-
Notifications
You must be signed in to change notification settings - Fork 0
169 lines (150 loc) · 5.55 KB
/
publish-tag.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
name: Publish Tag
on:
push:
tags: ['*']
env:
IMAGE_NAME: ghcr.io/kingdonb/stats-tracker-ghcr
MANIFEST_NAME: ghcr.io/kingdonb/manifests/stats-tracker
BASE_TAG: base
GEMS_TAG: gems
GEM_CACHE_TAG: gem-cache
WABT_VERSION: 1.0.34
BINARYEN_VERSION: "117"
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout
uses: actions/checkout@v4
- name: Set up Rust
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
cache: false
toolchain: 1.72.1
target: wasm32-wasi
- name: Set up Rust cache
uses: Swatinem/rust-cache@v2
with:
workspaces: |
lib/stat
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.1.4'
bundler-cache: true
- name: Prepare
id: prep
run: |
TAGGED=${GITHUB_REF/refs\/tags\//}
CFGTAG=$(bundle exec rake app:version|awk '{print $3}')
if [[ "$TAGGED" != "$CFGTAG" ]]; then
echo "The config/version.yml does not match, double check the tag and try again."
exit 1
fi
echo BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') >> $GITHUB_OUTPUT
echo IMAGE_TAG=${CFGTAG} >> $GITHUB_OUTPUT
- name: Add local bin to path (wasm-strip, wasm-opt)
shell: bash
run: |
mkdir -p "${HOME}/.local/bin"
echo "${HOME}/.local/bin" >> $GITHUB_PATH
- name: Install wabt, binaryen
uses: kingdonb/setup-wabt@v1.0.6
with:
version: ${{ env.WABT_VERSION }}
version2: ${{ env.BINARYEN_VERSION }}
- name: Copy to path (wasm-strip, wasm-opt)
shell: bash
run: |
cp "${HOME}/.wabt_${{ env.WABT_VERSION }}/bin/wasm-strip" "${HOME}/.local/bin"
cp "${HOME}/.binaryen_${{ env.BINARYEN_VERSION }}/bin/wasm-opt" "${HOME}/.local/bin"
- name: Build Wasm
shell: bash
run: |
make -C lib stat.wasm
cp lib/stat.wasm "${HOME}/.local/bin"
# Copied from: https://github.com/orgs/community/discussions/25678
# https://github.com/apache/flink/blob/02d30ace69dc18555a5085eccf70ee884e73a16e/tools/azure-pipelines/free_disk_space.sh
# Fixes:
# https://github.com/kingdonb/stats-tracker-ghcr/actions/runs/8471469779
# (release System.IO.IOException: No space left on device)
# You are running out of disk space.
- name: Free disk space
shell: bash
run: |
echo "=============================================================================="
echo "Freeing up disk space on CI system"
echo "=============================================================================="
echo "Listing 100 largest packages"
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n | tail -n 100
df -h
echo "Removing large packages"
# sudo apt-get remove -y '^ghc-8.*'
sudo apt-get remove -y '^dotnet-.*'
sudo apt-get remove -y '^llvm-.*'
sudo apt-get remove -y 'php.*'
sudo apt-get remove -y azure-cli google-cloud-cli google-chrome-stable firefox powershell mono-devel
sudo apt-get autoremove -y
sudo apt-get clean
df -h
echo "Removing large directories"
# deleting 15GB
rm -rf /usr/share/dotnet/
df -h
- name: Build and push tag
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
sbom: true
provenance: true
push: true
builder: ${{ steps.buildx.outputs.name }}
tags: ${{ env.IMAGE_NAME }}:${{ steps.prep.outputs.IMAGE_TAG }}
target: deploy
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
CACHE_IMAGE=${{ env.IMAGE_NAME }}:${{ env.GEMS_TAG }}
- name: Upload Wasm binary to release
uses: svenstaro/upload-release-action@v2
with:
release_name: v${{ steps.prep.outputs.IMAGE_TAG }}
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: lib/stat.wasm
asset_name: stat.wasm
tag: ${{ github.ref }}
overwrite: true
body: ""
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Install flux
uses: fluxcd/flux2/action@main
- name: Publish Flux OCI artifact to GHCR
run: |
flux push artifact oci://$MANIFEST_NAME:${{ steps.prep.outputs.IMAGE_TAG }} \
--path="./deploy" \
--source="${{ github.event.repository.html_url }}" \
--revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
flux tag artifact oci://$MANIFEST_NAME:${{ steps.prep.outputs.IMAGE_TAG }} --tag latest
- name: Sign OCI artifacts
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign $IMAGE_NAME:${{ steps.prep.outputs.IMAGE_TAG }} --yes
cosign sign $MANIFEST_NAME:${{ steps.prep.outputs.IMAGE_TAG }} --yes