studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ci: Publish multi-arch manifest. (fixes #74)

Browse Source 
ci: Toggle package install checks via vars.

docker: Disable provenance attestations which auto-generate manifests.

Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-06-20 10:52:35 +00:00
parent aa1609d611
commit 31a3676cd8
5 changed files with 201 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/main.yml vendored
View File

@@ -39,6 +39,10 @@ jobs:
sys_versions: ${{vars.SYS_VERSIONS || env.default_sys_versions}}
machines: ${{vars.MACHINES || env.default_machines}}
release_url: ${{steps.release.outputs.upload_url}}
check_pkgs: ${{vars.CHECK_PKGS || 'false'}}
complement: ${{vars.COMPLEMENT || 'true'}}
complement_runner: 'het'
docker_repo: ${{vars.DOCKER_REPO}}
strategy:
fail-fast: true
@@ -149,7 +153,8 @@ jobs:
needs: [init, lint]
uses: ./.github/workflows/test.yml
with:
complement: ${{fromJSON(vars.COMPLEMENT || 'true')}}
complement: ${{fromJSON(needs.init.outputs.complement)}}
complement_runner: ${{needs.init.outputs.complement_runner}}
cargo_profiles: ${{needs.init.outputs.cargo_profiles}}
feat_sets: ${{needs.init.outputs.feat_sets}}
rust_toolchains: ${{needs.init.outputs.rust_toolchains}}
@@ -158,7 +163,6 @@ jobs:
sys_targets: ${{needs.init.outputs.sys_targets}}
sys_versions: ${{needs.init.outputs.sys_versions}}
machines: ${{needs.init.outputs.machines}}
complement_runner: 'het'
excludes: >
[
{"cargo_profile": "test", "rust_toolchain": "stable", "feat_set": "none"},
@@ -186,6 +190,7 @@ jobs:
uses: ./.github/workflows/package.yml
with:
release_url: ${{needs.init.outputs.release_url}}
check_pkgs: ${{needs.init.outputs.check_pkgs}}
cargo_profiles: ${{needs.init.outputs.cargo_profiles}}
feat_sets: ${{needs.init.outputs.feat_sets}}
rust_toolchains: ${{needs.init.outputs.rust_toolchains}}
@@ -224,7 +229,7 @@ jobs:
needs: [init, test, package]
uses: ./.github/workflows/publish.yml
with:
docker_repo: ${{vars.DOCKER_REPO}}
docker_repo: ${{needs.init.outputs.docker_repo}}
release_url: ${{needs.init.outputs.release_url}}
cargo_profiles: ${{needs.init.outputs.cargo_profiles}}
feat_sets: ${{needs.init.outputs.feat_sets}}

5
.github/workflows/package.yml vendored
View File

@@ -38,6 +38,9 @@ on:
release_url:
type: string
description: For release assets
check_pkgs:
type: string
default: 'false'
jobs:
book:
@@ -179,7 +182,7 @@ jobs:
&& contains(fromJSON(inputs.feat_sets), fromJSON('["all"]')[0])
&& contains(fromJSON(inputs.cargo_profiles), fromJSON('["release"]')[0])
&& contains(fromJSON(inputs.rust_toolchains), fromJSON('["stable"]')[0])
&& github.ref == 'refs/heads/main'
&& fromJSON(inputs.check_pkgs)
name: Check Packages
needs: [pkgs]

160
.github/workflows/publish.yml vendored
View File

@@ -75,11 +75,10 @@ jobs:
name: Containers
runs-on: ${{matrix.machine}}
permissions: write-all
continue-on-error: false
strategy:
fail-fast: true
matrix:
bake_target: ${{fromJSON('["github", "dockerhub"]')}}
bake_target: ${{fromJSON('["docker_io", "ghcr_io"]')}}
cargo_profile: ${{fromJSON(inputs.cargo_profiles)}}
rust_toolchain: ${{fromJSON(inputs.rust_toolchains)}}
feat_set: ${{fromJSON(inputs.feat_sets)}}
@@ -92,6 +91,10 @@ jobs:
include: ${{fromJSON(inputs.includes)}}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: GitHub Login
uses: docker/login-action@v3
with:
@@ -120,8 +123,157 @@ jobs:
acct: ${{github.actor}}
repo: ${{github.repository}}
docker_repo: ${{inputs.docker_repo}}
docker_tag_preview: ${{ matrix.cargo_profile == 'release' && matrix.feat_set == 'all' && matrix.sys_target == 'x86_64-linux-gnu' && contains(github.ref, 'refs/tags/v') }}
docker_tag_latest: ${{ matrix.cargo_profile == 'release' && matrix.feat_set == 'all' && matrix.sys_target == 'x86_64-linux-gnu' && contains(github.ref, 'refs/tags/v') && !contains(github.ref, '-rc') }}
run: |
docker/bake.sh "${{matrix.bake_target}}"
bundles:
if: >
!failure() && !cancelled()
&& inputs.machines
&& inputs.docker_repo != ''
&& contains(fromJSON(inputs.cargo_profiles), fromJSON('["release"]')[0])
&& contains(fromJSON(inputs.feat_sets), fromJSON('["all"]')[0])
&& contains(fromJSON(inputs.rust_toolchains), fromJSON('["stable"]')[0])
&& contains(github.ref, 'refs/tags/v')
&& !contains(github.ref, '-draft')
name: Bundles
needs: [containers]
runs-on: 'het'
permissions: write-all
strategy:
fail-fast: true
matrix:
bake_target: ${{fromJSON('["docker_io", "ghcr_io"]')}}
cargo_profile: ${{fromJSON('["release"]')}}
feat_set: ${{fromJSON('["all"]')}}
rust_toolchain: ${{fromJSON('["stable"]')}}
sys_name: ${{fromJSON(inputs.sys_names)}}
sys_version: ${{fromJSON(inputs.sys_versions)}}
rust_target: ${{fromJSON(inputs.rust_targets)}}
sys_target: ${{fromJSON(inputs.sys_targets)}}
machine: ${{fromJSON(inputs.machines)}}
exclude: ${{fromJSON(inputs.excludes)}}
include: ${{fromJSON(inputs.includes)}}
steps:
- name: GitHub Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ghcr_token }}
- name: DockerHub Login
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ github.actor }}
password: ${{ secrets.dockerhub_token }}
- name: Release Preview
if: >
!failure() && !cancelled()
&& !contains(github.ref, '-draft')
env:
acct: ${{github.actor}}
ghcr_repo: ${{github.repository}}
docker_repo: ${{inputs.docker_repo}}
registry: ${{matrix.bake_target}}
cargo_profile: ${{matrix.cargo_profile}}
feat_set: ${{matrix.feat_set}}
sys_target: ${{matrix.sys_target}}
ref_name: ${{github.ref_name}}
run: |
registry="$(echo -n $registry | sed s/_/./)"
if test "$registry" = "ghcr.io"; then
repo="$ghcr_repo"
else
repo="$docker_repo"
fi
docker manifest create "${registry}/${repo}:preview" \
--amend "${registry}/${repo}:${ref_name}-${cargo_profile}-${feat_set}-${sys_target}"
- name: Release Latest
if: >
!failure() && !cancelled()
&& !contains(github.ref, '-draft')
&& !contains(github.ref, '-rc')
env:
acct: ${{github.actor}}
ghcr_repo: ${{github.repository}}
docker_repo: ${{inputs.docker_repo}}
registry: ${{matrix.bake_target}}
cargo_profile: ${{matrix.cargo_profile}}
feat_set: ${{matrix.feat_set}}
sys_target: ${{matrix.sys_target}}
ref_name: ${{github.ref_name}}
run: |
registry="$(echo -n $registry | sed s/_/./)"
if test "$registry" = "ghcr.io"; then
repo="$ghcr_repo"
else
repo="$docker_repo"
fi
docker manifest create "${registry}/${repo}:latest" \
--amend "${registry}/${repo}:${ref_name}-${cargo_profile}-${feat_set}-${sys_target}"
delivery:
if: >
!failure() && !cancelled()
&& inputs.machines
&& inputs.docker_repo != ''
&& contains(github.ref, 'refs/tags/v')
name: Delivery
needs: [bundles, documents]
runs-on: 'het'
permissions: write-all
steps:
- name: GitHub Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ghcr_token }}
- name: DockerHub Login
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ github.actor }}
password: ${{ secrets.dockerhub_token }}
- name: Push Preview
if: >
!failure() && !cancelled()
&& !contains(github.ref, '-draft')
env:
ghcr_repo: ${{github.repository}}
docker_repo: ${{inputs.docker_repo}}
run: |
docker manifest push -p "ghcr.io/${ghcr_repo}:preview"
docker manifest push -p "docker.io/${docker_repo}:preview"
- name: Push Latest
if: >
!failure() && !cancelled()
&& !contains(github.ref, '-draft')
&& !contains(github.ref, '-rc')
env:
ghcr_repo: ${{github.repository}}
docker_repo: ${{inputs.docker_repo}}
run: |
docker manifest push -p "ghcr.io/${ghcr_repo}:latest"
docker manifest push -p "docker.io/${docker_repo}:latest"