name: Release
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "v*.*.*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
strategy:
matrix:
platform:
- host: ubuntu-latest
target: x86_64-unknown-linux-musl
test-bin: ./result/bin/drawbridge --help
test-oci: |
docker load < ./result
docker run --rm drawbridge:$(nix eval --raw .#drawbridge-x86_64-unknown-linux-musl-oci.imageTag) drawbridge --help
- host: ubuntu-latest
target: aarch64-unknown-linux-musl
test-bin: nix shell --inputs-from . 'nixpkgs#qemu' -c qemu-aarch64 ./result/bin/drawbridge --help
test-oci: docker load < ./result
runs-on: ${{ matrix.platform.host }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
with:
extra_nix_config: |
access-tokens = github.com=${{ github.token }}
- uses: cachix/cachix-action@v14
with:
name: enarx
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix build -L --show-trace '.#drawbridge-${{ matrix.platform.target }}'
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result/bin/drawbridge "drawbridge-${{ matrix.platform.target }}"
- uses: actions/upload-artifact@v4
with:
name: drawbridge-${{ matrix.platform.target }}
path: drawbridge-${{ matrix.platform.target }}
- run: ${{ matrix.platform.test-bin }}
- run: nix build -L --show-trace '.#drawbridge-${{ matrix.platform.target }}-oci'
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result "drawbridge-${{ matrix.platform.target }}-oci"
- uses: actions/upload-artifact@v4
with:
name: drawbridge-${{ matrix.platform.target }}-oci
path: drawbridge-${{ matrix.platform.target }}-oci
- run: ${{ matrix.platform.test-oci }}
push_oci:
needs: build
permissions:
actions: read
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: drawbridge-aarch64-unknown-linux-musl-oci
- uses: actions/download-artifact@v4
with:
name: drawbridge-x86_64-unknown-linux-musl-oci
- run: skopeo copy docker-archive:./drawbridge-aarch64-unknown-linux-musl-oci containers-storage:localhost/drawbridge:aarch64
- run: skopeo copy docker-archive:./drawbridge-x86_64-unknown-linux-musl-oci containers-storage:localhost/drawbridge:x86_64
- run: podman image ls
- run: podman manifest create drawbridge:manifest
- run: podman manifest add drawbridge:manifest containers-storage:localhost/drawbridge:aarch64 --arch=arm64
- run: podman manifest add drawbridge:manifest containers-storage:localhost/drawbridge:x86_64 --arch=amd64
- run: podman manifest inspect drawbridge:manifest
- name: metadata
id: metadata
uses: docker/metadata-action@v5
with:
images: ghcr.io/profianinc/drawbridge
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
sep-tags: " "
- name: add tags
if: github.event_name == 'push'
run: podman tag drawbridge:manifest ${{ steps.metadata.outputs.tags }}
- name: push to GitHub Packages
if: github.event_name == 'push'
uses: redhat-actions/push-to-registry@v2
with:
tags: ${{ steps.metadata.outputs.tags }}
username: ${{ github.actor }}
password: ${{ github.token }}
release:
needs: build
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: drawbridge-aarch64-unknown-linux-musl
- uses: actions/download-artifact@v4
with:
name: drawbridge-aarch64-unknown-linux-musl-oci
- uses: actions/download-artifact@v4
with:
name: drawbridge-x86_64-unknown-linux-musl
- uses: actions/download-artifact@v4
with:
name: drawbridge-x86_64-unknown-linux-musl-oci
- uses: softprops/action-gh-release@v2
with:
draft: true
prerelease: true
files: |
drawbridge-aarch64-unknown-linux-musl
drawbridge-aarch64-unknown-linux-musl-oci
drawbridge-x86_64-unknown-linux-musl
drawbridge-x86_64-unknown-linux-musl-oci