Skip to content

Commit

Permalink
Publish staging CLI on push (#65)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hanneary @lfarrel6
hanneary authored and lfarrel6 committed Dec 12, 2023
1 parent ec340ce commit a5bfdd8
Show file tree
Hide file tree
Showing 6 changed files with 328 additions and 212 deletions.
242 changes: 242 additions & 0 deletions .github/workflows/build-and-publish.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,242 @@
name: "Build and publish CLI"
on:
workflow_call:
inputs:
stage:
required: true
default: 'staging'
type: string
major-version:
required: true
type: string
full-version:
required: true
type: string
ev-domain:
required: true
type: string
secrets:
aws-cloudfront-distribution-id:
required: true
aws-access-key-id:
required: true
aws-secret-access-key:
required: true
evervault-rust-lib-index:
required: true
evervault-rust-lib-token:
required: true

env:
RUST_BACKTRACE: 1
WINDOWS_TARGET: x86_64-pc-windows-msvc
MACOS_TARGET: x86_64-apple-darwin
LINUX_TARGET: x86_64-unknown-linux-musl

# Directories to target during release
BIN_DIR: bin
RELEASE_DIR: release

jobs:
compile-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Install musl-tools
run: sudo apt-get install musl-tools

- name: Set up Rust
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: nightly-2023-09-13
override: true
target: ${{ env.LINUX_TARGET }}

- name: Download cached dependencies
uses: Swatinem/rust-cache@v2
with:
shared-key: "linux-cross-builds"

- name: Install cross
run: cargo install cross

- name: Inject Version
run: |
sh ./scripts/insert-cli-version.sh ${{ inputs.full-version }}
- name: Build and Compress cli
run: |
mkdir ${{ env.BIN_DIR }}
mkdir ${{ env.RELEASE_DIR }}
cross build --release --all-features --target ${{ env.LINUX_TARGET }} -Z registry-auth
mv ./target/${{ env.LINUX_TARGET }}/release/ev-cage ./${{ env.BIN_DIR }}/ev-cage
7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ./${{ env.RELEASE_DIR }}/ev-cage-${{ env.LINUX_TARGET }}-${{ inputs.full-version }}.tar.gz
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.evervault-rust-lib-index }}
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.evervault-rust-lib-token }}
CARGO_HOME: ${{ github.workspace }}/.cargo

- name: Upload as artifact
uses: actions/upload-artifact@v2
with:
name: linux
path: ./${{ env.RELEASE_DIR }}

compile-macos:
runs-on: macos-latest
steps:
- uses: actions/checkout@v3

- name: Inject Version
run: |
sh ./scripts/insert-cli-version.sh ${{ inputs.full-version }}
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly-2023-09-13
target: ${{ env.MACOS_TARGET }}
override: true

- name: Download cached dependencies
uses: Swatinem/rust-cache@v2
with:
shared-key: "macos-cross-builds"

- name: Build CLI MacOs Target
run: |
cargo install cross
cross build --release --all-features --target ${{ env.MACOS_TARGET }} -Z registry-auth
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.evervault-rust-lib-index }}
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.evervault-rust-lib-token }}

- name: Install 7z cli
run: brew install p7zip

- name: Setup directories
run: |
mkdir ${{ env.BIN_DIR }}
mkdir ${{ env.RELEASE_DIR }}
- name: Compress binary
run: |
mv target/${{env.MACOS_TARGET}}/release/ev-cage ${{ env.BIN_DIR }}/ev-cage
7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ${{ env.RELEASE_DIR }}/ev-cage-${{ env.MACOS_TARGET }}-${{ inputs.full-version }}.tar.gz
- name: Upload as artifact
uses: actions/upload-artifact@v2
with:
name: macos
path: ./${{ env.RELEASE_DIR }}

compile-windows:
runs-on: windows-latest
env:
VCPKGRS_DYNAMIC: 1
steps:
- uses: actions/checkout@v3

- name: Install Rust
run: rustup update --no-self-update stable && rustup default stable

- uses: actions-rs/toolchain@v1
with:
toolchain: nightly-2023-09-13
target: ${{ env.WINDOWS_TARGET }}
override: true

- name: Inject Version
run: |
sh ./scripts/insert-cli-version.sh ${{ inputs.full-version }}
- name: Download cached dependencies
uses: Swatinem/rust-cache@v2
with:
shared-key: "windows-cross-builds"

- name: Fetch dependencies
run: cargo fetch -Z registry-auth
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.evervault-rust-lib-index }}
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.evervault-rust-lib-token }}

- name: Build CLI for Windows
run: |
cargo install cross
cross build --release --all-features --target ${{ env.WINDOWS_TARGET }} -Z registry-auth
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.evervault-rust-lib-index }}
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.evervault-rust-lib-token }}

- name: Setup directories
shell: bash
run: |
mkdir ${{ env.BIN_DIR }}
mkdir ${{ env.RELEASE_DIR }}
- name: Compress
shell: bash
run: |
mv target/${{ env.WINDOWS_TARGET }}/release/ev-cage.exe ${{ env.BIN_DIR }}/ev-cage.exe
7z a -ttar -so -an ./${{ env.BIN_DIR }} | 7z a -si ./${{ env.RELEASE_DIR }}/ev-cage-${{ env.WINDOWS_TARGET }}-${{ inputs.full-version }}.tar.gz
- name: Upload as artifact
uses: actions/upload-artifact@v2
with:
name: windows
path: ./${{ env.RELEASE_DIR }}


upload-artifacts-to-s3:
needs: [ compile-ubuntu, compile-macos, compile-windows ]
runs-on: ubuntu-latest
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.aws-access-key-id }}
aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
aws-region: us-east-1

- name: Download MacOS Artifacts
uses: actions/download-artifact@v1
with:
name: macos

- name: Download Linux Artifacts
uses: actions/download-artifact@v1
with:
name: linux

- name: Download Windows Artifacts
uses: actions/download-artifact@v1
with:
name: windows

- name: Upload Windows CLI to S3
run: |
aws s3 cp ./windows/ev-cage-${{ env.WINDOWS_TARGET }}-${{ inputs.full-version }}.tar.gz s3://cage-build-assets-${{ inputs.stage }}/cli/${{ inputs.full-version }}/${{ inputs.full-version}}/${{ env.WINDOWS_TARGET }}/ev-cage.tar.gz
- name: Upload MacOS CLI to S3
run: |
aws s3 cp ./macos/ev-cage-${{ env.MACOS_TARGET }}-${{ inputs.full-version }}.tar.gz s3://cage-build-assets-${{ inputs.stage }}/cli/${{ inputs.full-version }}/${{ inputs.full-version }}/${{ env.MACOS_TARGET }}/ev-cage.tar.gz
- name: Upload Ubuntu CLI to S3
run: |
aws s3 cp ./linux/ev-cage-${{ env.LINUX_TARGET }}-${{ inputs.full-version }}.tar.gz s3://cage-build-assets-${{ inputs.stage }}/cli/${{ inputs.major-version }}/${{ inputs.full-version }}/${{ env.LINUX_TARGET }}/ev-cage.tar.gz
- uses: actions/checkout@v3
- name: Update install script in S3
run: |
sh ./scripts/generate-installer.sh ${{ inputs.full-version }} ${{ inputs.major-version }} ${{ inputs.ev-domain }}
sh ./scripts/update-versions.sh ${{ inputs.full-version }}
aws s3 cp scripts/install s3://cage-build-assets-${{ inputs.stage }}/cli/${{ inputs.major-version }}/${{ inputs.full-version }}/install
aws s3 cp scripts/install s3://cage-build-assets-${{ inputs.stage }}/cli/install
aws s3 cp scripts/version s3://cage-build-assets-${{ inputs.stage }}/cli/${{ inputs.major-version }}/version
aws s3 cp scripts/version s3://cage-build-assets-${{ inputs.stage }}/cli/version
aws s3 cp scripts/versions s3://cage-build-assets-${{ inputs.stage }}/cli/versions
aws cloudfront create-invalidation --distribution-id ${{ secrets.aws-cloudfront-distribution-id }} --paths "/cli/install" "/cli/version" "/cli/versions"
1 change: 1 addition & 0 deletions .github/workflows/lint-and-test-cli.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ on:
- .github/workflows/lint-and-test-cli.yml
- Cargo.toml
name: Lint and Test CLI

jobs:
clippy_check_cli:
runs-on: ubuntu-latest
Expand Down
61 changes: 61 additions & 0 deletions .github/workflows/release-cli-version-staging.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
on:
push:
branches:
- main

jobs:
clippy_check_cli:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-hub/docker/cli@f5fdbfc3f9d2a9265ead8962c1314108a7b7ec5d
env:
SKIP_LOGIN: true
- uses: actions-rs/toolchain@v1
with:
toolchain: nightly-2023-09-13
override: true
components: rustfmt, clippy
- name: Compile project
run: cargo build --all-features -p ev-cage -Z registry-auth
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }}
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN: ${{ secrets.CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN }}
- name: Test project
run: cargo test -p ev-cage
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }}
- name: Format project
run: cargo fmt --check
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }}
- name: Lint project
run: cargo clippy
env:
CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_INDEX: ${{ secrets.RUST_CRYPTO_REGISTRY }}

get-version:
needs: [clippy_check_cli]
runs-on: ubuntu-latest
outputs:
full_version: ${{ steps.get-full-version.outputs.full_version }}
steps:
- id: get-full-version
run: |
echo "using sha tag ${GITHUB_SHA::6}"
echo ::set-output name=full_version::1.0.0-${GITHUB_SHA::6}
build-and-deploy:
needs: [get-version]
uses: ./.github/workflows/build-and-publish.yml
with:
stage: 'staging'
major-version: '1'
full-version: "${{ needs.get-version.outputs.full_version }}"
ev-domain: 'evervault.io'
secrets:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_STAGING }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGING }}
aws-cloudfront-distribution-id: ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID_STAGING }}
evervault-rust-lib-index: ${{ secrets.RUST_CRYPTO_REGISTRY }}
evervault-rust-lib-token: ${{ secrets.CARGO_REGISTRIES_EVERVAULT_RUST_LIBRARIES_TOKEN }}
Loading

0 comments on commit a5bfdd8

Please sign in to comment.