-
Notifications
You must be signed in to change notification settings - Fork 3
123 lines (104 loc) · 3.58 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: CD
on:
release:
types: [published]
workflow_dispatch:
inputs:
tag_name:
description: "The tag name to use"
required: true
type: string
env:
CARGO_TERM_COLOR: always
jobs:
build:
strategy:
matrix:
arch: [x86_64-unknown-linux-musl, aarch64-unknown-linux-musl]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: Swatinem/rust-cache@v2
with:
key: "${{ matrix.arch }}"
- uses: taiki-e/install-action@v2
with:
tool: cross
- name: Build
run: cross build --features vendor-openssl --release --target "${{ matrix.arch }}"
- uses: actions/upload-artifact@v3
with:
name: localauth0-${{ matrix.arch }}
path: |
./target/${{ matrix.arch }}/release/localauth0
build-web:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: rustup target add wasm32-unknown-unknown
- uses: Swatinem/rust-cache@v2
- uses: taiki-e/install-action@v2
with:
tool: trunk@0.17
- name: Build web
run: trunk build --release web/index.html
- uses: actions/upload-artifact@v3
with:
name: web
path: ./web/dist
release:
runs-on: ubuntu-latest
needs: [build, build-web]
permissions:
id-token: write
contents: read
steps:
- uses: actions/download-artifact@v3
- name: Create container
run: |-
set -x
for base in scratch alpine; do
manifest="localauth0-$base"
if [[ "$base" == "scratch" ]]; then
manifest="localauth0"
fi
buildah manifest create "$manifest"
for arch in amd64 arm64; do
rust_arch="$([ "$arch" = "arm64" ] && echo aarch64 || echo x86_64)-unknown-linux-musl"
localauth0_binary="./localauth0-$rust_arch/localauth0"
chmod +x "$localauth0_binary"
ctr="$(buildah from --arch $arch $base)"
buildah copy "$ctr" "$localauth0_binary" "/localauth0"
buildah copy "$ctr" ./web/ /web/dist
buildah config \
--env 'RUST_LOG=error,localauth0=info' \
--cmd '["/localauth0"]' \
--healthcheck 'CMD /localauth0 healthcheck' \
--healthcheck-interval 0.1s \
--healthcheck-timeout 2s \
--healthcheck-start-period 2s \
"$ctr"
buildah commit --manifest "$manifest" "$ctr"
done
done
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::193543784330:role/oidc-github-ecr-localauth0
aws-region: us-east-1
- name: Login to public ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: "true"
registry-type: public
- name: Push primaassicurazioni alpine
run: |-
buildah manifest push --all localauth0-alpine \
"docker://public.ecr.aws/primaassicurazioni/localauth0:${{ inputs.tag_name || github.event.release.tag_name }}-alpine"
buildah manifest push --all localauth0-alpine \
"docker://public.ecr.aws/primaassicurazioni/localauth0:alpine"
- name: Push primaassicurazioni
run: >-
buildah manifest push --all localauth0
"docker://public.ecr.aws/primaassicurazioni/localauth0:${{ inputs.tag_name || github.event.release.tag_name }}"