Skip to content
Release

v0.9.2 #76

Sign in to view logs

v0.9.2

v0.9.2 #76

Workflow file for this run

.github/workflows/release.yml at 82ae2b6
name: Release
on:
release:
types: [created]
defaults:
run:
shell: bash
env:
tag_name: ${{ github.event.release.tag_name }}
package_resources: >-
README.md LICENSE-APACHE LICENSE-MIT
docs lang res tmpl
config.toml.dist
jobs:
release-linux:
strategy:
fail-fast: false
matrix:
# These are tags for rust-musl-cross.
# NOTE: Packages are named after the first component of the target,
# so these must be unique.
# NOTE: On Linux, we are limited mostly by arch support in Ring.
# See: https://github.com/briansmith/ring/blob/main/mk/cargo.sh
target:
- aarch64-musl
- x86_64-musl
runs-on: ubuntu-latest
container: "ghcr.io/rust-cross/rust-musl-cross:${{ matrix.target }}"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install GitHub CLI
run: |
curl -Lo gh.deb https://github.com/cli/cli/releases/download/v1.11.0/gh_1.11.0_linux_amd64.deb
dpkg -i gh.deb
rm gh.deb
- name: Build
run: cargo build --release --locked
- name: Package
env:
matrix_target: ${{ matrix.target }}
run: |
rm docs/build.md # Not useful for binaries
mkdir release-packages
broker_executable=target/*-unknown-linux-musl*/release/portier-broker
basename="Portier-Broker-${tag_name}-Linux-${matrix_target/-*/}"
mkdir $basename
cp $broker_executable $basename/
cp -r $package_resources $basename/
tar -czf "release-packages/$basename.tgz" $basename
- name: Upload
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Workaround for wonky ownership because we build in docker.
git config --global --add safe.directory "$PWD"
gh release upload "$tag_name" release-packages/*
release-macos:
runs-on: macos-latest
env:
build_targets: |
aarch64-apple-darwin
x86_64-apple-darwin
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
- name: Add targets
run: |
rustup target add $build_targets
- name: Build
run: |
for target in $build_targets; do
echo "::group::Building for $target"
if ! cargo build --release --locked --target $target; then
echo "::warning::Build for $target failed"
fi
echo "::endgroup::"
done
- name: Package
run: |
rm docs/build.md # Not useful for binaries
rm -r docs/systemd # Linux-specific
mkdir release-packages
basename="Portier-Broker-${tag_name}-Darwin"
mkdir $basename
lipo -create -output $basename/portier-broker ./target/*/release/portier-broker
codesign --force -s - $basename/portier-broker
cp -r $package_resources $basename/
tar -czf "release-packages/$basename.tgz" $basename
- name: Upload
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload "$tag_name" release-packages/*
release-windows:
runs-on: windows-latest
env:
# NOTE: Packages are named after the first component of the triple, so
# these must be unique.
build_targets: |
i686-pc-windows-msvc
x86_64-pc-windows-msvc
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
# Required for building AWS Libcrypto
- name: Install NASM
uses: ilammy/setup-nasm@v1
- name: Add targets
run: |
rustup target add $build_targets
- name: Build
run: |
for target in $build_targets; do
echo "::group::Building for $target"
if ! cargo build --release --locked --target $target; then
echo "::warning::Build for $target failed"
fi
echo "::endgroup::"
done
- name: Package
run: |
rm docs/build.md # Not useful for binaries
rm -r docs/systemd # Linux-specific
mkdir release-packages
for target in $build_targets; do
broker_executable="./target/$target/release/portier-broker.exe"
if [ ! -f "$broker_executable" ]; then
continue
fi
echo "::group::Packaging for $target"
basename="Portier-Broker-${tag_name}-Windows-${target/-*/}"
mkdir $basename
cp $broker_executable $basename/
cp -r $package_resources $basename/
7z a -tzip "release-packages/$basename.zip" $basename
echo "::endgroup::"
done
- name: Upload
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload "$tag_name" release-packages/*
release-linux-docker:
needs: release-linux
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
services:
# Scratch registry for building multiarch images.
registry:
image: registry:2
ports:
- 5000:5000
env:
scratch_repo: "localhost:5000/scratch"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# Need network=host for the builder to contact our scratch registry.
driver: docker-container
driver-opts: network=host
- name: Build
run: |
# Map Docker arch to package name
declare -A build_targets
build_targets['amd64']='x86_64'
build_targets['arm64/v8']='aarch64'
declare -a scratch_tags
for docker_arch in "${!build_targets[@]}"; do
pkg_arch="${build_targets[$docker_arch]}"
# This download may fail if the release build failed for this
# platform. Continue without the platform, in that case.
echo "::group::Downloading package for $pkg_arch"
basename="Portier-Broker-${tag_name}-Linux-${pkg_arch}"
if ! wget "https://github.com/portier/portier-broker/releases/download/${tag_name}/${basename}.tgz"; then
echo "::endgroup::"
continue
fi
tar -xzf $basename.tgz
echo "::endgroup::"
echo "::group::Building image for $docker_arch"
# Reuse the Dockerfile base system, but copy in the release instead
# of rebuilding. This ensures we use the same binaries everywhere.
cp Dockerfile Dockerfile-release
echo "FROM base AS release" >> Dockerfile-release
echo "COPY ./$basename /opt/portier-broker" >> Dockerfile-release
scratch_tag="$scratch_repo:$pkg_arch"
docker buildx build \
--platform linux/$docker_arch \
--push --tag "$scratch_tag" \
-f Dockerfile-release .
scratch_tags+=( "$scratch_tag" )
echo "::endgroup::"
done
# Create a combined 'latest' tag with the multiarch image list.
docker buildx imagetools create -t "$scratch_repo" "${scratch_tags[@]}"
- name: Upload
run: |
# We used to use skopeo to copy the final multiarch image, but the
# current version installed on the GitHub runner is too old. Here we
# setup regclient.
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 > "/tmp/regctl"
sudo install -t /usr/local/bin -o root -g root -m 0755 "/tmp/regctl"
# Setup the scratch registry.
regctl registry set --tls=disabled localhost:5000
# Login to GitHub Container Registry.
docker login --password-stdin \
--username '${{ github.actor }}' \
ghcr.io <<< '${{ secrets.GITHUB_TOKEN }}'
# Login to Docker Hub.
docker login --password-stdin \
--username '${{ secrets.DOCKERHUB_USERNAME }}' \
<<< '${{ secrets.DOCKERHUB_TOKEN }}'
# Publish a version-specific tag.
regctl image copy "$scratch_repo" "ghcr.io/portier/portier-broker:$tag_name"
regctl image copy "$scratch_repo" "docker.io/portier/broker:$tag_name"
# Publish a 'latest' tag.
if ! grep -q "test" <<< "$tag_name"; then
regctl image copy "$scratch_repo" "ghcr.io/portier/portier-broker:latest"
regctl image copy "$scratch_repo" "docker.io/portier/broker:latest"
fi