upload signatures right next to binaries (#223) #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docker | |
on: | |
push: | |
branches: | |
- unstable | |
- stable | |
tags: | |
- v* | |
env: | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
IMAGE_NAME: ${{ secrets.DOCKER_USERNAME }}/siren | |
jobs: | |
# Extract the VERSION which is either `latest` or `vX.Y.Z`, and the VERSION_SUFFIX | |
# which is either empty or `-unstable`. | |
# | |
# It would be nice if the arch didn't get spliced into the version between `latest` and | |
# `unstable`, but for now we keep the two parts of the version separate for backwards | |
# compatibility. | |
extract-version: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Extract version (if stable) | |
if: github.event.ref == 'refs/heads/stable' | |
run: | | |
echo "VERSION=latest" >> $GITHUB_ENV | |
echo "VERSION_SUFFIX=" >> $GITHUB_ENV | |
- name: Extract version (if unstable) | |
if: github.event.ref == 'refs/heads/unstable' | |
run: | | |
echo "VERSION=latest" >> $GITHUB_ENV | |
echo "VERSION_SUFFIX=-unstable" >> $GITHUB_ENV | |
- name: Extract version (if tagged release) | |
if: startsWith(github.event.ref, 'refs/tags') | |
run: | | |
echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_ENV | |
echo "VERSION_SUFFIX=" >> $GITHUB_ENV | |
outputs: | |
VERSION: ${{ env.VERSION }} | |
VERSION_SUFFIX: ${{ env.VERSION_SUFFIX }} | |
build-html: | |
name: build html | |
runs-on: ubuntu-22.04 | |
needs: [extract-version] | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v3 | |
- name: Use node 18 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
cache: 'yarn' | |
- name: Install dependencies | |
env: | |
NODE_ENV: development | |
run: | | |
yarn | |
- name: Build Siren | |
env: | |
NODE_ENV: production | |
run: yarn build | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: html | |
path: build/ | |
build-docker-single-arch: | |
name: build-docker-${{ matrix.binary }} | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
binary: [aarch64, x86_64] | |
needs: [extract-version, build-html] | |
env: | |
# We need to enable experimental docker features in order to use `docker buildx` | |
DOCKER_CLI_EXPERIMENTAL: enabled | |
VERSION: ${{ needs.extract-version.outputs.VERSION }} | |
VERSION_SUFFIX: ${{ needs.extract-version.outputs.VERSION_SUFFIX }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-qemu-action@v2 | |
- name: Dockerhub login | |
run: | | |
echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin | |
- name: Map aarch64 to arm64 short arch | |
if: startsWith(matrix.binary, 'aarch64') | |
run: echo "SHORT_ARCH=arm64" >> $GITHUB_ENV | |
- name: Map x86_64 to amd64 short arch | |
if: startsWith(matrix.binary, 'x86_64') | |
run: echo "SHORT_ARCH=amd64" >> $GITHUB_ENV; | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: html | |
path: html/ | |
- name: Build Dockerfile and push | |
run: | | |
docker buildx build \ | |
--platform=linux/${SHORT_ARCH} \ | |
--file ./Dockerfile.release . \ | |
--tag ${IMAGE_NAME}:${VERSION}-${SHORT_ARCH}${VERSION_SUFFIX} \ | |
--provenance=false \ | |
--push | |
build-docker-multiarch: | |
name: build-docker-multiarch | |
runs-on: ubuntu-22.04 | |
needs: [build-docker-single-arch, extract-version] | |
env: | |
# We need to enable experimental docker features in order to use `docker manifest` | |
DOCKER_CLI_EXPERIMENTAL: enabled | |
VERSION: ${{ needs.extract-version.outputs.VERSION }} | |
VERSION_SUFFIX: ${{ needs.extract-version.outputs.VERSION_SUFFIX }} | |
steps: | |
- name: Dockerhub login | |
run: | | |
echo "${DOCKER_PASSWORD}" | docker login --username ${DOCKER_USERNAME} --password-stdin | |
- name: Create and push multiarch manifest | |
run: | | |
docker manifest create ${IMAGE_NAME}:${VERSION}${VERSION_SUFFIX} \ | |
--amend ${IMAGE_NAME}:${VERSION}-arm64${VERSION_SUFFIX} \ | |
--amend ${IMAGE_NAME}:${VERSION}-amd64${VERSION_SUFFIX}; | |
docker manifest push ${IMAGE_NAME}:${VERSION}${VERSION_SUFFIX} | |