build(deps): bump cachix/install-nix-action from V28 to 29 #1039
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
tags: | |
- "v*.*.*" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
strategy: | |
matrix: | |
platform: | |
- host: ubuntu-latest | |
target: aarch64-unknown-linux-musl | |
test-bin: nix shell --inputs-from . 'nixpkgs#qemu' -c qemu-aarch64 ./result/bin/steward --help | |
test-oci: docker load < ./result | |
# TODO: Run the aarch64 binary within OCI | |
- host: ubuntu-latest | |
target: wasm32-wasi | |
test-bin: nix run --inputs-from . 'nixpkgs#wasmtime' ./result/bin/steward -- --help | |
test-oci: docker load < ./result | |
# TODO: Execute the WASM binary within OCI | |
- host: ubuntu-latest | |
target: x86_64-unknown-linux-musl | |
test-bin: ./result/bin/steward --help | |
test-oci: | | |
docker load < ./result | |
docker run --rm steward:$(nix eval --raw .#steward-x86_64-unknown-linux-musl-oci.imageTag) steward --help | |
runs-on: ${{ matrix.platform.host }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v29 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ github.token }} | |
- uses: cachix/cachix-action@v15 | |
with: | |
name: enarx | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- run: nix build -L --show-trace '.#steward-${{ matrix.platform.target }}' | |
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result/bin/steward "steward-${{ matrix.platform.target }}" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: steward-${{ matrix.platform.target }} | |
path: steward-${{ matrix.platform.target }} | |
- run: ${{ matrix.platform.test-bin }} | |
- run: nix build -L --show-trace '.#steward-${{ matrix.platform.target }}-oci' | |
- run: nix run --inputs-from . 'nixpkgs#coreutils' -- --coreutils-prog=ginstall -p ./result "steward-${{ matrix.platform.target }}-oci" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: steward-${{ matrix.platform.target }}-oci | |
path: steward-${{ matrix.platform.target }}-oci | |
- run: ${{ matrix.platform.test-oci }} | |
test: | |
needs: build | |
strategy: | |
matrix: | |
host: [ ubuntu-latest ] | |
runs-on: ${{ matrix.host }} | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-x86_64-unknown-linux-musl | |
- run: chmod +x ./steward-x86_64-unknown-linux-musl | |
- run: ./steward-x86_64-unknown-linux-musl --help | |
push_oci: | |
needs: build | |
permissions: | |
actions: read | |
packages: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-aarch64-unknown-linux-musl-oci | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-x86_64-unknown-linux-musl-oci | |
- run: skopeo copy docker-archive:./steward-aarch64-unknown-linux-musl-oci containers-storage:localhost/steward:aarch64 | |
- run: skopeo copy docker-archive:./steward-x86_64-unknown-linux-musl-oci containers-storage:localhost/steward:x86_64 | |
- run: podman image ls | |
- run: podman manifest create steward:manifest | |
- run: podman manifest add steward:manifest containers-storage:localhost/steward:aarch64 --arch=arm64 | |
- run: podman manifest add steward:manifest containers-storage:localhost/steward:x86_64 --arch=amd64 | |
- run: podman manifest inspect steward:manifest | |
- name: metadata | |
id: metadata | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/profianinc/steward | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
sep-tags: " " | |
- name: add tags | |
if: github.event_name == 'push' | |
run: podman tag steward:manifest ${{ steps.metadata.outputs.tags }} | |
- name: push to GitHub Packages | |
if: github.event_name == 'push' | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
tags: ${{ steps.metadata.outputs.tags }} | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
release: | |
needs: build | |
permissions: | |
contents: write | |
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-aarch64-unknown-linux-musl | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-aarch64-unknown-linux-musl-oci | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-wasm32-wasi | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-wasm32-wasi-oci | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-x86_64-unknown-linux-musl | |
- uses: actions/download-artifact@v4 | |
with: | |
name: steward-x86_64-unknown-linux-musl-oci | |
- uses: softprops/action-gh-release@v2 | |
with: | |
draft: true | |
prerelease: true | |
files: | | |
steward-aarch64-unknown-linux-musl | |
steward-aarch64-unknown-linux-musl-oci | |
steward-wasm32-wasi | |
steward-wasm32-wasi-oci | |
steward-x86_64-unknown-linux-musl | |
steward-x86_64-unknown-linux-musl-oci |