Skip to content

ci(deps): bump renovate docker tag to v38.42.0 #3434

ci(deps): bump renovate docker tag to v38.42.0

ci(deps): bump renovate docker tag to v38.42.0 #3434

Workflow file for this run

name: build
on:
push:
branches: ["**"]
tags: [v*.*.*]
pull_request:
workflow_call:
inputs:
tag-name:
required: true
type: string
outputs:
image_tags:
value: ${{ jobs.docker.outputs.image_tags }}
image_url:
value: https://ghcr.io/${{ github.repository }}
env:
IMAGE_REGISTRY: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository_owner }}
IMAGE_NAME: ${{ github.event.repository.name }}
# renovate: datasource=github-releases depName=docker/buildx
BUILDX_VERSION: v0.16.2
jobs:
env:
# release-please によるコミットの時は workflow_call でのみ実行する
if: ${{ !( github.workflow == 'build' && startsWith(github.event.head_commit.message, 'release:') && github.event.head_commit.author.name == 'github-actions[bot]' ) }}
runs-on: ubuntu-latest
outputs:
BINARY_NAME: ${{ steps.meta.outputs.BINARY_NAME }}
IMAGE_NAMESPACE: ${{ steps.lowercase.outputs.IMAGE_NAMESPACE }}
PUSH: ${{ github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: meta
run: |
echo "BINARY_NAME=$(cargo metadata --offline --no-deps --format-version=1 | jq -r '.packages[].name')" >> $GITHUB_OUTPUT
- id: lowercase
run: |
image_namespace='${{ env.IMAGE_NAMESPACE }}'
echo "IMAGE_NAMESPACE=${image_namespace@L}" >> $GITHUB_OUTPUT
meta:
needs: [env]
runs-on: ubuntu-latest
outputs:
version: ${{ steps.meta.outputs.version}}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
json: ${{ steps.meta.outputs.json }}
steps:
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},value=${{ inputs.tag-name }}
type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }}
type=semver,pattern={{major}},value=${{ inputs.tag-name }}
type=edge
type=ref,event=branch
build:
needs: [env]
permissions:
contents: write
packages: write
strategy:
fail-fast: false
matrix:
include:
- target: aarch64-unknown-linux-gnu
use-cross: true
- arch: arm64
target: aarch64-unknown-linux-musl
use-cross: true
- target: x86_64-unknown-linux-gnu
use-cross: false
- arch: amd64
target: x86_64-unknown-linux-musl
use-cross: false
# - os: macos-latest
# target: aarch64-apple-darwin
# - os: macos-latest
# target: x86_64-apple-darwin
# - os: windows-latest
# target: x86_64-pc-windows-msvc
# - os: windows-latest
# target: x86_64-pc-windows-gnu
runs-on: ${{ matrix.os || 'ubuntu-latest'}}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
defaults:
run:
shell: bash -xe {0}
steps:
- name: Install musl tools
if: matrix.target == 'x86_64-unknown-linux-musl'
run: |
sudo apt-get install -y musl-tools --no-install-recommends
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
target: ${{ matrix.target }}
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
with:
key: ${{ matrix.target }}
- name: Install cross
if: ${{ !matrix.os && matrix.use-cross }}
uses: taiki-e/install-action@37129d5de13e9122cce55a7a5e7e49981cef514c # v2.42.26
with:
tool: cross
- run: mkdir dist
- run: ${{ (!matrix.os && matrix.use-cross) && 'cross' || 'cargo' }} rustc --locked --release --target=${{ matrix.target }} -- --emit=link=dist/${{ needs.env.outputs.BINARY_NAME }}
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: ${{ matrix.target }}
path: |
dist/${{ needs.env.outputs.BINARY_NAME }}
dist/${{ needs.env.outputs.BINARY_NAME }}.exe
- id: build_image
if: ${{ fromJson(needs.env.outputs.PUSH) && matrix.arch }}
name: Build Image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
archs: ${{ matrix.arch }}
base-image: scratch
image: ${{ env.IMAGE_NAME }}
tags: tmp
content: |
dist/${{ needs.env.outputs.BINARY_NAME }}
entrypoint: ./${{ needs.env.outputs.BINARY_NAME }}
oci: true
- id: push
if: ${{ steps.build_image.conclusion == 'success' }}
name: Push To GHCR
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- id: export-digest
if: ${{ steps.push.conclusion == 'success' }}
name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.push.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- if: ${{ steps.export-digest.conclusion == 'success' }}
name: Upload digest
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: digests-${{ matrix.target }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
- name: Upload to release
if: ${{ inputs.tag-name }}
working-directory: dist/
run: |
if [ -e ${{ needs.env.outputs.BINARY_NAME }}.exe ]; then
filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}.exe"
mv ${{ needs.env.outputs.BINARY_NAME }}.exe "$filename"
gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber
else
filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}"
mv ${{ needs.env.outputs.BINARY_NAME }} "$filename"
gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber
fi
merge:
permissions:
packages: write
needs: [env, meta, build]
if: ${{ fromJson(needs.env.outputs.PUSH) }}
runs-on: ubuntu-latest
steps:
- name: Download digests
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests
env:
DOCKER_METADATA_OUTPUT_JSON: ${{ needs.meta.outputs.json }}
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ needs.meta.outputs.version }}