mirrors/krata
1
0
Fork 0
mirror of https://github.com/edera-dev/krata.git synced 2025-08-03 05:10:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(workflows): rework and simplify github actions workflows (#260)

Browse Source
This commit is contained in:
Alex Zenla 2024-07-17 20:48:54 -07:00 committed by GitHub
parent b2fba6400e
commit 6e051f52b9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 311 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
.github/workflows/check.yml vendored
View File

@ -7,31 +7,196 @@ on:
branches: branches:
- main - main
jobs: jobs:
fmt: rustfmt:
name: fmt name: rustfmt
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- run: | - name: install stable rust toolchain with rustfmt
run: |
rustup update --no-self-update stable rustup update --no-self-update stable
rustup default stable rustup default stable
rustup component add rustfmt rustup component add rustfmt
- run: ./hack/ci/install-linux-deps.sh - name: install linux dependencies
run: ./hack/ci/install-linux-deps.sh
# Temporarily ignored: https://github.com/edera-dev/krata/issues/206 # Temporarily ignored: https://github.com/edera-dev/krata/issues/206
- run: ./hack/build/cargo.sh fmt --all -- --check || true - name: cargo fmt
run: ./hack/build/cargo.sh fmt --all -- --check || true
shellcheck: shellcheck:
name: shellcheck name: shellcheck
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- run: ./hack/code/shellcheck.sh - name: shellcheck
run: ./hack/code/shellcheck.sh
full-build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: full build linux-${{ matrix.arch }}
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: install stable rust toolchain
run: |
rustup update --no-self-update stable
rustup default stable
- name: install linux dependencies
run: ./hack/ci/install-linux-deps.sh
- name: cargo build
run: ./hack/build/cargo.sh build
full-test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: full test linux-${{ matrix.arch }}
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: install stable rust toolchain
run: |
rustup update --no-self-update stable
rustup default stable
- name: install linux dependencies
run: ./hack/ci/install-linux-deps.sh
- name: cargo test
run: ./hack/build/cargo.sh test
full-clippy:
runs-on: ubuntu-latest
strategy:
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: full clippy linux-${{ matrix.arch }}
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: install stable rust toolchain with clippy
run: |
rustup update --no-self-update stable
rustup default stable
rustup component add clippy
- name: install linux dependencies
run: ./hack/ci/install-linux-deps.sh
- name: cargo clippy
run: ./hack/build/cargo.sh clippy
guest-init:
runs-on: ubuntu-latest
strategy:
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: guest-init ${{ matrix.arch }}
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: install stable rust toolchain with ${{ matrix.arch }}-unknown-linux-gnu and ${{ matrix.arch }}-unknown-linux-musl rust targets
run: |
rustup update --no-self-update stable
rustup default stable
rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl
- name: install linux dependencies
run: ./hack/ci/install-linux-deps.sh
- name: initrd build
run: ./hack/initrd/build.sh
kratactl-build:
strategy:
fail-fast: false
matrix:
platform:
- { os: linux, arch: x86_64, on: ubuntu-latest, deps: linux }
- { os: linux, arch: aarch64, on: ubuntu-latest, deps: linux }
- { os: darwin, arch: x86_64, on: macos-14, deps: darwin }
- { os: darwin, arch: aarch64, on: macos-14, deps: darwin }
- { os: freebsd, arch: x86_64, on: ubuntu-latest, deps: linux }
- { os: windows, arch: x86_64, on: windows-latest, deps: windows }
env:
TARGET_OS: "${{ matrix.platform.os }}"
TARGET_ARCH: "${{ matrix.platform.arch }}"
runs-on: "${{ matrix.platform.on }}"
name: kratactl build ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
defaults:
run:
shell: bash
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: configure git line endings
run: git config --global core.autocrlf false && git config --global core.eol lf
if: ${{ matrix.platform.os == 'windows' }}
- name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: install stable rust toolchain
run: |
rustup update --no-self-update stable
rustup default stable
- name: install ${{ matrix.platform.arch }}-apple-darwin rust target
run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin"
if: ${{ matrix.platform.os == 'darwin' }}
- name: setup homebrew
uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master
if: ${{ matrix.platform.os == 'darwin' }}
- name: install ${{ matrix.platform.deps }} dependencies
run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh
- name: cargo build kratactl
run: ./hack/build/cargo.sh build --bin kratactl

46
.github/workflows/client.yml vendored
View File

@ -1,46 +0,0 @@
name: client
on:
pull_request:
branches:
- main
merge_group:
branches:
- main
jobs:
build:
strategy:
fail-fast: false
matrix:
platform:
- { os: linux, arch: x86_64, on: ubuntu-latest, deps: linux }
- { os: linux, arch: aarch64, on: ubuntu-latest, deps: linux }
- { os: darwin, arch: x86_64, on: macos-14, deps: darwin }
- { os: darwin, arch: aarch64, on: macos-14, deps: darwin }
- { os: freebsd, arch: x86_64, on: ubuntu-latest, deps: linux }
- { os: windows, arch: x86_64, on: windows-latest, deps: windows }
env:
TARGET_OS: "${{ matrix.platform.os }}"
TARGET_ARCH: "${{ matrix.platform.arch }}"
runs-on: "${{ matrix.platform.on }}"
name: client build ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
defaults:
run:
shell: bash
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- run: git config --global core.autocrlf false && git config --global core.eol lf
if: ${{ matrix.platform.os == 'windows' }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- run: |
rustup update --no-self-update stable
rustup default stable
- run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin"
if: ${{ matrix.platform.os == 'darwin' }}
- uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master
if: ${{ matrix.platform.os == 'darwin' }}
- run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh
- run: ./hack/build/cargo.sh build --bin kratactl

103
.github/workflows/nightly.yml vendored
View File

@ -6,7 +6,7 @@ on:
permissions: permissions:
contents: read contents: read
jobs: jobs:
server: full-build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
@ -16,46 +16,48 @@ jobs:
- aarch64 - aarch64
env: env:
TARGET_ARCH: "${{ matrix.arch }}" TARGET_ARCH: "${{ matrix.arch }}"
name: nightly server ${{ matrix.arch }} name: nightly full build ${{ matrix.arch }}
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- run: | - name: install stable rust toolchain with ${{ matrix.arch }}-unknown-linux-gnu and ${{ matrix.arch }}-unknown-linux-musl rust targets
run: |
rustup update --no-self-update stable rustup update --no-self-update stable
rustup default stable rustup default stable
rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl
- run: ./hack/ci/install-linux-deps.sh - name: install linux dependencies
- run: ./hack/dist/bundle.sh run: ./hack/ci/install-linux-deps.sh
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 - name: build systemd bundle
run: ./hack/dist/bundle.sh
- name: upload systemd bundle
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with: with:
name: krata-bundle-systemd-${{ matrix.arch }} name: krata-bundle-systemd-${{ matrix.arch }}
path: "target/dist/bundle-systemd-${{ matrix.arch }}.tgz" path: "target/dist/bundle-systemd-${{ matrix.arch }}.tgz"
compression-level: 0 compression-level: 0
- run: ./hack/dist/deb.sh - name: build deb package
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 run: ./hack/dist/deb.sh
- name: upload deb package
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with: with:
name: krata-debian-${{ matrix.arch }} name: krata-debian-${{ matrix.arch }}
path: "target/dist/*.deb" path: "target/dist/*.deb"
compression-level: 0 compression-level: 0
- run: ./hack/dist/apk.sh - name: build apk package
env: run: ./hack/dist/apk.sh
KRATA_KERNEL_BUILD_SKIP: "1" - name: upload apk package
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with: with:
name: krata-alpine-${{ matrix.arch }} name: krata-alpine-${{ matrix.arch }}
path: "target/dist/*_${{ matrix.arch }}.apk" path: "target/dist/*_${{ matrix.arch }}.apk"
compression-level: 0 compression-level: 0
- run: ./hack/os/build.sh kratactl-build:
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: krata-os-${{ matrix.arch }}
path: "target/os/krata-${{ matrix.arch }}.qcow2"
compression-level: 0
client:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -70,39 +72,49 @@ jobs:
TARGET_OS: "${{ matrix.platform.os }}" TARGET_OS: "${{ matrix.platform.os }}"
TARGET_ARCH: "${{ matrix.platform.arch }}" TARGET_ARCH: "${{ matrix.platform.arch }}"
runs-on: "${{ matrix.platform.on }}" runs-on: "${{ matrix.platform.on }}"
name: nightly client ${{ matrix.platform.os }}-${{ matrix.platform.arch }} name: nightly kratactl build ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
defaults: defaults:
run: run:
shell: bash shell: bash
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- run: git config --global core.autocrlf false && git config --global core.eol lf - name: configure git line endings
run: git config --global core.autocrlf false && git config --global core.eol lf
if: ${{ matrix.platform.os == 'windows' }} if: ${{ matrix.platform.os == 'windows' }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- run: | - name: install stable rust toolchain
run: |
rustup update --no-self-update stable rustup update --no-self-update stable
rustup default stable rustup default stable
- run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin" - name: install ${{ matrix.platform.arch }}-apple-darwin rust target
run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin"
if: ${{ matrix.platform.os == 'darwin' }} if: ${{ matrix.platform.os == 'darwin' }}
- uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master - name: setup homebrew
uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master
if: ${{ matrix.platform.os == 'darwin' }} if: ${{ matrix.platform.os == 'darwin' }}
- run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh - name: install ${{ matrix.platform.deps }} dependencies
- run: ./hack/build/cargo.sh build --release --bin kratactl run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 - name: cargo build kratactl
run: ./hack/build/cargo.sh build --release --bin kratactl
- name: upload kratactl
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with: with:
name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }} name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
path: "target/*/release/kratactl" path: "target/*/release/kratactl"
if: ${{ matrix.platform.os != 'windows' }} if: ${{ matrix.platform.os != 'windows' }}
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 - name: upload kratactl
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with: with:
name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }} name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
path: "target/*/release/kratactl.exe" path: "target/*/release/kratactl.exe"
if: ${{ matrix.platform.os == 'windows' }} if: ${{ matrix.platform.os == 'windows' }}
oci: oci-build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
@ -112,32 +124,39 @@ jobs:
- kratad - kratad
- kratanet - kratanet
- krata-guest-init - krata-guest-init
name: "oci build ${{ matrix.component }}" name: nightly oci build ${{ matrix.component }}
permissions: permissions:
packages: write packages: write
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: install cosign
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - name: setup docker buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: login to container registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with: with:
registry: ghcr.io registry: ghcr.io
username: "${{ github.actor }}" username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}" password: "${{ secrets.GITHUB_TOKEN }}"
- uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 - name: docker build and push ${{ matrix.component }}
uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0
id: push id: push
with: with:
file: ./images/Dockerfile.${{ matrix.component }} file: ./images/Dockerfile.${{ matrix.component }}
platforms: linux/amd64,linux/aarch64 platforms: linux/amd64,linux/aarch64
tags: "ghcr.io/edera-dev/${{ matrix.component }}:nightly" tags: "ghcr.io/edera-dev/${{ matrix.component }}:nightly"
push: true push: true
- env: - name: cosign sign ${{ matrix.component }}
run: cosign sign --yes "${TAGS}@${DIGEST}"
env:
DIGEST: "${{ steps.push.outputs.digest }}" DIGEST: "${{ steps.push.outputs.digest }}"
TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:nightly" TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:nightly"
COSIGN_EXPERIMENTAL: "true" COSIGN_EXPERIMENTAL: "true"
run: cosign sign --yes "${TAGS}@${DIGEST}"

101
.github/workflows/release-binaries.yml → .github/workflows/release-assets.yml vendored
View File

@ -1,4 +1,4 @@
name: release-binaries name: release-assets
on: on:
release: release:
types: types:
@ -11,7 +11,7 @@ env:
RUST_BACKTRACE: 1 RUST_BACKTRACE: 1
RUSTUP_MAX_RETRIES: 10 RUSTUP_MAX_RETRIES: 10
jobs: jobs:
server: services:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
@ -21,31 +21,42 @@ jobs:
- aarch64 - aarch64
env: env:
TARGET_ARCH: "${{ matrix.arch }}" TARGET_ARCH: "${{ matrix.arch }}"
name: "release-binaries server ${{ matrix.arch }}" name: release-assets services ${{ matrix.arch }}
permissions: permissions:
contents: write contents: write
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- run: | - name: install stable rust toolchain with ${{ matrix.arch }}-unknown-linux-gnu and ${{ matrix.arch }}-unknown-linux-musl rust targets
run: |
rustup update --no-self-update stable rustup update --no-self-update stable
rustup default stable rustup default stable
rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl
- run: ./hack/ci/install-linux-deps.sh - name: install linux dependencies
- run: ./hack/dist/bundle.sh run: ./hack/ci/install-linux-deps.sh
- run: "./hack/ci/assemble-release-assets.sh bundle-systemd ${{ github.event.release.tag_name }} ${{ matrix.arch }} target/dist/bundle-systemd-${{ matrix.arch }}.tgz" - name: build systemd bundle
- run: ./hack/dist/deb.sh run: ./hack/dist/bundle.sh
- run: "./hack/ci/assemble-release-assets.sh debian ${{ github.event.release.tag_name }} ${{ matrix.arch }} target/dist/*.deb" - name: assemble systemd bundle
- run: ./hack/dist/apk.sh run: "./hack/ci/assemble-release-assets.sh bundle-systemd ${{ github.event.release.tag_name }} ${{ matrix.arch }} target/dist/bundle-systemd-${{ matrix.arch }}.tgz"
- run: "./hack/ci/assemble-release-assets.sh alpine ${{ github.event.release.tag_name }} ${{ matrix.arch }} target/dist/*_${{ matrix.arch }}.apk" - name: build deb package
- run: "./hack/ci/upload-release-assets.sh ${{ github.event.release.tag_name }}" run: ./hack/dist/deb.sh
- name: assemble deb package
run: "./hack/ci/assemble-release-assets.sh debian ${{ github.event.release.tag_name }} ${{ matrix.arch }} target/dist/*.deb"
- name: build apk package
run: ./hack/dist/apk.sh
- name: assemble apk package
run: "./hack/ci/assemble-release-assets.sh alpine ${{ github.event.release.tag_name }} ${{ matrix.arch }} target/dist/*_${{ matrix.arch }}.apk"
- name: upload release artifacts
run: "./hack/ci/upload-release-assets.sh ${{ github.event.release.tag_name }}"
env: env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
client: kratactl:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -60,7 +71,7 @@ jobs:
TARGET_OS: "${{ matrix.platform.os }}" TARGET_OS: "${{ matrix.platform.os }}"
TARGET_ARCH: "${{ matrix.platform.arch }}" TARGET_ARCH: "${{ matrix.platform.arch }}"
runs-on: "${{ matrix.platform.on }}" runs-on: "${{ matrix.platform.on }}"
name: release-binaries client ${{ matrix.platform.os }}-${{ matrix.platform.arch }} name: release-assets kratactl ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
defaults: defaults:
run: run:
shell: bash shell: bash
@ -68,26 +79,36 @@ jobs:
permissions: permissions:
contents: write contents: write
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- run: | - name: install stable rust toolchain
run: |
rustup update --no-self-update stable rustup update --no-self-update stable
rustup default stable rustup default stable
- run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin" - name: install ${{ matrix.platform.arch }}-apple-darwin rust target
run: "rustup target add --toolchain stable ${{ matrix.platform.arch }}-apple-darwin"
if: ${{ matrix.platform.os == 'darwin' }} if: ${{ matrix.platform.os == 'darwin' }}
- uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master - name: setup homebrew
uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master
if: ${{ matrix.platform.os == 'darwin' }} if: ${{ matrix.platform.os == 'darwin' }}
- run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh - name: install ${{ matrix.platform.deps }} dependencies
- run: ./hack/build/cargo.sh build --release --bin kratactl run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh
- run: "./hack/ci/assemble-release-assets.sh kratactl ${{ github.event.release.tag_name }} ${{ matrix.platform.os }}-${{ matrix.platform.arch }} target/*/release/kratactl" - name: cargo build kratactl
run: ./hack/build/cargo.sh build --release --bin kratactl
- name: assemble kratactl executable
run: "./hack/ci/assemble-release-assets.sh kratactl ${{ github.event.release.tag_name }} ${{ matrix.platform.os }}-${{ matrix.platform.arch }} target/*/release/kratactl"
if: ${{ matrix.platform.os != 'windows' }} if: ${{ matrix.platform.os != 'windows' }}
- run: "./hack/ci/assemble-release-assets.sh kratactl ${{ github.event.release.tag_name }} ${{ matrix.platform.os }}-${{ matrix.platform.arch }} target/*/release/kratactl.exe" - name: assemble kratactl executable
run: "./hack/ci/assemble-release-assets.sh kratactl ${{ github.event.release.tag_name }} ${{ matrix.platform.os }}-${{ matrix.platform.arch }} target/*/release/kratactl.exe"
if: ${{ matrix.platform.os == 'windows' }} if: ${{ matrix.platform.os == 'windows' }}
- run: "./hack/ci/upload-release-assets.sh ${{ github.event.release.tag_name }}" - name: upload release artifacts
run: "./hack/ci/upload-release-assets.sh ${{ github.event.release.tag_name }}"
env: env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
oci: oci:
@ -100,36 +121,44 @@ jobs:
- kratad - kratad
- kratanet - kratanet
- krata-guest-init - krata-guest-init
name: "release-binaries oci ${{ matrix.component }}" name: release-assets oci ${{ matrix.component }}
permissions: permissions:
contents: write contents: write
packages: write packages: write
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - name: install cosign
- uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - name: setup docker buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: login to container registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with: with:
registry: ghcr.io registry: ghcr.io
username: "${{ github.actor }}" username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}" password: "${{ secrets.GITHUB_TOKEN }}"
- id: version - name: capture krata version
id: version
run: | run: |
echo "KRATA_VERSION=$(./hack/dist/version.sh)" >> "${GITHUB_OUTPUT}" echo "KRATA_VERSION=$(./hack/dist/version.sh)" >> "${GITHUB_OUTPUT}"
- uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 - name: docker build and push ${{ matrix.component }}
uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0
id: push id: push
with: with:
file: ./images/Dockerfile.${{ matrix.component }} file: ./images/Dockerfile.${{ matrix.component }}
platforms: linux/amd64,linux/aarch64 platforms: linux/amd64,linux/aarch64
tags: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}" tags: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}"
push: true push: true
- env: - name: cosign sign ${{ matrix.component }}
run: cosign sign --yes "${TAGS}@${DIGEST}"
env:
DIGEST: "${{ steps.push.outputs.digest }}" DIGEST: "${{ steps.push.outputs.digest }}"
TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}" TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}"
COSIGN_EXPERIMENTAL: "true" COSIGN_EXPERIMENTAL: "true"
run: cosign sign --yes "${TAGS}@${DIGEST}"

15
.github/workflows/release-plz.yml vendored
View File

@ -14,23 +14,28 @@ jobs:
pull-requests: write pull-requests: write
contents: write contents: write
steps: steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 - name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with: with:
egress-policy: audit egress-policy: audit
- uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 - name: generate cultivator token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
id: generate-token id: generate-token
with: with:
app-id: "${{ secrets.EDERA_CULTIVATION_APP_ID }}" app-id: "${{ secrets.EDERA_CULTIVATION_APP_ID }}"
private-key: "${{ secrets.EDERA_CULTIVATION_APP_PRIVATE_KEY }}" private-key: "${{ secrets.EDERA_CULTIVATION_APP_PRIVATE_KEY }}"
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with: with:
submodules: recursive submodules: recursive
fetch-depth: 0 fetch-depth: 0
token: "${{ steps.generate-token.outputs.token }}" token: "${{ steps.generate-token.outputs.token }}"
- run: | - name: install stable rust toolchain
run: |
rustup update --no-self-update stable rustup update --no-self-update stable
rustup default stable rustup default stable
- run: ./hack/ci/install-linux-deps.sh - name: install linux dependencies
run: ./hack/ci/install-linux-deps.sh
- name: release-plz - name: release-plz
uses: MarcoIeni/release-plz-action@86afd21a7b114234aab55ba0005eed52f77d89e4 # v0.5.62 uses: MarcoIeni/release-plz-action@86afd21a7b114234aab55ba0005eed52f77d89e4 # v0.5.62
env: env:

100
.github/workflows/server.yml vendored
View File

@ -1,100 +0,0 @@
name: server
on:
pull_request:
branches:
- main
merge_group:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: server build ${{ matrix.arch }}
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- run: |
rustup update --no-self-update stable
rustup default stable
- run: ./hack/ci/install-linux-deps.sh
- run: ./hack/build/cargo.sh build
test:
runs-on: ubuntu-latest
strategy:
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: server test ${{ matrix.arch }}
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- run: |
rustup update --no-self-update stable
rustup default stable
- run: ./hack/ci/install-linux-deps.sh
- run: ./hack/build/cargo.sh test
clippy:
runs-on: ubuntu-latest
strategy:
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: server clippy ${{ matrix.arch }}
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- run: |
rustup update --no-self-update stable
rustup default stable
rustup component add clippy
- run: ./hack/ci/install-linux-deps.sh
- run: ./hack/build/cargo.sh clippy
initrd:
runs-on: ubuntu-latest
strategy:
matrix:
arch:
- x86_64
- aarch64
env:
TARGET_ARCH: "${{ matrix.arch }}"
name: server initrd ${{ matrix.arch }}
steps:
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- run: |
rustup update --no-self-update stable
rustup default stable
rustup target add ${{ matrix.arch }}-unknown-linux-gnu ${{ matrix.arch }}-unknown-linux-musl
- run: ./hack/ci/install-linux-deps.sh
- run: ./hack/initrd/build.sh