ci(deps): bump renovate docker tag to v38.42.0 (#902) #3437
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: ["**"] | |
tags: [v*.*.*] | |
pull_request: | |
workflow_call: | |
inputs: | |
tag-name: | |
required: true | |
type: string | |
outputs: | |
image_tags: | |
value: ${{ jobs.docker.outputs.image_tags }} | |
image_url: | |
value: https://ghcr.io/${{ github.repository }} | |
env: | |
IMAGE_REGISTRY: ghcr.io | |
IMAGE_NAMESPACE: ${{ github.repository_owner }} | |
IMAGE_NAME: ${{ github.event.repository.name }} | |
# renovate: datasource=github-releases depName=docker/buildx | |
BUILDX_VERSION: v0.16.2 | |
jobs: | |
env: | |
# release-please によるコミットの時は workflow_call でのみ実行する | |
if: ${{ !( github.workflow == 'build' && startsWith(github.event.head_commit.message, 'release:') && github.event.head_commit.author.name == 'github-actions[bot]' ) }} | |
runs-on: ubuntu-latest | |
outputs: | |
BINARY_NAME: ${{ steps.meta.outputs.BINARY_NAME }} | |
IMAGE_NAMESPACE: ${{ steps.lowercase.outputs.IMAGE_NAMESPACE }} | |
PUSH: ${{ github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch }} | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- id: meta | |
run: | | |
echo "BINARY_NAME=$(cargo metadata --offline --no-deps --format-version=1 | jq -r '.packages[].name')" >> $GITHUB_OUTPUT | |
- id: lowercase | |
run: | | |
image_namespace='${{ env.IMAGE_NAMESPACE }}' | |
echo "IMAGE_NAMESPACE=${image_namespace@L}" >> $GITHUB_OUTPUT | |
meta: | |
needs: [env] | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.meta.outputs.version}} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
json: ${{ steps.meta.outputs.json }} | |
steps: | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: ${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=semver,pattern={{version}},value=${{ inputs.tag-name }} | |
type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }} | |
type=semver,pattern={{major}},value=${{ inputs.tag-name }} | |
type=edge | |
type=ref,event=branch | |
build: | |
needs: [env] | |
permissions: | |
contents: write | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: aarch64-unknown-linux-gnu | |
use-cross: true | |
- arch: arm64 | |
target: aarch64-unknown-linux-musl | |
use-cross: true | |
- target: x86_64-unknown-linux-gnu | |
use-cross: false | |
- arch: amd64 | |
target: x86_64-unknown-linux-musl | |
use-cross: false | |
# - os: macos-latest | |
# target: aarch64-apple-darwin | |
# - os: macos-latest | |
# target: x86_64-apple-darwin | |
# - os: windows-latest | |
# target: x86_64-pc-windows-msvc | |
# - os: windows-latest | |
# target: x86_64-pc-windows-gnu | |
runs-on: ${{ matrix.os || 'ubuntu-latest'}} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
defaults: | |
run: | |
shell: bash -xe {0} | |
steps: | |
- name: Install musl tools | |
if: matrix.target == 'x86_64-unknown-linux-musl' | |
run: | | |
sudo apt-get install -y musl-tools --no-install-recommends | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: stable | |
target: ${{ matrix.target }} | |
- uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 | |
with: | |
key: ${{ matrix.target }} | |
- name: Install cross | |
if: ${{ !matrix.os && matrix.use-cross }} | |
uses: taiki-e/install-action@37129d5de13e9122cce55a7a5e7e49981cef514c # v2.42.26 | |
with: | |
tool: cross | |
- run: mkdir dist | |
- run: ${{ (!matrix.os && matrix.use-cross) && 'cross' || 'cargo' }} rustc --locked --release --target=${{ matrix.target }} -- --emit=link=dist/${{ needs.env.outputs.BINARY_NAME }} | |
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
with: | |
name: ${{ matrix.target }} | |
path: | | |
dist/${{ needs.env.outputs.BINARY_NAME }} | |
dist/${{ needs.env.outputs.BINARY_NAME }}.exe | |
- id: build_image | |
if: ${{ fromJson(needs.env.outputs.PUSH) && matrix.arch }} | |
name: Build Image | |
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13 | |
with: | |
archs: ${{ matrix.arch }} | |
base-image: scratch | |
image: ${{ env.IMAGE_NAME }} | |
tags: tmp | |
content: | | |
dist/${{ needs.env.outputs.BINARY_NAME }} | |
entrypoint: ./${{ needs.env.outputs.BINARY_NAME }} | |
oci: true | |
- id: push | |
if: ${{ steps.build_image.conclusion == 'success' }} | |
name: Push To GHCR | |
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- id: export-digest | |
if: ${{ steps.push.conclusion == 'success' }} | |
name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.push.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- if: ${{ steps.export-digest.conclusion == 'success' }} | |
name: Upload digest | |
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 | |
with: | |
name: digests-${{ matrix.target }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
- name: Upload to release | |
if: ${{ inputs.tag-name }} | |
working-directory: dist/ | |
run: | | |
if [ -e ${{ needs.env.outputs.BINARY_NAME }}.exe ]; then | |
filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}.exe" | |
mv ${{ needs.env.outputs.BINARY_NAME }}.exe "$filename" | |
gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber | |
else | |
filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}" | |
mv ${{ needs.env.outputs.BINARY_NAME }} "$filename" | |
gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber | |
fi | |
merge: | |
permissions: | |
packages: write | |
needs: [env, meta, build] | |
if: ${{ fromJson(needs.env.outputs.PUSH) }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download digests | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- name: Log in to the Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create manifest list and push | |
working-directory: /tmp/digests | |
env: | |
DOCKER_METADATA_OUTPUT_JSON: ${{ needs.meta.outputs.json }} | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.IMAGE_REGISTRY }}/${{ needs.env.outputs.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ needs.meta.outputs.version }} |