Merge branch 'main' into peg/debian-package #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| draft-release: | |
| default: false | |
| description: "Draft Release" | |
| required: false | |
| type: boolean | |
| build-docker: | |
| default: false | |
| description: "Build Docker" | |
| required: false | |
| type: boolean | |
| build-binary: | |
| default: true | |
| description: "Build Binary" | |
| required: false | |
| type: boolean | |
| features: | |
| default: '' | |
| description: "Binary Compilation Features" | |
| options: | |
| - '' | |
| - 'redact-sensitive' | |
| required: false | |
| type: choice | |
| jobs: | |
| extract-version: | |
| name: Extract version | |
| runs-on: warp-ubuntu-2404-x64-2x | |
| outputs: | |
| VERSION: ${{ steps.extract_version.outputs.VERSION }} | |
| steps: | |
| - name: Extract version | |
| id: extract_version | |
| run: | | |
| if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then | |
| VERSION="${GITHUB_REF#refs/tags/}" | |
| else | |
| VERSION="$(echo ${GITHUB_SHA} | cut -c1-7)" | |
| fi | |
| echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT | |
| echo "${VERSION}" | |
| echo "### Version: \`${VERSION}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "| | |" >> $GITHUB_STEP_SUMMARY | |
| echo "| ------------------- | ---------------------- |" >> $GITHUB_STEP_SUMMARY | |
| echo "| \`GITHUB_REF_TYPE\` | \`${GITHUB_REF_TYPE}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| \`GITHUB_REF_NAME\` | \`${GITHUB_REF_NAME}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| \`GITHUB_REF\` | \`${GITHUB_REF}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| \`GITHUB_SHA\` | \`${GITHUB_SHA}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| \`VERSION\` | \`${VERSION}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| \`FEATURES\` | \`${{ github.event.inputs.features || 'none' }}\` |" >> $GITHUB_STEP_SUMMARY | |
| build-binary: | |
| name: Build binary | |
| needs: extract-version | |
| if: ${{ github.event.inputs.build-binary == 'true' || github.event_name == 'push'}} # when manually triggered or version tagged | |
| runs-on: ${{ matrix.configs.runner }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| strategy: | |
| matrix: | |
| configs: | |
| - target: x86_64-unknown-linux-gnu | |
| runner: warp-ubuntu-latest-x64-32x | |
| profile: reproducible | |
| features: | |
| - ${{ github.event.inputs.features || '' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Install rust | |
| run: | | |
| curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
| - name: Build reproducible binary with Docker | |
| run: | | |
| RUST_TOOLCHAIN=$(rustc --version | cut -d' ' -f2) | |
| docker build \ | |
| --build-arg "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" \ | |
| --build-arg "FEATURES=${{ matrix.features }}" \ | |
| --build-arg "VERSION=${{ needs.extract-version.outputs.VERSION }}" \ | |
| -f Dockerfile.build-deb -t atp:release \ | |
| --output type=local,dest=./target . | |
| - name: Upload attested-tls-proxy artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: attested-tls-proxy-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}${{ matrix.features && '-' }}${{ matrix.features }} | |
| path: target/${{ matrix.configs.profile }}/attested-tls-proxy | |
| - name: Upload *.deb package | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: deb-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}${{ matrix.features && '-' }}${{ matrix.features }} | |
| path: target/debian/*.deb | |
| draft-release: | |
| name: Draft release | |
| if: ${{ github.event.inputs.draft-release == 'true' || github.event_name == 'push'}} # when manually triggered or version tagged | |
| needs: [extract-version, build-binary] | |
| runs-on: ubuntu-latest | |
| env: | |
| VERSION: ${{ needs.extract-version.outputs.VERSION }} | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| path: artifacts | |
| - name: Record artifacts checksums | |
| working-directory: artifacts | |
| run: | | |
| find ./ || true | |
| for file in *; do sha256sum "$file" >> sha256sums.txt; done; | |
| cat sha256sums.txt | |
| - name: Create release draft | |
| uses: softprops/[email protected] | |
| id: create-release-draft | |
| with: | |
| draft: true | |
| files: artifacts/* | |
| generate_release_notes: true | |
| name: ${{ env.VERSION }} | |
| tag_name: ${{ env.VERSION }} | |
| - name: Write Github Step Summary | |
| run: | | |
| echo "---" | |
| echo "### Release Draft: ${{ env.VERSION }}" >> $GITHUB_STEP_SUMMARY | |
| echo "${{ steps.create-release-draft.outputs.url }}" >> $GITHUB_STEP_SUMMARY |