chore(deps): pin hello-world docker tag to 91fb4b0 #4326
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: ["**"] | |
| tags: [v*.*.*] | |
| pull_request: | |
| workflow_call: | |
| inputs: | |
| tag-name: | |
| required: true | |
| type: string | |
| outputs: | |
| image_tags: | |
| value: ${{ jobs.image.outputs.image_tags }} | |
| image_url: | |
| value: https://ghcr.io/${{ github.repository }} | |
| env: | |
| IMAGE_REGISTRY: ghcr.io | |
| IMAGE_NAMESPACE: ${{ github.repository_owner }} | |
| IMAGE_NAME: ${{ github.event.repository.name }} | |
| # renovate: datasource=github-releases depName=docker/buildx | |
| BUILDX_VERSION: v0.17.1 | |
| jobs: | |
| env: | |
| # release-please によるコミットの時は workflow_call でのみ実行する | |
| if: ${{ !( github.workflow == 'build' && startsWith(github.event.head_commit.message, 'release:') && github.event.head_commit.author.name == 'mazi-release[bot]' ) }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| BINARY_NAME: ${{ steps.meta.outputs.BINARY_NAME }} | |
| PUSH: ${{ github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - id: meta | |
| run: | | |
| echo "BINARY_NAME=$(cargo metadata --offline --no-deps --format-version=1 | jq -r '.packages[].targets[] | select(.kind | map(. == "bin") | any ) | .name')" >> $GITHUB_OUTPUT | |
| build: | |
| needs: [env] | |
| permissions: | |
| contents: write | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| profile: ${{ github.ref_name == github.event.repository.default_branch && fromJson('["dev", "release"]') || fromJson('["dev"]') }} | |
| platform: | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| command: cross | |
| - target: aarch64-unknown-linux-musl | |
| os: ubuntu-latest | |
| command: cross | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| command: cargo | |
| - target: x86_64-unknown-linux-musl | |
| os: ubuntu-latest | |
| command: cargo | |
| # - os: macos-latest | |
| # target: aarch64-apple-darwin | |
| # - os: macos-latest | |
| # target: x86_64-apple-darwin | |
| # - os: windows-latest | |
| # target: x86_64-pc-windows-msvc | |
| # - os: windows-latest | |
| # target: x86_64-pc-windows-gnu | |
| runs-on: ${{ matrix.platform.os }} | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| defaults: | |
| run: | |
| shell: bash -xe {0} | |
| steps: | |
| - name: Install musl tools | |
| if: matrix.platform.target == 'x86_64-unknown-linux-musl' | |
| run: | | |
| sudo apt-get install -y musl-tools --no-install-recommends | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| filter: tree:0 | |
| fetch-depth: 0 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: stable | |
| target: ${{ matrix.platform.target }} | |
| - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 | |
| with: | |
| key: ${{ matrix.profile }}-${{ matrix.platform.target }} | |
| - name: Install cross | |
| if: ${{ matrix.platform.command == 'cross' }} | |
| uses: taiki-e/install-action@ae888b48c8777229768754549e5463ba726cb1b3 # v2.44.1 | |
| with: | |
| tool: cross | |
| - run: mkdir dist | |
| - run: ${{ matrix.platform.command }} rustc --locked ${{ matrix.profile == 'release' && '--release' || '' }} --target=${{ matrix.platform.target }} -- --emit=link=dist/${{ needs.env.outputs.BINARY_NAME }} | |
| - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: ${{ matrix.profile }}-${{ matrix.platform.target }} | |
| path: | | |
| dist/${{ needs.env.outputs.BINARY_NAME }} | |
| dist/${{ needs.env.outputs.BINARY_NAME }}.exe | |
| if-no-files-found: error | |
| - name: Upload to release | |
| if: ${{ inputs.tag-name && matrix.profile == 'release' }} | |
| working-directory: dist/ | |
| run: | | |
| if [ -e ${{ needs.env.outputs.BINARY_NAME }}.exe ]; then | |
| filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.platform.target }}.exe" | |
| mv ${{ needs.env.outputs.BINARY_NAME }}.exe "$filename" | |
| gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.platform.target }} --clobber | |
| else | |
| filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.platform.target }}" | |
| mv ${{ needs.env.outputs.BINARY_NAME }} "$filename" | |
| gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.platform.target }} --clobber | |
| fi | |
| image: | |
| permissions: | |
| packages: write | |
| needs: [env, build] | |
| if: ${{ fromJson(needs.env.outputs.PUSH) }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_tags: ${{ steps.meta.outputs.tags }} | |
| defaults: | |
| run: | |
| shell: bash -xe {0} | |
| steps: | |
| - name: Download build artifact | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| path: artifact | |
| pattern: release-*-unknown-linux-musl | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
| with: | |
| images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ inputs.tag-name }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }} | |
| type=semver,pattern={{major}},value=${{ inputs.tag-name }} | |
| type=edge | |
| type=ref,event=branch | |
| - name: Build Images | |
| run: | | |
| build() { | |
| newcontainer=$(buildah from --platform="$1" scratch) | |
| buildah copy --chmod=0755 $newcontainer ./artifact/release-"$2"/${{ needs.env.outputs.BINARY_NAME }} /${{ needs.env.outputs.BINARY_NAME }} | |
| buildah config --entrypoint='["./${{ needs.env.outputs.BINARY_NAME }}"]' $newcontainer | |
| buildah config --author="Mogyuchi" $(awk '{print "--label=" $0}' <<< "${{ steps.meta.outputs.labels }}") $newcontainer | |
| buildah inspect $newcontainer | |
| buildah commit --manifest=localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} $newcontainer | |
| buildah rm $newcontainer | |
| } | |
| build linux/amd64 x86_64-unknown-linux-musl | |
| build linux/arm64 aarch64-unknown-linux-musl | |
| - id: push | |
| name: Push To GHCR | |
| run: | | |
| buildah manifest inspect localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
| tac <<< '${{ steps.meta.outputs.tags }}' \ | |
| | parallel --halt=now,fail=1 --jobs=1 'buildah --log-level=trace manifest push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --all --digestfile="$RUNNER_TEMP/image-digest" localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} docker://{} && printf "\`\`\`\n%s@$(cat "$RUNNER_TEMP/image-digest")\n\`\`\`\n" {} >> "$GITHUB_STEP_SUMMARY"' | |