-
Notifications
You must be signed in to change notification settings - Fork 17
320 lines (296 loc) · 11.1 KB
/
release-cli.yml
File metadata and controls
320 lines (296 loc) · 11.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
name: release-cli
on:
push:
tags:
- 's2-cli-v*'
workflow_dispatch:
permissions:
contents: write
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: s2-streamstore/s2
jobs:
update_helm_chart:
needs: create_manifest
runs-on: ubuntu-latest
steps:
- name: Generate GitHub token
uses: actions/create-github-app-token@v2
id: generate-token
with:
app-id: ${{ secrets.RELEASE_PLZ_APP_ID }}
private-key: ${{ secrets.RELEASE_PLZ_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: main
token: ${{ steps.generate-token.outputs.token }}
- name: Get version from tag
id: version
run: |
VERSION="${GITHUB_REF_NAME#s2-cli-v}"
if [ -z "$VERSION" ] || [ "$VERSION" = "$GITHUB_REF_NAME" ]; then
echo "ERROR: Could not extract version from tag (GITHUB_REF_NAME=$GITHUB_REF_NAME)"
exit 1
fi
echo "CLI version: $VERSION"
echo "value=$VERSION" >> "$GITHUB_OUTPUT"
- name: Update Helm chart version and appVersion
run: |
# Get current chart version
CURRENT_VERSION=$(grep '^version:' charts/s2-lite-helm/Chart.yaml | awk '{print $2}')
if [ -z "$CURRENT_VERSION" ]; then
echo "ERROR: Could not read current chart version"
exit 1
fi
echo "Current chart version: $CURRENT_VERSION"
# Increment patch version (e.g., 0.1.0 -> 0.1.1)
NEW_VERSION=$(echo "$CURRENT_VERSION" | awk -F. '{$NF = $NF + 1; print}' OFS=.)
echo "New chart version: $NEW_VERSION"
# Update both version and appVersion in Chart.yaml
sed -i "s/^version: .*/version: $NEW_VERSION/" charts/s2-lite-helm/Chart.yaml
sed -i 's/^appVersion: ".*"$/appVersion: "${{ steps.version.outputs.value }}"/' charts/s2-lite-helm/Chart.yaml
- name: Commit and push
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
git add charts/s2-lite-helm/Chart.yaml
if git diff --staged --quiet; then
echo "No changes to commit"
else
git commit -m "Bump s2-lite-helm chart to appVersion ${{ steps.version.outputs.value }}"
git pull --rebase
git push
fi
build_binaries:
name: ${{ matrix.target }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-22.04
target: aarch64-unknown-linux-gnu
deps: |
sudo apt-get update
sudo apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
- os: ubuntu-22.04
target: x86_64-unknown-linux-gnu
- os: ubuntu-22.04
target: x86_64-unknown-linux-musl
# for static bin
deps: |
sudo apt-get update
sudo apt-get install -y musl-tools
- os: ubuntu-24.04-arm
target: aarch64-unknown-linux-musl
deps: |
sudo apt-get update
sudo apt-get install -y musl-tools
- os: macos-latest
target: x86_64-apple-darwin
- os: macos-latest
target: aarch64-apple-darwin
- os: windows-latest
target: x86_64-pc-windows-msvc
- os: windows-latest
target: aarch64-pc-windows-msvc
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
rustflags: ""
target: ${{ matrix.target }}
- name: Install dependencies
if: matrix.deps != ''
run: ${{ matrix.deps }}
shell: bash
- name: Set CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER
if: matrix.target == 'aarch64-unknown-linux-gnu'
run: echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
- name: Build
run: cargo build --release --package s2-cli --target ${{ matrix.target }}
- name: Create pem and certificate.der files
if: matrix.os == 'macos-latest'
run: |
echo "${{ secrets.MACOS_PEM }}" | base64 -d -o macos.pem
echo "${{ secrets.MACOS_CERTIFICATE_DER }}" | base64 -d -o certificate.der
- name: Sign macos binary
if: matrix.os == 'macos-latest'
uses: indygreg/apple-code-sign-action@v1
with:
input_path: target/${{ matrix.target }}/release/s2
pem_file: macos.pem
certificate_der_file: certificate.der
sign: true
sign_args: "--code-signature-flags=runtime"
- name: Prepare artifacts
shell: bash
run: |
cd target/${{ matrix.target }}/release
if [ "${{ matrix.os }}" = "windows-latest" ]; then
7z a ../../../s2-${{ matrix.target }}.zip s2.exe
else
zip -r ../../../s2-${{ matrix.target }}.zip s2
fi
- name: App store connect api key
if: matrix.os == 'macos-latest'
run: echo "${{ secrets.APP_STORE_CONNECT_API_KEY }}" | base64 -d -o app_store_connect_api_key.json
- name: Notarize macos binary
if: matrix.os == 'macos-latest'
uses: indygreg/apple-code-sign-action@v1
with:
input_path: s2-${{ matrix.target }}.zip
sign: false
notarize: true
app_store_connect_api_key_json_file: app_store_connect_api_key.json
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.target }}
path: |
*.zip
if-no-files-found: error
build_images:
name: Build ${{ matrix.arch }} Docker image
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- arch: x86-64
runner: ubuntu-latest
- arch: arm64
runner: ubuntu-24.04-arm
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Get version
id: version
uses: SebRollen/toml-action@v1.2.0
with:
file: cli/Cargo.toml
field: package.version
- name: Build and push image
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile
target: runtime
push: true
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.value }}-${{ matrix.arch }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-${{ matrix.arch }}
create_manifest:
name: Create multi-arch Docker manifest
needs: build_images
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Get version
id: version
uses: SebRollen/toml-action@v1.2.0
with:
file: cli/Cargo.toml
field: package.version
- name: Create and push versioned manifest
run: |
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.value }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.value }}-x86-64 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.value }}-arm64
- name: Create and push latest manifest
run: |
docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-x86-64 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-arm64
upload_release_artifacts:
needs: build_binaries
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get version
id: version
uses: SebRollen/toml-action@v1.2.0
with:
file: cli/Cargo.toml
field: package.version
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: '*-*-*'
- name: Upload to release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
TAG="s2-cli-v${{ steps.version.outputs.value }}"
gh release upload "$TAG" */s2-*.zip --clobber || gh release create "$TAG" */s2-*.zip --title "$TAG" --notes ""
update_homebrew:
needs: upload_release_artifacts
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get version
id: version
uses: SebRollen/toml-action@v1.2.0
with:
file: cli/Cargo.toml
field: package.version
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: '*-*-*'
- name: Calculate checksums
run: |
LINUX_INTEL_SHA256=$(shasum -a 256 x86_64-unknown-linux-gnu/s2-x86_64-unknown-linux-gnu.zip | awk '{print $1}')
echo "LINUX_INTEL_SHA256=$LINUX_INTEL_SHA256" >> $GITHUB_ENV
LINUX_ARM_SHA256=$(shasum -a 256 aarch64-unknown-linux-gnu/s2-aarch64-unknown-linux-gnu.zip | awk '{print $1}')
echo "LINUX_ARM_SHA256=$LINUX_ARM_SHA256" >> $GITHUB_ENV
MAC_INTEL_SHA256=$(shasum -a 256 x86_64-apple-darwin/s2-x86_64-apple-darwin.zip | awk '{print $1}')
echo "MAC_INTEL_SHA256=$MAC_INTEL_SHA256" >> $GITHUB_ENV
MAC_ARM_SHA256=$(shasum -a 256 aarch64-apple-darwin/s2-aarch64-apple-darwin.zip | awk '{print $1}')
echo "MAC_ARM_SHA256=$MAC_ARM_SHA256" >> $GITHUB_ENV
- name: Checkout homebrew repo
uses: actions/checkout@v4
with:
repository: 's2-streamstore/homebrew-s2'
token: ${{ secrets.HOMEBREW_PAT }}
- name: Update formula
run: |
sed -i.bak "s/^ version \".*\"$/ version \"${{ steps.version.outputs.value }}\"/" s2.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.MAC_INTEL_SHA256 }}/1' s2.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.MAC_ARM_SHA256 }}/2' s2.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.LINUX_INTEL_SHA256 }}/3' s2.rb
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.LINUX_ARM_SHA256 }}/4' s2.rb
- name: Push formula
run: |
git config --global user.email "mehul@s2.dev"
git config --global user.name "Mehul Arora"
git add s2.rb
git commit -m "Update S2 to ${{ steps.version.outputs.value }}"
git push