build #91
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
run-name: build | |
on: | |
push: | |
branches: ["*"] | |
tags: | |
- "*" | |
env: | |
FLUTTER_ROOT: dummy | |
DART_VERSION: 3.5.2 | |
permissions: | |
id-token: write | |
contents: read | |
attestations: write | |
packages: write | |
jobs: | |
dart-set-image: | |
runs-on: ubuntu-latest | |
outputs: | |
dart_image: ${{ steps.vars.outputs.dart_image }} | |
steps: | |
- id: vars | |
run: echo "dart_image=dart:${DART_VERSION}" >> $GITHUB_OUTPUT | |
tiecd-build-amd64: | |
runs-on: ubuntu-latest | |
needs: dart-set-image | |
container: | |
image: ${{ needs.dart-set-image.outputs.dart_image }} | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v4 | |
- name: Dart code gen | |
run: | | |
dart pub get | |
mkdir -p dist/bin | |
dart pub run flutter_oss_licenses:generate.dart -o dist/oss_licenses.json --json | |
dart run build_runner build | |
- name: Dart executable build | |
run: dart compile exe bin/tiecd.dart -o dist/bin/tiecd | |
- name: Tar artifacts | |
run: | | |
mkdir upload | |
tar -cvzf upload/tiecd-amd64.tgz dist | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-artifacts-amd64 | |
path: upload | |
retention-days: 1 | |
tiecd-embedded-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v4 | |
- name: Setup tools | |
run: | | |
wget -q https://storage.googleapis.com/dart-archive/channels/stable/release/$DART_VERSION/sdk/dartsdk-linux-x64-release.zip -O dart.zip | |
unzip dart.zip | |
export PATH=`pwd`/dart-sdk/bin:$PATH | |
rm dart.zip | |
dart --disable-analytics | |
sudo apt-get install -yq --no-install-recommends skopeo | |
sudo wget -q https://github.com/carvel-dev/ytt/releases/download/v0.48.0/ytt-linux-amd64 -O /usr/bin/ytt | |
sudo chmod +x /usr/bin/ytt | |
- uses: balchua/microk8s-actions@v0.4.3 | |
with: | |
channel: "1.29/stable" | |
addons: '["dns", "hostpath-storage", "registry"]' | |
- name: MicroK8s Info | |
run: | | |
kubectl get no | |
kubectl get pods -A -o wide | |
- name: Run Tests | |
run: | | |
PATH=`pwd`/dart-sdk/bin:$PATH | |
dart run build_runner build | |
dart test test | |
tiecd-build-arm64: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- run: | | |
docker buildx build -t tiecd/tiecdtarball -f Dockerfile.arm64 --build-arg DART_VERSION=$DART_VERSION --platform linux/arm64 -o type=tar,dest=bins.tar . | |
- name: Exctract artifacts for upload | |
run: | | |
mkdir upload | |
tar -xvf bins.tar -C upload | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: build-artifacts-arm64 | |
path: upload | |
retention-days: 1 | |
# single arch images (amd64) using cekit fully | |
image-build-single-arch: | |
runs-on: ubuntu-latest | |
needs: [tiecd-build-amd64,tiecd-embedded-tests] | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [ | |
"jdk11","jdk17","jdk21","vercel" | |
] | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: build-artifacts-* | |
merge-multiple: true | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/${{ github.repository_owner }}/tiecd/${{ matrix.image }} | |
flavor: | | |
latest=false | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install CEKit | |
uses: cekit/actions-setup-cekit@v1.1.5 | |
- name: Save Tags | |
run: echo -e "${{ steps.meta.outputs.tags }}" >> tags.txt | |
- name: Save Labels | |
run: echo -e "${{ steps.meta.outputs.labels }}" >> labels.txt | |
- name: Build ${{ matrix.image }} Image | |
run: scripts/build-image.sh ${{ matrix.image }} | |
# multi arch builds, uses cekit to generate dockerfile, then buildx for actual build | |
# as cekit doesn't currently support buildx | |
image-build-multi-arch: | |
runs-on: ubuntu-latest | |
needs: [tiecd-build-amd64,tiecd-build-arm64,tiecd-embedded-tests] | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [ | |
"jdk8","base","k8s","okd","gke","eks","aks","node18","node20" | |
] | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: build-artifacts-* | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Install CEKit | |
uses: cekit/actions-setup-cekit@v1.1.5 | |
- name: Generate Dockerfile for ${{ matrix.image }} image | |
run: scripts/generate-build.sh ${{ matrix.image }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/${{ github.repository_owner }}/tiecd/${{ matrix.image }} | |
labels: | | |
org.opencontainers.image.vendor=Dataaxiom Inc | |
flavor: | | |
latest=false | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=pep440,pattern={{version}} | |
type=pep440,pattern={{major}}.{{minor}} | |
- name: Save Tags | |
run: echo "${{ steps.meta.outputs.tags }}" >> tags.txt | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push Docker images | |
id: docker-build | |
uses: docker/build-push-action@v5 | |
with: | |
context: target/image | |
push: true | |
platforms: linux/arm64,linux/amd64 | |
provenance: true | |
sbom: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
annotations: ${{ steps.meta.outputs.labels }} | |
- name: Retag ${{ matrix.image }} Image | |
run: scripts/retag-image.sh ${{ matrix.image }} | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ghcr.io/${{ github.repository_owner }}/tiecd/${{ matrix.image }} | |
subject-digest: ${{ steps.docker-build.outputs.digest }} | |
push-to-registry: true | |
# cleans up untagged images, keeps all versioned images and main, and 3 rc images | |
cleanup-images: | |
name: cleanup-images | |
runs-on: ubuntu-latest | |
concurrency: | |
group: cleanup-images | |
needs: [image-build-single-arch,image-build-multi-arch] | |
steps: | |
- uses: dataaxiom/ghcr-cleanup-action@v1.0.11 | |
with: | |
packages: "tiecd/jdk8,tiecd/jdk11,tiecd/jdk17,tiecd/jdk21,tiecd/vercel,tiecd/base,tiecd/k8s,tiecd/okd,tiecd/gke,tiecd/eks,tiecd/aks,tiecd/node18,tiecd/node20" | |
delete-untagged: true | |
keep-n-tagged: 3 | |
exclude-tags: "^\\d+\\.\\d+\\.\\d+$|^latest$|^main$" | |
use-regex: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |