Issue 218 - Cargo update (#220) #599

Workflow file for this run

	name: Build

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	release:
	types: [published]

	jobs:
	check-access:
	runs-on: ubuntu-latest
	outputs:
	has-token-access: ${{ steps.check.outputs.has-token-access }}
	steps:
	- id: check
	run: \|
	echo "has-token-access=$(if [[ '${{ github.event.pull_request.head.repo.fork }}' != 'true' && '${{ github.actor }}' != 'dependabot[bot]' ]]; then echo 'true'; else echo 'false'; fi)" >> $GITHUB_OUTPUT

	dotnet-tests:
	needs: check-access
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run DotNet Tests
	run: \|
	dotnet test --collect:"XPlat Code Coverage"

	- name: Generate code coverage
	run: \|
	dotnet tool install --global dotnet-reportgenerator-globaltool
	reportgenerator \
	"-reports:test/coverage/projects/**/coverage.opencover.xml" \
	"-targetdir:coveragereport" \
	-reporttypes:lcov

	- name: Upload code coverage
	if: github.event_name == 'pull_request' && needs.check-access.outputs.has-token-access == 'true'
	uses: ./.github/actions/coverage-report
	with:
	lcov-file: coveragereport/lcov.info
	title: DotNet Code Coverage Report

	rust-tests:
	needs: check-access
	runs-on: ubuntu-latest
	timeout-minutes: 10
	env:
	CARGO_TERM_COLOR: always
	steps:
	- uses: actions/checkout@v4

	- uses: moonrepo/setup-rust@v1

	- name: Install cargo-llvm-cov
	uses: taiki-e/install-action@cargo-llvm-cov

	- name: Generate code coverage
	run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info

	- name: Upload code coverage
	if: github.event_name == 'pull_request' && needs.check-access.outputs.has-token-access == 'true'
	uses: ./.github/actions/coverage-report
	with:
	lcov-file: lcov.info
	title: Rust Code Coverage Report

	build-router-arm64:
	needs: check-access
	env:
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-router${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	runs-on: [self-hosted, arm64]
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run the certs script
	run: \|
	./certs.sh

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS Credentials
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1

	- name: Login to ECR Public
	if: needs.check-access.outputs.has-token-access == 'true'
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Build Router
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./DockerfileRouter
	build-args: BUILD_ARCH=linux-arm64
	platforms: linux/arm64
	outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }}

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests-router
	rm /tmp/digests-router/* \|\| true
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests-router/${digest#sha256:}"

	- name: Upload digest
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: actions/upload-artifact@v3
	with:
	name: digests-router
	path: /tmp/digests-router/*
	if-no-files-found: error
	retention-days: 1

	build-router:
	needs: check-access
	env:
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-router${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run the certs script
	run: \|
	./certs.sh

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS Credentials
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1

	- name: Login to ECR Public
	if: needs.check-access.outputs.has-token-access == 'true'
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Build Router
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./DockerfileRouter
	build-args: BUILD_ARCH=linux-x64
	platforms: linux/amd64
	outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }}

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests-router
	rm /tmp/digests-router/* \|\| true
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests-router/${digest#sha256:}"

	- name: Upload digest
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: actions/upload-artifact@v3
	with:
	name: digests-router
	path: /tmp/digests-router/*
	if-no-files-found: error
	retention-days: 1

	merge-router:
	if: needs.check-access.outputs.has-token-access == 'true'
	env:
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-router${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	runs-on: ubuntu-latest
	needs:
	- check-access
	- build-router
	- build-router-arm64
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Clear digests
	run: \|
	rm -rf /tmp/digests-router/* \|\| true
	- name: Download digests
	uses: actions/download-artifact@v3
	with:
	name: digests-router
	path: /tmp/digests-router
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	# type=sha
	tags: \|
	enable=${{ github.event_name == 'release' }},type=raw,value=latest
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	labels: \|
	org.opencontainers.image.source=${{ github.event.repository.html_url }}
	org.opencontainers.image.revision=${{ github.sha }}

	- name: Set DOCKER_METADATA_OUTPUT_JSON environment variable
	run: echo "DOCKER_METADATA_OUTPUT_JSON=$(echo '${{ toJson(steps.meta.outputs) }}' \| tr '\n' ' ')" >> $GITHUB_ENV

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1
	- name: Login to ECR Public
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Create manifest list and push
	working-directory: /tmp/digests-router
	run: \|
	docker buildx imagetools create $((jq -r '.json' \| jq -cr '.tags \| map("-t " + .) \| join(" ")') <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

	build-extension-arm64:
	needs: check-access
	env:
	ARCH: aarch64
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install gcc musl cross-compiler
	uses: ./.github/actions/setup-gcc-musl-cross
	with:
	arch: ${{ env.ARCH }}

	- uses: moonrepo/setup-rust@v1
	with:
	targets: "${{ env.ARCH }}-unknown-linux-musl"
	cache-target: release

	- name: Build extension
	env:
	CC: ${{ env.ARCH }}-linux-musl-gcc
	run: \|
	cargo build --release --target ${{ env.ARCH }}-unknown-linux-musl

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS Credentials
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1

	- name: Login to ECR Public
	if: needs.check-access.outputs.has-token-access == 'true'
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Build Lambda
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./DockerfileExtensionCross
	build-args: BUILD_ARCH=linux-arm64
	platforms: linux/arm64
	outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }}

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	rm /tmp/digests/* \|\| true
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Upload digest
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: actions/upload-artifact@v3
	with:
	name: digests-extension
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	build-extension:
	needs: check-access
	env:
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	ARCH: x86_64
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install gcc musl cross-compiler
	uses: ./.github/actions/setup-gcc-musl-cross
	with:
	arch: ${{ env.ARCH }}

	- uses: moonrepo/setup-rust@v1
	with:
	targets: "${{ env.ARCH }}-unknown-linux-musl"
	cache-target: release

	- name: Build extension
	env:
	CC: ${{ env.ARCH }}-linux-musl-gcc
	run: \|
	cargo build --release --target ${{ env.ARCH }}-unknown-linux-musl

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS Credentials
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1

	- name: Login to ECR Public
	if: needs.check-access.outputs.has-token-access == 'true'
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Build
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./DockerfileExtensionCross
	build-args: \|
	ARCH=x86_64
	TARGET_PLATFORM=linux/amd64
	platforms: linux/amd64
	outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }}

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	rm /tmp/digests/* \|\| true
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Upload digest
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: actions/upload-artifact@v3
	with:
	name: digests-extension
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	merge-extension:
	if: needs.check-access.outputs.has-token-access == 'true'
	env:
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	runs-on: ubuntu-latest
	needs:
	- check-access
	- build-extension
	- build-extension-arm64
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Clear digests
	run: \|
	rm -rf /tmp/digests/* \|\| true
	- name: Download digests
	uses: actions/download-artifact@v3
	with:
	name: digests-extension
	path: /tmp/digests
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	# type=sha
	tags: \|
	enable=${{ github.event_name == 'release' }},type=raw,value=latest
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	labels: \|
	org.opencontainers.image.source=${{ github.event.repository.html_url }}
	org.opencontainers.image.revision=${{ github.sha }}

	- name: Set DOCKER_METADATA_OUTPUT_JSON environment variable
	run: echo "DOCKER_METADATA_OUTPUT_JSON=$(echo '${{ toJson(steps.meta.outputs) }}' \| tr '\n' ' ')" >> $GITHUB_ENV

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1
	- name: Login to ECR Public
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $((jq -r '.json' \| jq -cr '.tags \| map("-t " + .) \| join(" ")') <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

	build-demoapp:
	env:
	REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-demo-app${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	needs:
	- check-access
	- merge-extension
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	tags: \|
	enable=${{ github.event_name == 'release' }},type=raw,value=latest
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	labels: \|
	org.opencontainers.image.source=${{ github.event.repository.html_url }}
	org.opencontainers.image.revision=${{ github.sha }}

	- name: Compute PR Suffix
	id: prSuffix
	run: \|
	if [ -n "${{ github.event.pull_request.number }}" ]; then
	echo "imageTag=pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
	echo "prSuffix=-pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
	echo "prSuffixPackageVersion=-pr.${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
	echo "PR_SUFFIX=-pr-"${{ github.event.pull_request.number }} >> $GITHUB_ENV
	else
	TAG_OR_BRANCH=$(echo $GITHUB_REF \| sed -e 's\|refs/tags/v\|\|' -e 's\|refs/heads/\|\|')
	echo "imageTag=${TAG_OR_BRANCH}" >> $GITHUB_OUTPUT
	echo "prSuffix=" >> $GITHUB_OUTPUT
	echo "prSuffixPackageVersion=" >> $GITHUB_OUTPUT
	echo "PR_SUFFIX=" >> $GITHUB_ENV
	fi
	- name: Swap in tagged image name in the Dockerfile
	run: \|
	sed -i "s\|FROM lambda-dispatch-extension\|FROM public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' \|\| '' }}:${{ steps.prSuffix.outputs.imageTag }}\|g" ./DockerfileLambdaDemoApp

	- name: Configure AWS Credentials
	if: needs.check-access.outputs.has-token-access == 'true'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-session-name: lambda-dispatch-ghpublic-build
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole
	aws-region: us-east-1
	- name: Login to ECR Public
	if: needs.check-access.outputs.has-token-access == 'true'
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public
	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./DockerfileLambdaDemoApp
	platforms: linux/amd64,linux/arm64
	push: ${{ needs.check-access.outputs.has-token-access == 'true' }}
	tags: ${{ steps.meta.outputs.tags }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Issue 218 - Cargo update (#220) #599

Workflow file

Issue 218 - Cargo update (#220) #599

Jobs

Run details

Workflow file for this run