proxy/.github/workflows/release.yml at 99d0190eb2594972860c1b1b484ad931a6dbeb58 · cipherstash/proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Release
on:
  push:
    branches:
      - main
  release:
    types: [published]
  workflow_dispatch:

env:
  REGISTRY_IMAGE: cipherstash/proxy

jobs:
  build:
    name: 🏗️ Build binaries + Docker images
    strategy:
      fail-fast: false
      matrix:
        build:
          - { os: blacksmith-16vcpu-ubuntu-2204, docker_platform: linux/amd64, rust_target: "x86_64-unknown-linux-gnu",  cache-provider: buildjet }
          - { os: linux-arm64-public,          docker_platform: linux/arm64, rust_target: "aarch64-unknown-linux-gnu", cache-provider: github }
    runs-on: ${{matrix.build.os}}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Rust cache
        uses: Swatinem/rust-cache@v2
        if: github.event_name == 'pull_request' # only cache in pull requests
        with:
          cache-provider: ${{matrix.build.cache-provider}}
          cache-all-crates: true
      - uses: jdx/mise-action@v2
        with:
          version: 2025.1.6 # [default: latest] mise version to install
          install: true # [default: true] run `mise install`
          cache: ${{ github.event_name != 'pull_request' }} # cache mise using GitHub's cache if running in a PR
      - run: |
          mise run build --platform ${{matrix.build.docker_platform}} --target ${{matrix.build.rust_target}}

      - uses: actions/upload-artifact@v4
        with:
          name: cipherstash-proxy-${{matrix.build.docker_platform == 'linux/amd64' && 'linux_amd64' || 'linux_arm64'}}
          path: cipherstash-proxy

      - name: Prepare
        run: |
          platform=${{ matrix.build.docker_platform }}
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY_IMAGE }}

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_PERSONAL_ACCESS_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and push by digest
        id: build
        uses: docker/build-push-action@v6
        with:
          context: .
          file: proxy.Dockerfile
          platforms: ${{ matrix.build.docker_platform }}
          labels: ${{ steps.meta.outputs.labels }}
          tags: ${{ env.REGISTRY_IMAGE }}
          outputs: type=image,push-by-digest=true,name-canonical=true,push=true

      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"

      - name: Upload digest
        uses: actions/upload-artifact@v4
        with:
          name: digests-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1

  merge:
    name: Publish multi-platform image
    runs-on: linux-arm64-public
    needs:
      - build
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
          merge-multiple: true

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_PERSONAL_ACCESS_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY_IMAGE }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}

      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)

      - name: Inspect image
        run: |
          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

      - name: Notify Multitudes
        run: |
          curl --request POST \
            --fail-with-body \
            --url "https://api.developer.multitudes.co/deployments" \
            --header "Content-Type: application/json" \
            --header "Authorization: ${{ secrets.MULTITUDES_ACCESS_TOKEN }}" \
            --data '{"commitSha": "${{ github.sha }}", "environmentName":"dockerhub"}'