Skip to content

build

build #91

Workflow file for this run

name: build
run-name: build
on:
push:
branches: ["*"]
tags:
- "*"
env:
FLUTTER_ROOT: dummy
DART_VERSION: 3.5.2
permissions:
id-token: write
contents: read
attestations: write
packages: write
jobs:
dart-set-image:
runs-on: ubuntu-latest
outputs:
dart_image: ${{ steps.vars.outputs.dart_image }}
steps:
- id: vars
run: echo "dart_image=dart:${DART_VERSION}" >> $GITHUB_OUTPUT
tiecd-build-amd64:
runs-on: ubuntu-latest
needs: dart-set-image
container:
image: ${{ needs.dart-set-image.outputs.dart_image }}
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Dart code gen
run: |
dart pub get
mkdir -p dist/bin
dart pub run flutter_oss_licenses:generate.dart -o dist/oss_licenses.json --json
dart run build_runner build
- name: Dart executable build
run: dart compile exe bin/tiecd.dart -o dist/bin/tiecd
- name: Tar artifacts
run: |
mkdir upload
tar -cvzf upload/tiecd-amd64.tgz dist
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts-amd64
path: upload
retention-days: 1
tiecd-embedded-tests:
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Setup tools
run: |
wget -q https://storage.googleapis.com/dart-archive/channels/stable/release/$DART_VERSION/sdk/dartsdk-linux-x64-release.zip -O dart.zip
unzip dart.zip
export PATH=`pwd`/dart-sdk/bin:$PATH
rm dart.zip
dart --disable-analytics
sudo apt-get install -yq --no-install-recommends skopeo
sudo wget -q https://github.com/carvel-dev/ytt/releases/download/v0.48.0/ytt-linux-amd64 -O /usr/bin/ytt
sudo chmod +x /usr/bin/ytt
- uses: balchua/microk8s-actions@v0.4.3
with:
channel: "1.29/stable"
addons: '["dns", "hostpath-storage", "registry"]'
- name: MicroK8s Info
run: |
kubectl get no
kubectl get pods -A -o wide
- name: Run Tests
run: |
PATH=`pwd`/dart-sdk/bin:$PATH
dart run build_runner build
dart test test
tiecd-build-arm64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- run: |
docker buildx build -t tiecd/tiecdtarball -f Dockerfile.arm64 --build-arg DART_VERSION=$DART_VERSION --platform linux/arm64 -o type=tar,dest=bins.tar .
- name: Exctract artifacts for upload
run: |
mkdir upload
tar -xvf bins.tar -C upload
- uses: actions/upload-artifact@v4
with:
name: build-artifacts-arm64
path: upload
retention-days: 1
# single arch images (amd64) using cekit fully
image-build-single-arch:
runs-on: ubuntu-latest
needs: [tiecd-build-amd64,tiecd-embedded-tests]
strategy:
fail-fast: false
matrix:
image: [
"jdk11","jdk17","jdk21","vercel"
]
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: build-artifacts-*
merge-multiple: true
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/tiecd/${{ matrix.image }}
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=pr
type=pep440,pattern={{version}}
type=pep440,pattern={{major}}.{{minor}}
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Install CEKit
uses: cekit/actions-setup-cekit@v1.1.5
- name: Save Tags
run: echo -e "${{ steps.meta.outputs.tags }}" >> tags.txt
- name: Save Labels
run: echo -e "${{ steps.meta.outputs.labels }}" >> labels.txt
- name: Build ${{ matrix.image }} Image
run: scripts/build-image.sh ${{ matrix.image }}
# multi arch builds, uses cekit to generate dockerfile, then buildx for actual build
# as cekit doesn't currently support buildx
image-build-multi-arch:
runs-on: ubuntu-latest
needs: [tiecd-build-amd64,tiecd-build-arm64,tiecd-embedded-tests]
strategy:
fail-fast: false
matrix:
image: [
"jdk8","base","k8s","okd","gke","eks","aks","node18","node20"
]
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: build-artifacts-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install CEKit
uses: cekit/actions-setup-cekit@v1.1.5
- name: Generate Dockerfile for ${{ matrix.image }} image
run: scripts/generate-build.sh ${{ matrix.image }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/tiecd/${{ matrix.image }}
labels: |
org.opencontainers.image.vendor=Dataaxiom Inc
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=pr
type=pep440,pattern={{version}}
type=pep440,pattern={{major}}.{{minor}}
- name: Save Tags
run: echo "${{ steps.meta.outputs.tags }}" >> tags.txt
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker images
id: docker-build
uses: docker/build-push-action@v5
with:
context: target/image
push: true
platforms: linux/arm64,linux/amd64
provenance: true
sbom: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.labels }}
- name: Retag ${{ matrix.image }} Image
run: scripts/retag-image.sh ${{ matrix.image }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository_owner }}/tiecd/${{ matrix.image }}
subject-digest: ${{ steps.docker-build.outputs.digest }}
push-to-registry: true
# cleans up untagged images, keeps all versioned images and main, and 3 rc images
cleanup-images:
name: cleanup-images
runs-on: ubuntu-latest
concurrency:
group: cleanup-images
needs: [image-build-single-arch,image-build-multi-arch]
steps:
- uses: dataaxiom/ghcr-cleanup-action@v1.0.11
with:
packages: "tiecd/jdk8,tiecd/jdk11,tiecd/jdk17,tiecd/jdk21,tiecd/vercel,tiecd/base,tiecd/k8s,tiecd/okd,tiecd/gke,tiecd/eks,tiecd/aks,tiecd/node18,tiecd/node20"
delete-untagged: true
keep-n-tagged: 3
exclude-tags: "^\\d+\\.\\d+\\.\\d+$|^latest$|^main$"
use-regex: true
token: ${{ secrets.GITHUB_TOKEN }}