Skip to content

ci: only attempt to push sidecar image from canonical repository #943

ci: only attempt to push sidecar image from canonical repository

ci: only attempt to push sidecar image from canonical repository #943

Workflow file for this run

# Set the workflow name.
name: CI
# Execute the workflow on pushes and pull requests.
on: [push, pull_request]
# Define the workflow jobs.
jobs:
verification:
name: Commit Verification
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Perform commit verification"
run: |
# Determine the target commit range.
export VERIFY_COMMIT_START="${{ github.event.pull_request.base.sha }}"
export VERIFY_COMMIT_END="${{ github.event.pull_request.head.sha }}"
# Perform verification.
scripts/ci/verify_commits.sh
macos:
name: macOS
runs-on: macos-15
timeout-minutes: 90
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.23.2'
- name: "Install sha256sum"
run: brew install coreutils
- run: scripts/ci/setup_go.sh
- run: scripts/ci/setup_ssh.sh
- run: scripts/ci/setup_partitions_darwin.sh
- run: scripts/ci/analyze.sh
- run: scripts/ci/test.sh
- run: scripts/ci/build.sh
env:
MACOS_CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
MACOS_CODESIGN_CERTIFICATE_AND_KEY: ${{ secrets.MACOS_CODESIGN_CERTIFICATE_AND_KEY }}
MACOS_CODESIGN_CERTIFICATE_AND_KEY_PASSWORD: ${{ secrets.MACOS_CODESIGN_CERTIFICATE_AND_KEY_PASSWORD }}
- run: scripts/ci/notarize.sh
if: github.ref_type == 'tag'
env:
MACOS_NOTARIZE_APPLE_ID: ${{ secrets.MACOS_NOTARIZE_APPLE_ID }}
MACOS_NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.MACOS_NOTARIZE_APP_SPECIFIC_PASSWORD }}
MACOS_NOTARIZE_TEAM_ID: ${{ secrets.MACOS_NOTARIZE_TEAM_ID }}
- run: scripts/ci/sha256sum.sh
- uses: crazy-max/ghaction-import-gpg@v6
id: import_gpg
if: github.ref_type == 'tag'
with:
gpg_private_key: ${{ secrets.GPG_SIGNING_KEY }}
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }}
- run: scripts/ci/sha256sign.sh
if: github.ref_type == 'tag'
env:
SHA256_GPG_SIGNING_IDENTITY: ${{ steps.import_gpg.outputs.email }}
- uses: actions/upload-artifact@v4
with:
name: bundles
path: build/release/*
retention-days: 2
linux:
name: Linux
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
matrix:
goversion: ['1.22.8', '1.23.2']
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.goversion }}
- run: scripts/ci/setup_go.sh
- run: scripts/ci/setup_ssh.sh
- run: scripts/ci/setup_docker.sh
- run: scripts/ci/analyze.sh
- run: scripts/ci/test.sh
- run: scripts/ci/test_386.sh
- run: scripts/ci/build.sh
windows:
name: Windows
runs-on: windows-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.23.2'
- run: scripts/ci/setup_go.sh
shell: bash
- run: scripts/ci/setup_docker.sh
shell: bash
- name: "Prepare Windows partition script"
run: |
# Populate the partition setup script with the repository path since
# diskpart doesn't support relative paths or environment variable
# substitution. While we could hardcode a path into the script, that
# breaks CI for mirrors that have a different repository name.
REPONAME="$(basename "$(pwd)")"
sed -e "s/REPONAME/D:\\\\a\\\\${REPONAME}\\\\${REPONAME}/g" \
scripts/ci/setup_partitions_windows_template.txt \
> setup_partitions_windows.txt
shell: bash
- run: diskpart /s setup_partitions_windows.txt
- run: scripts/ci/analyze.sh
shell: bash
- run: scripts/ci/test.sh
shell: bash
- run: scripts/ci/test_386.sh
shell: bash
- run: scripts/ci/build.sh
shell: bash
sidecar:
name: Sidecar
runs-on: ubuntu-latest
needs: [macos, linux, windows]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.23.2'
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
if: github.ref_type == 'tag' && github.action_repository == 'mutagen-io/mutagen'
with:
username: ${{ secrets.SIDECAR_DEPLOYMENT_USER }}
password: ${{ secrets.SIDECAR_DEPLOYMENT_TOKEN }}
- name: "Determine sidecar tag"
id: tag
run: echo ::set-output name=tag::$(go run scripts/ci/sidecar_tag.go)
- uses: docker/build-push-action@v6
with:
file: images/sidecar/linux/Dockerfile
target: mit
tags: ${{ steps.tag.outputs.tag }}
push: ${{ github.ref_type == 'tag' && github.action_repository == 'mutagen-io/mutagen' }}
platforms: |
linux/386
linux/amd64
linux/arm/v6
linux/arm/v7
linux/arm64/v8
linux/ppc64le
- uses: docker/build-push-action@v6
with:
file: images/sidecar/linux/Dockerfile
target: sspl
tags: ${{ steps.tag.outputs.tag }}-sspl
push: ${{ github.ref_type == 'tag' && github.action_repository == 'mutagen-io/mutagen' }}
platforms: |
linux/386
linux/amd64
linux/arm/v6
linux/arm/v7
linux/arm64/v8
linux/ppc64le
release:
name: Release
runs-on: ubuntu-latest
if: github.ref_type == 'tag'
needs: [macos, linux, windows, sidecar]
timeout-minutes: 10
steps:
- uses: actions/download-artifact@v4
with:
name: bundles
path: bundles
- uses: alexellis/upload-assets@0.4.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
asset_paths: '["bundles/*"]'