Merge pull request #1642 from fibonacci1729/add-wit-bindgen-dep-back #732
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*" | |
| jobs: | |
| build-and-sign: | |
| name: build and sign release assets | |
| runs-on: ${{ matrix.config.os }} | |
| permissions: | |
| # cosign uses the GitHub OIDC token | |
| id-token: write | |
| # needed to upload artifacts to a GH release | |
| contents: write | |
| strategy: | |
| matrix: | |
| config: | |
| - { | |
| os: "ubuntu-20.04", | |
| arch: "amd64", | |
| extension: "", | |
| # Ubuntu 22.04 no longer ships libssl1.1, so we statically | |
| # link it here to preserve release binary compatibility. | |
| extraArgs: "--features openssl/vendored", | |
| target: "", | |
| targetDir: "target/release", | |
| } | |
| - { | |
| os: "ubuntu-latest", | |
| arch: "aarch64", | |
| extension: "", | |
| extraArgs: "--features openssl/vendored --target aarch64-unknown-linux-gnu", | |
| target: "aarch64-unknown-linux-gnu", | |
| targetDir: "target/aarch64-unknown-linux-gnu/release", | |
| } | |
| - { | |
| os: "macos-latest", | |
| arch: "amd64", | |
| extension: "", | |
| extraArgs: "", | |
| target: "", | |
| targetDir: "target/release", | |
| } | |
| - { | |
| os: "macos-latest", | |
| arch: "aarch64", | |
| extension: "", | |
| extraArgs: "--target aarch64-apple-darwin", | |
| target: "aarch64-apple-darwin", | |
| targetDir: "target/aarch64-apple-darwin/release/", | |
| } | |
| - { | |
| os: "windows-latest", | |
| arch: "amd64", | |
| extension: ".exe", | |
| extraArgs: "", | |
| target: "", | |
| targetDir: "target/release", | |
| } | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: set the release version (tag) | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| shell: bash | |
| run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| - name: set the release version (main) | |
| if: github.ref == 'refs/heads/main' | |
| shell: bash | |
| run: echo "RELEASE_VERSION=canary" >> $GITHUB_ENV | |
| - name: lowercase the runner OS name | |
| shell: bash | |
| run: | | |
| OS=$(echo "${{ runner.os }}" | tr '[:upper:]' '[:lower:]') | |
| echo "RUNNER_OS=$OS" >> $GITHUB_ENV | |
| - name: Install Cosign for signing Spin binary | |
| uses: sigstore/cosign-installer@v3.0.1 | |
| with: | |
| cosign-release: v2.0.0 | |
| - name: Install Rust toolchain | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: 1.68 | |
| default: true | |
| target: ${{ matrix.config.target }} | |
| - name: "Install Wasm Rust target" | |
| run: rustup target add wasm32-wasi --toolchain 1.68 && rustup target add wasm32-unknown-unknown --toolchain 1.68 | |
| - name: setup for cross-compiled linux aarch64 build | |
| if: matrix.config.target == 'aarch64-unknown-linux-gnu' | |
| run: | | |
| sudo apt update | |
| sudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu | |
| echo '[target.aarch64-unknown-linux-gnu]' >> ${HOME}/.cargo/config.toml | |
| echo 'linker = "aarch64-linux-gnu-gcc"' >> ${HOME}/.cargo/config.toml | |
| - name: build release | |
| uses: actions-rs/cargo@v1 | |
| with: | |
| command: build | |
| args: "--all-features --release ${{ matrix.config.extraArgs }}" | |
| - name: Sign the binary with GitHub OIDC token | |
| shell: bash | |
| run: | | |
| cosign sign-blob \ | |
| --yes \ | |
| --output-certificate crt.pem \ | |
| --output-signature spin.sig \ | |
| ${{ matrix.config.targetDir }}/spin${{ matrix.config.extension }} | |
| - name: package release assets | |
| if: runner.os != 'Windows' | |
| shell: bash | |
| run: | | |
| mkdir _dist | |
| cp crt.pem spin.sig README.md LICENSE ${{ matrix.config.targetDir }}/spin${{ matrix.config.extension }} _dist/ | |
| cd _dist | |
| tar czf \ | |
| spin-${{ env.RELEASE_VERSION }}-${{ env.RUNNER_OS }}-${{ matrix.config.arch }}.tar.gz \ | |
| crt.pem spin.sig README.md LICENSE spin${{ matrix.config.extension }} | |
| - name: package release assets | |
| if: runner.os == 'Windows' | |
| shell: bash | |
| run: | | |
| mkdir _dist | |
| cp crt.pem spin.sig README.md LICENSE ${{ matrix.config.targetDir }}/spin${{ matrix.config.extension }} _dist/ | |
| cd _dist | |
| 7z a -tzip \ | |
| spin-${{ env.RELEASE_VERSION }}-${{ env.RUNNER_OS }}-${{ matrix.config.arch }}.zip \ | |
| crt.pem spin.sig README.md LICENSE spin${{ matrix.config.extension }} | |
| - name: upload binary as GitHub artifact | |
| if: runner.os != 'Windows' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: spin | |
| path: _dist/spin-${{ env.RELEASE_VERSION }}-${{ env.RUNNER_OS }}-${{ matrix.config.arch }}.tar.gz | |
| - name: upload binary to Github release | |
| if: startsWith(github.ref, 'refs/tags/v') && runner.os != 'Windows' | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: _dist/spin-${{ env.RELEASE_VERSION }}-${{ env.RUNNER_OS }}-${{ matrix.config.arch }}.tar.gz | |
| tag: ${{ github.ref }} | |
| - name: upload binary as GitHub artifact | |
| if: runner.os == 'Windows' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: spin | |
| path: _dist/spin-${{ env.RELEASE_VERSION }}-${{ env.RUNNER_OS }}-${{ matrix.config.arch }}.zip | |
| - name: upload binary to Github release | |
| if: startsWith(github.ref, 'refs/tags/v') && runner.os == 'Windows' | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: _dist/spin-${{ env.RELEASE_VERSION }}-${{ env.RUNNER_OS }}-${{ matrix.config.arch }}.zip | |
| tag: ${{ github.ref }} | |
| checksums: | |
| name: generate release checksums | |
| runs-on: ubuntu-latest | |
| needs: build-and-sign | |
| steps: | |
| - name: set the release version (tag) | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| shell: bash | |
| run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| - name: set the release version (main) | |
| if: github.ref == 'refs/heads/main' | |
| shell: bash | |
| run: echo "RELEASE_VERSION=canary" >> $GITHUB_ENV | |
| - name: download release assets | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: spin | |
| - name: generate checksums | |
| run: sha256sum * > checksums-${{ env.RELEASE_VERSION }}.txt | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: spin | |
| path: checksums-${{ env.RELEASE_VERSION }}.txt | |
| - name: upload checksums to Github release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: checksums-${{ env.RELEASE_VERSION }}.txt | |
| tag: ${{ github.ref }} | |
| update-canary: | |
| name: update canary release | |
| runs-on: ubuntu-latest | |
| needs: checksums | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Download release assets | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: spin | |
| - name: Delete canary tag | |
| uses: dev-drprasad/delete-tag-and-release@v0.2.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: canary | |
| delete_release: true | |
| - name: Recreate canary tag and release | |
| uses: rajatjindal/release-action@v0.0.1 | |
| with: | |
| tag: canary | |
| allowUpdates: true | |
| prerelease: true | |
| artifacts: "checksums-canary.txt,spin-canary*" | |
| commit: ${{ github.sha }} | |
| body: | | |
| This is a "canary" release of the most recent commits on our main branch. Canary is **not stable**. | |
| It is only intended for developers wishing to try out the latest features in Spin, some of which may not be fully implemented. | |
| create-go-sdk-tag: | |
| name: create tag sdk/go/v* | |
| runs-on: ubuntu-latest | |
| needs: build-and-sign | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set the tag to sdk/go/v* | |
| shell: bash | |
| run: echo "GO_SDK_TAG=sdk/go/${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| - name: Tag sdk/go/v* and push it | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git tag ${{ env.GO_SDK_TAG }} | |
| git push origin ${{ env.GO_SDK_TAG }} | |
| create-template-sdk-update-pr: | |
| name: Create PR with template SDK updates | |
| runs-on: ubuntu-latest | |
| needs: create-go-sdk-tag | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set the spin tag | |
| shell: bash | |
| run: echo "SPIN_TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| - name: Change sdk version | |
| shell: bash | |
| run: | | |
| cd templates | |
| SDK_VERSION=${{ env.SPIN_TAG }} make | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v5 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v4 | |
| with: | |
| commit-message: "feat(templates): update sdk to ${{ env.SPIN_TAG }}" | |
| title: "feat(templates): update sdk to ${{ env.SPIN_TAG }}" | |
| body: Update the SDK version used by the templates | |
| branch: update-sdk-${{ env.SPIN_TAG }} | |
| base: main | |
| delete-branch: true | |
| committer: fermybot <103076628+fermybot@users.noreply.github.com> | |
| author: fermybot <103076628+fermybot@users.noreply.github.com> | |
| signoff: true | |
| # This will run when the PR above is approved and merged into main via a merge commit | |
| push-templates-tag: | |
| runs-on: ubuntu-latest | |
| needs: build-and-sign | |
| if: github.event.commits[0].author.name == 'fermybot' && contains(github.event.commits[0].message, 'update sdk') | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set the tag to spin/templates/v* | |
| shell: bash | |
| run: | | |
| spin_tag=$(echo "${{ github.event.commits[0].message }}" | grep -Eo v[0-9.]+) | |
| IFS=. read -r major minor patch <<< "${spin_tag}" | |
| echo "TEMPLATE_TAG=spin/templates/$major.$minor" >> $GITHUB_ENV | |
| - name: Tag spin/templates/v* and push it | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git tag ${{ env.TEMPLATE_TAG }} -f | |
| git push origin ${{ env.TEMPLATE_TAG }} -f |