CD #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
inputs: | |
tag_name: | |
description: "The tag name to use" | |
required: true | |
type: string | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
build: | |
strategy: | |
matrix: | |
arch: [x86_64-unknown-linux-musl, aarch64-unknown-linux-musl] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: Swatinem/rust-cache@v2 | |
with: | |
key: "${{ matrix.arch }}" | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: cross | |
- name: Build | |
run: cross build --features vendor-openssl --release --target "${{ matrix.arch }}" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: localauth0-${{ matrix.arch }} | |
path: | | |
./target/${{ matrix.arch }}/release/localauth0 | |
build-web: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: rustup target add wasm32-unknown-unknown | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: trunk@0.17 | |
- name: Build web | |
run: trunk build --release web/index.html | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: web | |
path: ./web/dist | |
release: | |
runs-on: ubuntu-latest | |
needs: [build, build-web] | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/download-artifact@v4 | |
- name: Create container | |
run: |- | |
set -x | |
for base in scratch alpine; do | |
manifest="localauth0-$base" | |
if [[ "$base" == "scratch" ]]; then | |
manifest="localauth0" | |
fi | |
buildah manifest create "$manifest" | |
for arch in amd64 arm64; do | |
rust_arch="$([ "$arch" = "arm64" ] && echo aarch64 || echo x86_64)-unknown-linux-musl" | |
localauth0_binary="./localauth0-$rust_arch/localauth0" | |
chmod +x "$localauth0_binary" | |
ctr="$(buildah from --arch $arch $base)" | |
buildah copy "$ctr" "$localauth0_binary" "/localauth0" | |
buildah copy "$ctr" ./web/ /web/dist | |
buildah config \ | |
--env 'RUST_LOG=error,localauth0=info' \ | |
--cmd '["/localauth0"]' \ | |
--healthcheck 'CMD /localauth0 healthcheck' \ | |
--healthcheck-interval 0.1s \ | |
--healthcheck-timeout 2s \ | |
--healthcheck-start-period 2s \ | |
"$ctr" | |
buildah commit --manifest "$manifest" "$ctr" | |
done | |
done | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::193543784330:role/oidc-github-ecr-localauth0 | |
aws-region: us-east-1 | |
- name: Login to public ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: "true" | |
registry-type: public | |
- name: Push primaassicurazioni alpine | |
run: |- | |
buildah manifest push --all localauth0-alpine \ | |
"docker://public.ecr.aws/primaassicurazioni/localauth0:${{ inputs.tag_name || github.event.release.tag_name }}-alpine" | |
buildah manifest push --all localauth0-alpine \ | |
"docker://public.ecr.aws/primaassicurazioni/localauth0:alpine" | |
- name: Push primaassicurazioni | |
run: >- | |
buildah manifest push --all localauth0 | |
"docker://public.ecr.aws/primaassicurazioni/localauth0:${{ inputs.tag_name || github.event.release.tag_name }}" |