fix script issue #281
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD with Earthly | |
on: push | |
jobs: | |
build: | |
runs-on: [self-hosted, linux, x64] | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Put back the git branch into git (Earthly uses it for tagging) | |
run: | | |
branch="" | |
if [ -n "$GITHUB_HEAD_REF" ]; then | |
branch="$GITHUB_HEAD_REF" | |
else | |
branch="${GITHUB_REF##*/}" | |
fi | |
git checkout -b "$branch" || true | |
- name: Download latest earthly | |
run: "wget -nc https://github.com/earthly/earthly/releases/download/v0.7.2/earthly-linux-amd64 -O earthly && chmod +x earthly" | |
- name: Earthly version | |
run: ./earthly --version | |
- name: Run build | |
run: ./earthly --config .earthly/config.yml --allow-privileged --no-output --strict +ci | |
publish: | |
runs-on: [self-hosted, linux, x64] | |
needs: build | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Put back the git branch into git (Earthly uses it for tagging) | |
run: | | |
branch="" | |
if [ -n "$GITHUB_HEAD_REF" ]; then | |
branch="$GITHUB_HEAD_REF" | |
else | |
branch="${GITHUB_REF##*/}" | |
fi | |
git checkout -b "$branch" || true | |
- name: Download latest earthly | |
run: "wget -nc https://github.com/earthly/earthly/releases/download/v0.7.2/earthly-linux-amd64 -O earthly && chmod +x earthly" | |
- name: Earthly version | |
run: ./earthly --version | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Publish | |
run: | | |
VERSION_TAG=$(echo ${{ github.ref }} | cut -f 3 -d / | tr -d 'v' ) | |
export EARTHLY_ALLOW_PRIVILEGED="true" | |
export EARTHLY_STRICT="true" | |
export EARTHLY_CONFIG=".earthly/config.yml" | |
./earthly \ | |
--secret API_TOKEN_PYPI=${{ secrets.API_TOKEN_PYPI }} \ | |
--secret PCCS_KEY=${{ secrets.PCCS_KEY }} \ | |
--push +publish \ | |
--TAG="$VERSION_TAG" | |
./earthly --artifact +build-release-enclave/* outdir/ | |
./earthly --artifact +build-release-runner/runner outdir/ | |
pushd outdir | |
tar czf blindai_server-$VERSION_TAG.tgz blindai_server.sgxs blindai_server.sig runner | |
popd | |
./earthly --artifact +build-mock-server/* outdir/ | |
pushd outdir | |
mv blindai_mock_server-x86_64-unknown-linux-gnu.tgz "blindai_mock_server-$VERSION_TAG-x86_64-unknown-linux-gnu.tgz" | |
popd | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} gh release create --verify-tag v$VERSION_TAG \ | |
outdir/manifest.toml \ | |
"outdir/blindai_server-$VERSION_TAG.tgz" \ | |
"outdir/blindai_mock_server-$VERSION_TAG-x86_64-unknown-linux-gnu.tgz" | |