ci: only attempt to push sidecar image from canonical repository #943
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set the workflow name. | |
name: CI | |
# Execute the workflow on pushes and pull requests. | |
on: [push, pull_request] | |
# Define the workflow jobs. | |
jobs: | |
verification: | |
name: Commit Verification | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: "Perform commit verification" | |
run: | | |
# Determine the target commit range. | |
export VERIFY_COMMIT_START="${{ github.event.pull_request.base.sha }}" | |
export VERIFY_COMMIT_END="${{ github.event.pull_request.head.sha }}" | |
# Perform verification. | |
scripts/ci/verify_commits.sh | |
macos: | |
name: macOS | |
runs-on: macos-15 | |
timeout-minutes: 90 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.23.2' | |
- name: "Install sha256sum" | |
run: brew install coreutils | |
- run: scripts/ci/setup_go.sh | |
- run: scripts/ci/setup_ssh.sh | |
- run: scripts/ci/setup_partitions_darwin.sh | |
- run: scripts/ci/analyze.sh | |
- run: scripts/ci/test.sh | |
- run: scripts/ci/build.sh | |
env: | |
MACOS_CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} | |
MACOS_CODESIGN_CERTIFICATE_AND_KEY: ${{ secrets.MACOS_CODESIGN_CERTIFICATE_AND_KEY }} | |
MACOS_CODESIGN_CERTIFICATE_AND_KEY_PASSWORD: ${{ secrets.MACOS_CODESIGN_CERTIFICATE_AND_KEY_PASSWORD }} | |
- run: scripts/ci/notarize.sh | |
if: github.ref_type == 'tag' | |
env: | |
MACOS_NOTARIZE_APPLE_ID: ${{ secrets.MACOS_NOTARIZE_APPLE_ID }} | |
MACOS_NOTARIZE_APP_SPECIFIC_PASSWORD: ${{ secrets.MACOS_NOTARIZE_APP_SPECIFIC_PASSWORD }} | |
MACOS_NOTARIZE_TEAM_ID: ${{ secrets.MACOS_NOTARIZE_TEAM_ID }} | |
- run: scripts/ci/sha256sum.sh | |
- uses: crazy-max/ghaction-import-gpg@v6 | |
id: import_gpg | |
if: github.ref_type == 'tag' | |
with: | |
gpg_private_key: ${{ secrets.GPG_SIGNING_KEY }} | |
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSWORD }} | |
- run: scripts/ci/sha256sign.sh | |
if: github.ref_type == 'tag' | |
env: | |
SHA256_GPG_SIGNING_IDENTITY: ${{ steps.import_gpg.outputs.email }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: bundles | |
path: build/release/* | |
retention-days: 2 | |
linux: | |
name: Linux | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
goversion: ['1.22.8', '1.23.2'] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ matrix.goversion }} | |
- run: scripts/ci/setup_go.sh | |
- run: scripts/ci/setup_ssh.sh | |
- run: scripts/ci/setup_docker.sh | |
- run: scripts/ci/analyze.sh | |
- run: scripts/ci/test.sh | |
- run: scripts/ci/test_386.sh | |
- run: scripts/ci/build.sh | |
windows: | |
name: Windows | |
runs-on: windows-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.23.2' | |
- run: scripts/ci/setup_go.sh | |
shell: bash | |
- run: scripts/ci/setup_docker.sh | |
shell: bash | |
- name: "Prepare Windows partition script" | |
run: | | |
# Populate the partition setup script with the repository path since | |
# diskpart doesn't support relative paths or environment variable | |
# substitution. While we could hardcode a path into the script, that | |
# breaks CI for mirrors that have a different repository name. | |
REPONAME="$(basename "$(pwd)")" | |
sed -e "s/REPONAME/D:\\\\a\\\\${REPONAME}\\\\${REPONAME}/g" \ | |
scripts/ci/setup_partitions_windows_template.txt \ | |
> setup_partitions_windows.txt | |
shell: bash | |
- run: diskpart /s setup_partitions_windows.txt | |
- run: scripts/ci/analyze.sh | |
shell: bash | |
- run: scripts/ci/test.sh | |
shell: bash | |
- run: scripts/ci/test_386.sh | |
shell: bash | |
- run: scripts/ci/build.sh | |
shell: bash | |
sidecar: | |
name: Sidecar | |
runs-on: ubuntu-latest | |
needs: [macos, linux, windows] | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.23.2' | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/login-action@v3 | |
if: github.ref_type == 'tag' && github.action_repository == 'mutagen-io/mutagen' | |
with: | |
username: ${{ secrets.SIDECAR_DEPLOYMENT_USER }} | |
password: ${{ secrets.SIDECAR_DEPLOYMENT_TOKEN }} | |
- name: "Determine sidecar tag" | |
id: tag | |
run: echo ::set-output name=tag::$(go run scripts/ci/sidecar_tag.go) | |
- uses: docker/build-push-action@v6 | |
with: | |
file: images/sidecar/linux/Dockerfile | |
target: mit | |
tags: ${{ steps.tag.outputs.tag }} | |
push: ${{ github.ref_type == 'tag' && github.action_repository == 'mutagen-io/mutagen' }} | |
platforms: | | |
linux/386 | |
linux/amd64 | |
linux/arm/v6 | |
linux/arm/v7 | |
linux/arm64/v8 | |
linux/ppc64le | |
- uses: docker/build-push-action@v6 | |
with: | |
file: images/sidecar/linux/Dockerfile | |
target: sspl | |
tags: ${{ steps.tag.outputs.tag }}-sspl | |
push: ${{ github.ref_type == 'tag' && github.action_repository == 'mutagen-io/mutagen' }} | |
platforms: | | |
linux/386 | |
linux/amd64 | |
linux/arm/v6 | |
linux/arm/v7 | |
linux/arm64/v8 | |
linux/ppc64le | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
if: github.ref_type == 'tag' | |
needs: [macos, linux, windows, sidecar] | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: bundles | |
path: bundles | |
- uses: alexellis/upload-assets@0.4.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
asset_paths: '["bundles/*"]' |