Skip to content

deps: lock file maintenance #4669

deps: lock file maintenance

deps: lock file maintenance #4669

Workflow file for this run

name: build
on:
push:
branches: ["**"]
tags: [v*.*.*]
pull_request:
workflow_call:
inputs:
tag-name:
required: true
type: string
outputs:
image_tags:
value: ${{ jobs.image.outputs.image_tags }}
image_url:
value: https://ghcr.io/${{ github.repository }}
env:
IMAGE_REGISTRY: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository_owner }}
IMAGE_NAME: ${{ github.event.repository.name }}
# renovate: datasource=github-releases depName=docker/buildx
BUILDX_VERSION: v0.17.1
jobs:
env:
# release-please によるコミットの時は workflow_call でのみ実行する
if: ${{ !( github.workflow == 'build' && startsWith(github.event.head_commit.message, 'release:') && github.event.head_commit.author.name == 'mazi-release[bot]' ) }}
runs-on: ubuntu-latest
outputs:
BINARY_NAME: ${{ steps.meta.outputs.BINARY_NAME }}
PUSH: ${{ github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch }}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- id: meta
run: |
echo "BINARY_NAME=$(cargo metadata --offline --no-deps --format-version=1 | jq -r '.packages[].targets[] | select(.kind | map(. == "bin") | any ) | .name')" >> $GITHUB_OUTPUT
build:
needs: [env]
permissions:
contents: write
packages: write
strategy:
fail-fast: false
matrix:
profile: ${{ github.ref_name == github.event.repository.default_branch && fromJson('["dev", "release"]') || fromJson('["dev"]') }}
platform:
- target: aarch64-unknown-linux-gnu
os: ubuntu-latest
command: cross
- target: aarch64-unknown-linux-musl
os: ubuntu-latest
command: cross
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
command: cargo
- target: x86_64-unknown-linux-musl
os: ubuntu-latest
command: cargo
# - os: macos-latest
# target: aarch64-apple-darwin
# - os: macos-latest
# target: x86_64-apple-darwin
# - os: windows-latest
# target: x86_64-pc-windows-msvc
# - os: windows-latest
# target: x86_64-pc-windows-gnu
runs-on: ${{ matrix.platform.os }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
defaults:
run:
shell: bash -xe {0}
steps:
- name: Install musl tools
if: matrix.platform.target == 'x86_64-unknown-linux-musl'
run: |
sudo apt-get install -y musl-tools --no-install-recommends
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
filter: tree:0
fetch-depth: 0
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
target: ${{ matrix.platform.target }}
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
with:
key: ${{ matrix.profile }}-${{ matrix.platform.target }}
- name: Install cross
if: ${{ matrix.platform.command == 'cross' }}
uses: taiki-e/install-action@e29814c376696105d80cec9e9efaa98bae8e7347 # v2.44.26
with:
tool: cross
- run: mkdir dist
- run: ${{ matrix.platform.command }} rustc --locked ${{ matrix.profile == 'release' && '--release' || '' }} --target=${{ matrix.platform.target }} -- --emit=link=dist/${{ needs.env.outputs.BINARY_NAME }}
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
with:
name: ${{ matrix.profile }}-${{ matrix.platform.target }}
path: |
dist/${{ needs.env.outputs.BINARY_NAME }}
dist/${{ needs.env.outputs.BINARY_NAME }}.exe
if-no-files-found: error
- name: Upload to release
if: ${{ inputs.tag-name && matrix.profile == 'release' }}
working-directory: dist/
run: |
if [ -e ${{ needs.env.outputs.BINARY_NAME }}.exe ]; then
filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.platform.target }}.exe"
mv ${{ needs.env.outputs.BINARY_NAME }}.exe "$filename"
gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.platform.target }} --clobber
else
filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.platform.target }}"
mv ${{ needs.env.outputs.BINARY_NAME }} "$filename"
gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.platform.target }} --clobber
fi
image:
permissions:
packages: write
needs: [env, build]
if: ${{ fromJson(needs.env.outputs.PUSH) }}
runs-on: ubuntu-latest
outputs:
image_tags: ${{ steps.meta.outputs.tags }}
defaults:
run:
shell: bash -xe {0}
steps:
- name: Download build artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: artifact
pattern: release-*-unknown-linux-musl
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},value=${{ inputs.tag-name }}
type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }}
type=semver,pattern={{major}},value=${{ inputs.tag-name }}
type=edge
type=ref,event=branch
- name: Build Images
run: |
build() {
newcontainer=$(buildah from --platform="$1" scratch)
buildah copy --chmod=0755 $newcontainer ./artifact/release-"$2"/${{ needs.env.outputs.BINARY_NAME }} /${{ needs.env.outputs.BINARY_NAME }}
buildah config --entrypoint='["./${{ needs.env.outputs.BINARY_NAME }}"]' $newcontainer
buildah config --author="Mogyuchi" $(awk '{print "--label=" $0}' <<< "${{ steps.meta.outputs.labels }}") $newcontainer
buildah inspect $newcontainer
buildah commit --manifest=localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} $newcontainer
buildah rm $newcontainer
}
build linux/amd64 x86_64-unknown-linux-musl
build linux/arm64 aarch64-unknown-linux-musl
- id: push
name: Push To GHCR
run: |
buildah manifest inspect localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
tac <<< '${{ steps.meta.outputs.tags }}' \
| parallel --halt=now,fail=1 --jobs=1 'buildah --log-level=trace manifest push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --all --digestfile="$RUNNER_TEMP/image-digest" localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} docker://{} && printf "\`\`\`\n%s@$(cat "$RUNNER_TEMP/image-digest")\n\`\`\`\n" {} >> "$GITHUB_STEP_SUMMARY"'