containerd-shim-wasm@0.6.0 (DryRun:false) #103
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-action.json | |
name: Release | |
run-name: ${{ inputs.crate }}@${{ inputs.version }} (DryRun:${{ inputs.dry_run }}) | |
on: | |
workflow_dispatch: | |
inputs: | |
dry_run: | |
description: "Run the release without actually releasing bits" | |
type: boolean | |
default: true | |
crate: | |
description: "The crate to release" | |
required: true | |
type: choice | |
options: | |
- containerd-shim-wasm-test-modules | |
- oci-tar-builder | |
- containerd-shim-wasm | |
# shims | |
- containerd-shim-wasmer | |
- containerd-shim-wasmedge | |
- containerd-shim-wasmtime | |
version: | |
description: "The version of the crate to release. (e.g., 1.2.3)" | |
type: string | |
required: true | |
concurrency: | |
group: release-${{ github.workflow }}-${{ inputs.crate }}-${{ inputs.version }} | |
cancel-in-progress: true | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
pre-release: | |
name: pre-release checks | |
runs-on: "ubuntu-latest" | |
outputs: | |
crate: ${{ inputs.crate }} | |
runtime: ${{ steps.runtime_sub.outputs.runtime }} | |
version: ${{ inputs.version }} | |
### is_shim is a string, not a boolean, so use: is_shim == 'true' | |
is_shim: ${{ steps.runtime_sub.outputs.is_shim }} | |
steps: | |
- name: Fail if branch is not main | |
if: github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' | |
run: | | |
echo "::error::This workflow should not be triggered with workflow_dispatch on a branch other than main" | |
exit 1 | |
- uses: actions/checkout@v4 | |
### Determine the name of the runtime and if it is a binary release or crates.io | |
- name: verify version input | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const version = '${{ inputs.version }}'; | |
if(!version.match(/^[0-9]+.[0-9]+.*/)) { | |
core.setFailed(`The version '${version}' does not match regex /^[0-9]+.[0-9]+.*/.`); | |
} | |
- name: substring runtime | |
id: runtime_sub | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const crate = '${{ inputs.crate }}'; | |
const runtime = crate.replace(/^containerd-shim-/, ''); | |
const non_shim_crates = ['wasm', 'wasm-test-modules', 'oci-tar-builder']; | |
if (non_shim_crates.includes(runtime)) { | |
core.setOutput('runtime', 'common'); | |
core.setOutput('is_shim', false) | |
} else { | |
core.setOutput('runtime', runtime); | |
core.setOutput('is_shim', true); | |
} | |
### If we are releasing a crate rather than producing a bin, check for crates.io access | |
- name: Check crates.io ownership | |
if: ${{ steps.runtime_sub.outputs.is_shim != 'true' }} | |
run: | | |
cargo owner --list ${{ inputs.crate }} | grep github:containerd:runwasi-committers || \ | |
cargo owner --add github:containerd:runwasi-committers ${{ inputs.crate }} | |
env: | |
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} | |
- name: Verify version matches | |
run: | | |
if [ "$(grep -c "version = \"${{ inputs.version }}\"" crates/${{ inputs.crate }}/Cargo.toml)" -ne 1 ]; then | |
echo "::error::Version in Cargo.toml does not match the version input" | |
exit 1 | |
fi | |
build-and-sign: | |
permissions: | |
id-token: write | |
needs: | |
- pre-release | |
strategy: | |
matrix: | |
arch: ["x86_64", "aarch64"] | |
include: | |
- ${{ needs.pre-release.outputs }} | |
uses: ./.github/workflows/action-build.yml | |
with: | |
os: "ubuntu-22.04" | |
runtime: ${{ matrix.runtime }} | |
target: "${{ matrix.arch }}-unknown-linux-musl" | |
slug: "${{ matrix.arch }}-linux-musl" | |
arch: ${{ matrix.arch }} | |
sign: true | |
release: | |
permissions: | |
contents: write | |
needs: | |
- pre-release | |
- build-and-sign | |
strategy: | |
matrix: | |
os: ["ubuntu-latest"] | |
include: | |
- ${{ needs.pre-release.outputs }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Matrix description | |
run: | | |
echo "::notice::Running job with dry_run: '${{ inputs.dry_run }}', crate: '${{ matrix.crate }}', version: '${{ matrix.version }}', runtime: '${{ matrix.runtime }}', and is_shim: '${{ matrix.is_shim }}'." | |
- uses: actions/checkout@v4 | |
- name: Setup build env | |
run: ./scripts/setup-linux.sh | |
- name: Download artifacts | |
if: ${{ matrix.is_shim == 'true' }} | |
uses: actions/download-artifact@master | |
with: | |
path: release | |
- name: Cargo publish | |
if: ${{ matrix.is_shim != 'true' }} | |
run: cargo publish ${{ inputs.dry_run && '--dry-run' || '' }} --package ${{ matrix.crate }} --verbose --locked | |
env: | |
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} | |
- name: Tag the the release | |
if: ${{ !inputs.dry_run }} | |
run: | | |
git tag "${{matrix.crate}}/v${{matrix.version}}" | |
git push origin "${{matrix.crate}}/v${{matrix.version}}" | |
- name: Create release | |
if: ${{ !inputs.dry_run }} | |
run: | | |
gh release create 'refs/tags/${{matrix.crate}}/v${{matrix.version}}' --generate-notes | |
env: | |
GH_TOKEN: ${{ github.token }} | |
RELEASE_NAME: ${{ matrix.crate }}/v${{ matrix.version }} | |
- name: Upload release artifacts | |
if: ${{ matrix.is_shim == 'true' && !inputs.dry_run }} | |
run: | | |
for i in release/*/*; do | |
gh release upload ${RELEASE_NAME} $i | |
done | |
env: | |
GH_TOKEN: ${{ github.token }} | |
RELEASE_NAME: ${{ matrix.crate }}/v${{ matrix.version }} |