Release #529
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- "*.*.*" | |
# Running from workflow dispatch (AKA manual) will not publish anything. | |
# This is intended for testing changes to this flow. | |
workflow_dispatch: | |
jobs: | |
build_binaries_aarch64-unknown-linux-gnu: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
rustflags: "" | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: cross | |
# building layer and cli together leads to weird situation where embedded layer is x64, so split. | |
- name: build mirrord-layer | |
run: RUSTFLAGS="$RUSTFLAGS -A dead_code" cross build --release -p mirrord-layer --target=aarch64-unknown-linux-gnu | |
- name: build mirrord cli | |
env: | |
MIRRORD_LAYER_FILE: ../../../target/aarch64-unknown-linux-gnu/release/libmirrord_layer.so | |
run: RUSTFLAGS="$RUSTFLAGS -A dead_code" cross build --release -p mirrord --target=aarch64-unknown-linux-gnu | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: aarch64-unknown-linux-gnu | |
path: | | |
target/aarch64-unknown-linux-gnu/release/mirrord | |
target/aarch64-unknown-linux-gnu/release/libmirrord_layer.so | |
if-no-files-found: error | |
build_binaries_x86_64-unknown-linux-gnu: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
rustflags: "" | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: cross | |
- name: build mirrord-layer and cli | |
run: cross build --release -p mirrord -p mirrord-layer --target=x86_64-unknown-linux-gnu | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: x86_64-unknown-linux-gnu | |
path: | | |
target/x86_64-unknown-linux-gnu/release/mirrord | |
target/x86_64-unknown-linux-gnu/release/libmirrord_layer.so | |
if-no-files-found: error | |
build_binaries_macos: | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: rm rust-toolchain.toml | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
target: x86_64-apple-darwin,aarch64-apple-darwin | |
toolchain: nightly-2024-10-11 | |
rustflags: "" | |
- name: Import Code-Signing Certificates | |
uses: Apple-Actions/import-codesign-certs@v3 | |
with: | |
# The certificates in a PKCS12 file encoded as a base64 string | |
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
# The password used to import the PKCS12 file. | |
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
- name: Install gon via HomeBrew for code signing and app notarization | |
run: | | |
brew tap mitchellh/gon | |
brew install mitchellh/gon/gon | |
# Instead of spoofing an arm64e by changing bits, we now use a code shim compiled as arm64e that loads the arm64 layer | |
- name: build mirrord-layer x86-64, arm and code shim | |
run: | | |
cargo +nightly-2024-10-11 build --release -p mirrord-layer --target=aarch64-apple-darwin | |
cargo +nightly-2024-10-11 build --release -p mirrord-layer --target=x86_64-apple-darwin | |
clang -arch arm64e -dynamiclib -o target/aarch64-apple-darwin/release/shim.dylib mirrord/layer/shim.c | |
- name: Sign layer binaries and code shim | |
env: | |
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }} | |
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }} | |
run: gon -log-level=debug -log-json .github/workflows/arch_dylib_sign.json | |
- name: create universal target dir | |
run: mkdir -p /tmp/target/universal-apple-darwin/release | |
- name: create universal dylib | |
run: lipo -create -output /tmp/target/universal-apple-darwin/release/libmirrord_layer.dylib target/aarch64-apple-darwin/release/shim.dylib target/aarch64-apple-darwin/release/libmirrord_layer.dylib target/x86_64-apple-darwin/release/libmirrord_layer.dylib | |
- name: Sign layer universal | |
env: | |
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }} | |
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }} | |
run: gon -log-level=debug -log-json .github/workflows/universal_dylib_sign.json | |
- name: build macOS arm cli with universal dylib | |
env: | |
MIRRORD_LAYER_FILE: /tmp/target/universal-apple-darwin/release/libmirrord_layer.dylib | |
MIRRORD_LAYER_FILE_MACOS_ARM64: ../../../target/aarch64-apple-darwin/release/libmirrord_layer.dylib | |
run: cargo +nightly-2024-10-11 build --release -p mirrord --target=aarch64-apple-darwin | |
- name: build macOS x86-64 cli with universal dylib | |
env: | |
MIRRORD_LAYER_FILE: /tmp/target/universal-apple-darwin/release/libmirrord_layer.dylib | |
run: cargo +nightly-2024-10-11 build --release -p mirrord --target=x86_64-apple-darwin | |
- name: Sign cli binaries | |
env: | |
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }} | |
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }} | |
run: gon -log-level=debug -log-json .github/workflows/arch_cli_sign.json | |
- name: create universal macOS cli | |
run: lipo -create -output /tmp/target/universal-apple-darwin/release/mirrord target/aarch64-apple-darwin/release/mirrord target/x86_64-apple-darwin/release/mirrord | |
- name: Sign universal cli | |
env: | |
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER }} | |
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_PASSWORD }} | |
run: gon -log-level=debug -log-json .github/workflows/universal_cli_sign.json | |
- name: adjust directory layout for upload | |
run: cp -rf /tmp/target . | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: universal-apple-darwin | |
path: | | |
target/universal-apple-darwin/release/mirrord | |
target/universal-apple-darwin/release/libmirrord_layer.dylib | |
if-no-files-found: error | |
release_docker_image: | |
runs-on: ubuntu-24.04 | |
permissions: | |
packages: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get release version | |
run: | | |
echo "version=$(grep -m 1 version Cargo.toml | cut -d' ' -f3 | tr -d '\"')" >> $GITHUB_OUTPUT | |
id: version | |
- name: Build and push (test) | |
if: github.event_name == 'workflow_dispatch' | |
uses: docker/build-push-action@v6 | |
with: | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
file: mirrord/agent/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
ghcr.io/metalbear-co/mirrord-staging:${{ github.sha }} | |
- name: Build and push (final/release) | |
if: github.event_name != 'workflow_dispatch' | |
uses: docker/build-push-action@v6 | |
with: | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
file: mirrord/agent/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
ghcr.io/metalbear-co/mirrord:latest | |
ghcr.io/metalbear-co/mirrord:${{ steps.version.outputs.version }} | |
release_cli_docker_image: | |
runs-on: ubuntu-24.04 | |
permissions: | |
packages: write | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get release version | |
run: | | |
echo "version=$(grep -m 1 version Cargo.toml | cut -d' ' -f3 | tr -d '\"')" >> $GITHUB_OUTPUT | |
id: version | |
- name: Build and push (test) | |
if: github.event_name == 'workflow_dispatch' | |
uses: docker/build-push-action@v6 | |
with: | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
file: mirrord/cli/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
ghcr.io/metalbear-co/mirrord-cli-staging:${{ github.sha }} | |
- name: Build and push (final/release) | |
if: github.event_name != 'workflow_dispatch' | |
uses: docker/build-push-action@v6 | |
with: | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
file: mirrord/cli/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
ghcr.io/metalbear-co/mirrord-cli:${{ steps.version.outputs.version }} | |
release_gh: | |
needs: | |
[ | |
build_binaries_aarch64-unknown-linux-gnu, | |
build_binaries_x86_64-unknown-linux-gnu, | |
build_binaries_macos, | |
release_docker_image, | |
release_cli_docker_image, | |
] | |
runs-on: ubuntu-24.04 | |
if: github.event_name != 'workflow_dispatch' | |
permissions: | |
packages: write | |
contents: write | |
deployments: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/artifacts | |
pattern: +(*-unknown-linux-gnu|*-apple-darwin) | |
- uses: montudor/action-zip@v1 | |
- name: Create mirrord linux-x64 zip file | |
run: | | |
zip mirrord_linux_x86_64.zip mirrord | |
shasum -a 256 mirrord_linux_x86_64.zip > mirrord_linux_x86_64.shasum256 | |
working-directory: /tmp/artifacts/x86_64-unknown-linux-gnu | |
- name: Create mirrord linux-aarch64 zip file | |
run: | | |
zip mirrord_linux_aarch64.zip mirrord | |
shasum -a 256 mirrord_linux_aarch64.zip > mirrord_linux_aarch64.shasum256 | |
working-directory: /tmp/artifacts/aarch64-unknown-linux-gnu | |
- name: Create mirrord macos zip file | |
run: | | |
zip mirrord_mac_universal.zip mirrord | |
shasum -a 256 mirrord_mac_universal.zip > mirrord_mac_universal.shasum256 | |
working-directory: /tmp/artifacts/universal-apple-darwin | |
# used for the homebrew formula | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: shasum | |
path: | | |
/tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.shasum256 | |
/tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.shasum256 | |
/tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.shasum256 | |
if-no-files-found: error | |
- name: Prepare binaries for upload | |
run: | | |
mkdir /tmp/release | |
mv /tmp/artifacts/x86_64-unknown-linux-gnu/libmirrord_layer.so /tmp/release/libmirrord_layer_linux_x86_64.so | |
mv /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord /tmp/release/mirrord_linux_x86_64 | |
mv /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.zip /tmp/release/mirrord_linux_x86_64.zip | |
mv /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.shasum256 /tmp/release/mirrord_linux_x86_64.shasum256 | |
mv /tmp/artifacts/aarch64-unknown-linux-gnu/libmirrord_layer.so /tmp/release/libmirrord_layer_linux_aarch64.so | |
mv /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord /tmp/release/mirrord_linux_aarch64 | |
mv /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.zip /tmp/release/mirrord_linux_aarch64.zip | |
mv /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.shasum256 /tmp/release/mirrord_linux_aarch64.shasum256 | |
mv /tmp/artifacts/universal-apple-darwin/libmirrord_layer.dylib /tmp/release/libmirrord_layer_mac_universal.dylib | |
mv /tmp/artifacts/universal-apple-darwin/mirrord /tmp/release/mirrord_mac_universal | |
mv /tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.zip /tmp/release/mirrord_mac_universal.zip | |
mv /tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.shasum256 /tmp/release/mirrord_mac_universal.shasum256 | |
# Consider to add changelog generation.. | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: /tmp/release/** | |
release_homebrew: | |
needs: release_gh | |
runs-on: ubuntu-24.04 | |
if: github.event_name != 'workflow_dispatch' | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: shasum | |
path: /tmp/artifacts | |
- uses: actions/checkout@v4 | |
- name: Get release version and hashes | |
shell: bash # for -o pipefail, see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
run: | | |
echo "version=$(grep -m 1 version Cargo.toml | cut -d' ' -f3 | tr -d '\"' | cut -d'-' -f1)" >> $GITHUB_ENV | |
echo "sha256_mac=$(cat /tmp/artifacts/universal-apple-darwin/mirrord_mac_universal.shasum256 | awk '{ print $1 }')" >> $GITHUB_ENV | |
echo "sha256_linux_aarch64=$(cat /tmp/artifacts/aarch64-unknown-linux-gnu/mirrord_linux_aarch64.shasum256 | awk '{ print $1 }')" >> $GITHUB_ENV | |
echo "sha256_linux_x86_64=$(cat /tmp/artifacts/x86_64-unknown-linux-gnu/mirrord_linux_x86_64.shasum256 | awk '{ print $1 }')" >> $GITHUB_ENV | |
- name: Checkout into homebrew-mirrord | |
uses: actions/checkout@v4 | |
with: | |
repository: metalbear-co/homebrew-mirrord | |
path: ./ | |
token: ${{ secrets.BREW_GITHUB_PAT }} | |
- name: Update hashes and urls | |
run: | | |
sed -i -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\)/${{ env.version }}/g' mirrord.rb | |
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.sha256_mac }}/1' mirrord.rb | |
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.sha256_linux_aarch64 }}/2' mirrord.rb | |
sed -z -i -e 's/[0-9a-f]\{64\}/${{ env.sha256_linux_x86_64 }}/3' mirrord.rb | |
- name: Display formula (For debugging purposes only) | |
run: cat mirrord.rb | |
- name: Commit to metalbear-co/homebrew-mirrord | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "Eyal Bukchin" | |
git add . | |
git commit -m "Update to ${{ env.version }}" | |
git push | |
update_latest: | |
needs: release_homebrew | |
runs-on: ubuntu-24.04 | |
if: github.event_name != 'workflow_dispatch' | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
# Get complete history | |
fetch-depth: 0 | |
- name: Update major version and latest tags | |
uses: metalbear-co/release-tracker-action@main | |
env: | |
# GitHub token to enable pushing tags | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
# Move "latest" tag | |
update-latest: true | |
# Don't update the vX.Y tags | |
update-minor: false |