Speed-up CI by splitting binary builds for each architecture #613
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'release/**' | |
| tags: | |
| - "v*" | |
| # Only run for pull requests if relevant files were changed | |
| pull_request: | |
| branches: | |
| - main | |
| - 'release/**' | |
| paths: | |
| - Dockerfile | |
| - docker-bake.hcl | |
| - .github/workflows/build.yaml | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
| SCCACHE_GHA_ENABLED: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| IMAGE: ghcr.io/element-hq/matrix-authentication-service | |
| IMAGE_SYN2MAS: ghcr.io/element-hq/matrix-authentication-service/syn2mas | |
| BUILDCACHE: ghcr.io/element-hq/matrix-authentication-service/buildcache | |
| DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | |
| jobs: | |
| compute-version: | |
| name: Compute version using git describe | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| describe: ${{ steps.git.outputs.describe }} | |
| timestamp: ${{ steps.git.outputs.timestamp }} | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| with: | |
| # Need a full clone so that `git describe` reports the right version | |
| fetch-depth: 0 | |
| - name: Compute version and timestamp out of git history | |
| id: git | |
| run: | | |
| echo "describe=$(git describe --tags --match 'v*.*.*' --always)" >> $GITHUB_OUTPUT | |
| echo "timestamp=$(git log -1 --format=%ct)" >> $GITHUB_OUTPUT | |
| build-assets: | |
| name: Build assets | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Setup OPA | |
| uses: open-policy-agent/[email protected] | |
| with: | |
| version: 0.64.1 | |
| - name: Install frontend Node | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 20 | |
| - name: Install frontend Node dependencies | |
| working-directory: ./frontend | |
| run: npm ci | |
| - name: Build frontend | |
| working-directory: ./frontend | |
| run: npm run build | |
| - name: Build policies | |
| working-directory: ./policies | |
| run: make | |
| - name: Prepare assets artifact | |
| run: | | |
| mkdir -p assets-dist/share | |
| cp policies/policy.wasm assets-dist/share/policy.wasm | |
| cp frontend/dist/manifest.json assets-dist/share/manifest.json | |
| cp -r frontend/dist/ assets-dist/share/assets | |
| cp -r templates/ assets-dist/share/templates | |
| cp -r translations/ assets-dist/share/translations | |
| cp LICENSE assets-dist/LICENSE | |
| chmod -R u=rwX,go=rX assets-dist/ | |
| - name: Upload assets | |
| uses: actions/[email protected] | |
| with: | |
| name: assets | |
| path: assets-dist | |
| build-binaries: | |
| name: Build binaries | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - compute-version | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| - target: aarch64-unknown-linux-gnu | |
| env: | |
| VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }} | |
| SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/[email protected] | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: | | |
| ${{ matrix.target }} | |
| - name: Setup sccache | |
| uses: mozilla-actions/[email protected] | |
| - name: Install zig | |
| uses: goto-bus-stop/setup-zig@v2 | |
| with: | |
| version: 0.13.0 | |
| - name: Install cargo-zigbuild | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-zigbuild | |
| - name: Build the binary | |
| run: | | |
| cargo zigbuild \ | |
| --release \ | |
| --target ${{ matrix.target }}.2.17 \ | |
| --no-default-features \ | |
| --features dist \ | |
| -p mas-cli | |
| - name: Upload binary artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: binary-${{ matrix.target }} | |
| path: target/${{ matrix.target }}/release/mas-cli | |
| assemble-archives: | |
| name: Assemble release archives | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - build-assets | |
| - build-binaries | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Download assets | |
| uses: actions/[email protected] | |
| with: | |
| name: assets | |
| path: assets-dist | |
| - name: Download binary x86_64 | |
| uses: actions/[email protected] | |
| with: | |
| name: binary-x86_64-unknown-linux-gnu | |
| path: binary-x86_64 | |
| - name: Download binary aarch64 | |
| uses: actions/[email protected] | |
| with: | |
| name: binary-aarch64-unknown-linux-gnu | |
| path: binary-aarch64 | |
| - name: Create final archives | |
| run: | | |
| for arch in x86_64 aarch64; do | |
| mkdir -p dist/${arch}/share | |
| cp -r assets-dist/share/* dist/${arch}/share/ | |
| cp assets-dist/LICENSE dist/${arch}/LICENSE | |
| cp binary-$arch/mas-cli dist/${arch}/mas-cli | |
| chmod -R u=rwX,go=rX dist/${arch}/ | |
| chmod u=rwx,go=rx dist/${arch}/mas-cli | |
| tar -czvf mas-cli-${arch}-linux.tar.gz --owner=0 --group=0 -C dist/${arch}/ . | |
| done | |
| - name: Upload the artifacts | |
| uses: actions/[email protected] | |
| with: | |
| name: binaries | |
| path: | | |
| mas-cli-aarch64-linux.tar.gz | |
| mas-cli-x86_64-linux.tar.gz | |
| build-image: | |
| name: Build and push Docker image | |
| runs-on: ubuntu-latest | |
| outputs: | |
| metadata: ${{ steps.output.outputs.metadata }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| needs: | |
| - compute-version | |
| env: | |
| VERGEN_GIT_DESCRIBE: ${{ needs.compute-version.outputs.describe }} | |
| SOURCE_DATE_EPOCH: ${{ needs.compute-version.outputs.timestamp }} | |
| steps: | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: "${{ env.IMAGE }}" | |
| bake-target: docker-metadata-action | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Docker meta (debug variant) | |
| id: meta-debug | |
| uses: docker/[email protected] | |
| with: | |
| images: "${{ env.IMAGE }}" | |
| bake-target: docker-metadata-action-debug | |
| flavor: | | |
| latest=auto | |
| suffix=-debug,onlatest=true | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Docker meta (syn2mas) | |
| id: meta-syn2mas | |
| uses: docker/[email protected] | |
| with: | |
| images: "${{ env.IMAGE_SYN2MAS }}" | |
| bake-target: docker-metadata-action-syn2mas | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Setup Cosign | |
| uses: sigstore/[email protected] | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| with: | |
| buildkitd-config-inline: | | |
| [registry."docker.io"] | |
| mirrors = ["mirror.gcr.io"] | |
| - name: Login to GitHub Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # For pull-requests, only read from the cache, do not try to push to the | |
| # cache or the image itself | |
| - name: Build | |
| uses: docker/[email protected] | |
| if: github.event_name == 'pull_request' | |
| with: | |
| files: | | |
| ./docker-bake.hcl | |
| cwd://${{ steps.meta.outputs.bake-file }} | |
| cwd://${{ steps.meta-debug.outputs.bake-file }} | |
| cwd://${{ steps.meta-syn2mas.outputs.bake-file }} | |
| set: | | |
| base.cache-from=type=registry,ref=${{ env.BUILDCACHE }}:buildcache | |
| - name: Build and push | |
| id: bake | |
| uses: docker/[email protected] | |
| if: github.event_name != 'pull_request' | |
| with: | |
| files: | |