl
arch: amd64
- target: aarch64-unknown-linux-musl
arch: arm64
runs-on: ubuntu-latest
env:
TARGET_DIR: target/${{ matrix.target }}
DEB_FILENAME: hanko-${{ github.ref_name }}-${{ matrix.arch }}.deb
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
with:
toolchain: stable
- uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab
- uses: taiki-e/install-action@a22e1808bbd53573c0b897cc089c64643401af7d
with:
tool: cargo-deb
- name: Create Target Release Directory
run: mkdir -p ${TARGET_DIR}/release
- name: Download Release Binary
run: >-
gh release download ${GITHUB_REF_NAME} --pattern "*${{ matrix.target }}.tar.gz"
--output - | tar -xz hanko -C ${TARGET_DIR}/release
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Create Debian Package
run: >-
cargo deb --no-build --no-strip --target ${{ matrix.target }}
--output ${TARGET_DIR}/debian/${DEB_FILENAME}
- name: Upload Debian Package
run: >-
gh release upload "${GITHUB_REF_NAME}"
"${TARGET_DIR}/debian/${DEB_FILENAME}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
attest-build-provenance:
permissions:
id-token: write
attestations: write
contents: write
needs:
- build-release-archive
- cargo-deb
runs-on: ubuntu-latest
env:
DOWNLOAD_DIR: release-files
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Download Release Files
run: >-
gh release download ${GITHUB_REF_NAME} --dir ${DOWNLOAD_DIR} --pattern "hanko-*"
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Attest Build Provenance of Release Files
id: provenance
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018
with:
subject-path: ${{ env.DOWNLOAD_DIR }}/*
- name: Upload Provenance of Release Files
run: >-
gh release upload ${GITHUB_REF_NAME}
${{ steps.provenance.outputs.bundle-path }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-container-image:
permissions:
id-token: write
attestations: write
packages: write
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-musl
platform: linux/amd64
- target: aarch64-unknown-linux-musl
platform: linux/arm64
needs: build-release-archive
runs-on: ubuntu-latest
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
- name: Container Registry Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Metadata (tags, labels)
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Download Release Binary
run: >-
gh release download ${GITHUB_REF_NAME} --pattern "*${{ matrix.target }}.tar.gz"
--output - | tar -xz hanko
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Build & Push Image
id: push
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ matrix.platform }}
- name: Attest Build Provenance
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true