ci: Fix-up release pipeline #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Prepare release artifacts" | |
| on: | |
| push: | |
| tags: [ "v*" ] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| attestations: write | |
| jobs: | |
| artifact-builder: | |
| name: "Prepare release artifacts" | |
| if: github.ref_type == 'tag' | |
| runs-on: ubuntu-latest | |
| container: | |
| image: "alpine:edge" | |
| steps: | |
| - uses: actions/checkout@v1 # v2 does not work with containers | |
| - name: "Install build dependencies" | |
| run: | | |
| apk add --no-cache gcc go zstd | |
| - name: "Create and package build tree" | |
| run: | | |
| ./build.sh --builddir ~/package-output/ --static build | |
| ver=$(cat .version) | |
| if [ "v$ver" != "${{github.ref_name}}" ]; then echo ".version does not match the Git tag"; exit 1; fi | |
| mv ~/package-output/ ~/maddy-$ver-x86_64-linux-musl | |
| cd ~ | |
| tar c ./maddy-$ver-x86_64-linux-musl | zstd > ~/maddy-x86_64-linux-musl.tar.zst | |
| cd - | |
| - name: "Save source tree" | |
| run: | | |
| rm -rf .git | |
| ver=$(cat .version) | |
| cp -r . ~/maddy-$ver-src | |
| cd ~ | |
| tar c ./maddy-$ver-src | zstd > ~/maddy-src.tar.zst | |
| cd - | |
| - name: "Upload source tree" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: maddy-src.tar.zst | |
| path: '~/maddy-src.tar.zst' | |
| if-no-files-found: error | |
| - name: "Upload binary tree" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: maddy-binary.tar.zst | |
| path: '~/maddy-x86_64-linux-musl.tar.zst' | |
| if-no-files-found: error | |
| - name: "Generate artifact attestation" | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-path: '~/maddy-x86_64-linux-musl.tar.zst' | |
| docker-builder: | |
| name: "Build & push Docker image" | |
| if: github.ref_type == 'tag' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: "Set up QEMU" | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: arm64 | |
| - name: "Set up Docker Buildx" | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: "Login to Docker Hub" | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: "Login to GitHub Container Registry" | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: "ghcr.io" | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Generate container metadata" | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: | | |
| foxcpp/maddy | |
| ghcr.io/foxcpp/maddy | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| labels: | | |
| org.opencontainers.image.title=Maddy Mail Server | |
| org.opencontainers.image.documentation=https://maddy.email/docker/ | |
| org.opencontainers.image.url=https://maddy.email | |
| - name: "Build and push" | |
| uses: docker/build-push-action@v6 | |
| id: docker | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| file: Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: "Generate container attestation" | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ghcr.io/foxcpp/maddy | |
| subject-digest: ${{ steps.docker.outputs.digest }} | |
| push-to-registry: true | |