build(deps): Bump webpki-roots from 0.26.6 to 0.26.7 #1058
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
tags: | |
- "v*.*.*" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
strategy: | |
matrix: | |
platform: | |
- host: ubuntu-latest | |
target: x86_64-unknown-linux-musl | |
test-bin: ./result/bin/drawbridge --help | |
test-oci: | | |
docker load < ./result | |
docker run --rm drawbridge:$(nix eval --raw .#drawbridge-x86_64-unknown-linux-musl-oci.imageTag) drawbridge --help | |
- host: ubuntu-latest | |
target: aarch64-unknown-linux-musl | |
test-bin: nix shell --inputs-from . 'nixpkgs#qemu' -c qemu-aarch64 ./result/bin/drawbridge --help | |
test-oci: docker load < ./result | |
# TODO: Run the aarch64 binary within OCI | |
runs-on: ${{ matrix.platform.host }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v30 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ github.token }} | |
- uses: cachix/cachix-action@v15 | |
with: | |
name: enarx | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- run: nix build -L --show-trace '.#drawbridge-${{ matrix.platform.target }}' | |
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result/bin/drawbridge "drawbridge-${{ matrix.platform.target }}" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: drawbridge-${{ matrix.platform.target }} | |
path: drawbridge-${{ matrix.platform.target }} | |
- run: ${{ matrix.platform.test-bin }} | |
- run: nix build -L --show-trace '.#drawbridge-${{ matrix.platform.target }}-oci' | |
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result "drawbridge-${{ matrix.platform.target }}-oci" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: drawbridge-${{ matrix.platform.target }}-oci | |
path: drawbridge-${{ matrix.platform.target }}-oci | |
- run: ${{ matrix.platform.test-oci }} | |
push_oci: | |
needs: build | |
permissions: | |
actions: read | |
packages: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: drawbridge-aarch64-unknown-linux-musl-oci | |
- uses: actions/download-artifact@v4 | |
with: | |
name: drawbridge-x86_64-unknown-linux-musl-oci | |
- run: skopeo copy docker-archive:./drawbridge-aarch64-unknown-linux-musl-oci containers-storage:localhost/drawbridge:aarch64 | |
- run: skopeo copy docker-archive:./drawbridge-x86_64-unknown-linux-musl-oci containers-storage:localhost/drawbridge:x86_64 | |
- run: podman image ls | |
- run: podman manifest create drawbridge:manifest | |
- run: podman manifest add drawbridge:manifest containers-storage:localhost/drawbridge:aarch64 --arch=arm64 | |
- run: podman manifest add drawbridge:manifest containers-storage:localhost/drawbridge:x86_64 --arch=amd64 | |
- run: podman manifest inspect drawbridge:manifest | |
- name: metadata | |
id: metadata | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/profianinc/drawbridge | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
sep-tags: " " | |
- name: add tags | |
if: github.event_name == 'push' | |
run: podman tag drawbridge:manifest ${{ steps.metadata.outputs.tags }} | |
- name: push to GitHub Packages | |
if: github.event_name == 'push' | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
tags: ${{ steps.metadata.outputs.tags }} | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
release: | |
needs: build | |
permissions: | |
contents: write | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: drawbridge-aarch64-unknown-linux-musl | |
- uses: actions/download-artifact@v4 | |
with: | |
name: drawbridge-aarch64-unknown-linux-musl-oci | |
- uses: actions/download-artifact@v4 | |
with: | |
name: drawbridge-x86_64-unknown-linux-musl | |
- uses: actions/download-artifact@v4 | |
with: | |
name: drawbridge-x86_64-unknown-linux-musl-oci | |
- uses: softprops/action-gh-release@v2 | |
with: | |
draft: true | |
prerelease: true | |
files: | | |
drawbridge-aarch64-unknown-linux-musl | |
drawbridge-aarch64-unknown-linux-musl-oci | |
drawbridge-x86_64-unknown-linux-musl | |
drawbridge-x86_64-unknown-linux-musl-oci |