v0.9.0 #74

Workflow file for this run

.github/workflows/release.yml at 0a23ae2

	name: Release

	on:
	release:
	types: [created]

	defaults:
	run:
	shell: bash

	env:
	tag_name: ${{ github.event.release.tag_name }}
	package_resources: >-
	README.md LICENSE-APACHE LICENSE-MIT
	docs lang res tmpl
	config.toml.dist

	jobs:
	release-linux:
	strategy:
	fail-fast: false
	matrix:
	# These are tags for rust-musl-cross.
	# NOTE: Packages are named after the first component of the target,
	# so these must be unique.
	# NOTE: On Linux, we are limited mostly by arch support in Ring.
	# See: https://github.com/briansmith/ring/blob/main/mk/cargo.sh
	target:
	- aarch64-musl
	- x86_64-musl
	runs-on: ubuntu-latest
	container: "ghcr.io/rust-cross/rust-musl-cross:${{ matrix.target }}"
	steps:

	- name: Checkout
	uses: actions/checkout@v4

	- name: Install GitHub CLI
	run: \|
	curl -Lo gh.deb https://github.com/cli/cli/releases/download/v1.11.0/gh_1.11.0_linux_amd64.deb
	dpkg -i gh.deb
	rm gh.deb

	- name: Build
	run: cargo build --release --locked

	- name: Package
	env:
	matrix_target: ${{ matrix.target }}
	run: \|
	rm docs/build.md # Not useful for binaries

	mkdir release-packages

	broker_executable=target/-unknown-linux-musl/release/portier-broker
	basename="Portier-Broker-${tag_name}-Linux-${matrix_target/-*/}"
	mkdir $basename
	cp $broker_executable $basename/
	cp -r $package_resources $basename/
	tar -czf "release-packages/$basename.tgz" $basename

	- name: Upload
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	# Workaround for wonky ownership because we build in docker.
	git config --global --add safe.directory "$PWD"
	gh release upload "$tag_name" release-packages/*

	release-macos:
	runs-on: macos-latest
	env:

	build_targets: \|
	aarch64-apple-darwin
	x86_64-apple-darwin

	steps:

	- name: Checkout
	uses: actions/checkout@v4

	- name: Install Rust
	uses: dtolnay/rust-toolchain@stable

	- name: Add targets
	run: \|
	rustup target add $build_targets

	- name: Build
	run: \|
	for target in $build_targets; do
	echo "::group::Building for $target"
	if ! cargo build --release --locked --target $target; then
	echo "::warning::Build for $target failed"
	fi
	echo "::endgroup::"
	done

	- name: Package
	run: \|
	rm docs/build.md # Not useful for binaries
	rm -r docs/systemd # Linux-specific

	mkdir release-packages

	basename="Portier-Broker-${tag_name}-Darwin"
	mkdir $basename
	lipo -create -output $basename/portier-broker ./target/*/release/portier-broker
	codesign --force -s - $basename/portier-broker
	cp -r $package_resources $basename/
	tar -czf "release-packages/$basename.tgz" $basename

	- name: Upload
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	gh release upload "$tag_name" release-packages/*

	release-windows:
	runs-on: windows-latest
	env:

	# NOTE: Packages are named after the first component of the triple, so
	# these must be unique.
	build_targets: \|
	i686-pc-windows-msvc
	x86_64-pc-windows-msvc

	steps:

	- name: Checkout
	uses: actions/checkout@v4

	- name: Install Rust
	uses: dtolnay/rust-toolchain@stable

	# Required for building AWS Libcrypto
	- name: Install NASM
	uses: ilammy/setup-nasm@v1

	- name: Add targets
	run: \|
	rustup target add $build_targets

	- name: Build
	run: \|
	for target in $build_targets; do
	echo "::group::Building for $target"
	if ! cargo build --release --locked --target $target; then
	echo "::warning::Build for $target failed"
	fi
	echo "::endgroup::"
	done

	- name: Package
	run: \|
	rm docs/build.md # Not useful for binaries
	rm -r docs/systemd # Linux-specific

	mkdir release-packages
	for target in $build_targets; do
	broker_executable="./target/$target/release/portier-broker.exe"
	if [ ! -f "$broker_executable" ]; then
	continue
	fi

	echo "::group::Packaging for $target"
	basename="Portier-Broker-${tag_name}-Windows-${target/-*/}"

	mkdir $basename
	cp $broker_executable $basename/
	cp -r $package_resources $basename/
	7z a -tzip "release-packages/$basename.zip" $basename

	echo "::endgroup::"
	done

	- name: Upload
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	gh release upload "$tag_name" release-packages/*

	release-linux-docker:
	needs: release-linux
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	services:
	# Scratch registry for building multiarch images.
	registry:
	image: registry:2
	ports:
	- 5000:5000
	env:
	scratch_repo: "localhost:5000/scratch"
	steps:

	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	with:
	platforms: arm64

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	# Need network=host for the builder to contact our scratch registry.
	driver: docker-container
	driver-opts: network=host

	- name: Build
	run: \|
	# Map Docker arch to package name
	declare -A build_targets
	build_targets['amd64']='x86_64'
	build_targets['arm64/v8']='aarch64'

	declare -a scratch_tags
	for docker_arch in "${!build_targets[@]}"; do
	pkg_arch="${build_targets[$docker_arch]}"

	# This download may fail if the release build failed for this
	# platform. Continue without the platform, in that case.
	echo "::group::Downloading package for $pkg_arch"
	basename="Portier-Broker-${tag_name}-Linux-${pkg_arch}"
	if ! wget "https://github.com/portier/portier-broker/releases/download/${tag_name}/${basename}.tgz"; then
	echo "::endgroup::"
	continue
	fi
	tar -xzf $basename.tgz

	echo "::endgroup::"
	echo "::group::Building image for $docker_arch"

	# Reuse the Dockerfile base system, but copy in the release instead
	# of rebuilding. This ensures we use the same binaries everywhere.
	cp Dockerfile Dockerfile-release
	echo "FROM base AS release" >> Dockerfile-release
	echo "COPY ./$basename /opt/portier-broker" >> Dockerfile-release

	scratch_tag="$scratch_repo:$pkg_arch"
	docker buildx build \
	--platform linux/$docker_arch \
	--push --tag "$scratch_tag" \
	-f Dockerfile-release .

	scratch_tags+=( "$scratch_tag" )
	echo "::endgroup::"
	done

	# Create a combined 'latest' tag with the multiarch image list.
	docker buildx imagetools create -t "$scratch_repo" "${scratch_tags[@]}"

	- name: Upload
	run: \|
	# We used to use skopeo to copy the final multiarch image, but the
	# current version installed on the GitHub runner is too old. Here we
	# setup regclient.
	curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 > "/tmp/regctl"
	sudo install -t /usr/local/bin -o root -g root -m 0755 "/tmp/regctl"

	# Setup the scratch registry.
	regctl registry set --tls=disabled localhost:5000
	# Login to GitHub Container Registry.
	docker login --password-stdin \
	--username '${{ github.actor }}' \
	ghcr.io <<< '${{ secrets.GITHUB_TOKEN }}'
	# Login to Docker Hub.
	docker login --password-stdin \
	--username '${{ secrets.DOCKERHUB_USERNAME }}' \
	<<< '${{ secrets.DOCKERHUB_TOKEN }}'

	# Publish a version-specific tag.
	regctl image copy "$scratch_repo" "ghcr.io/portier/portier-broker:$tag_name"
	regctl image copy "$scratch_repo" "docker.io/portier/broker:$tag_name"

	# Publish a 'latest' tag.
	if ! grep -q "test" <<< "$tag_name"; then
	regctl image copy "$scratch_repo" "ghcr.io/portier/portier-broker:latest"
	regctl image copy "$scratch_repo" "docker.io/portier/broker:latest"
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.9.0 #74

Workflow file

v0.9.0 #74

Jobs

Run details

Workflow file for this run