Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@devigned
devigned committed Mar 1, 2024
1 parent 84d0b15 commit af2c752
Show file tree
Hide file tree
Showing 2 changed files with 138 additions and 139 deletions.
276 changes: 137 additions & 139 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,150 +36,148 @@ jobs:
if: ${{ env.DRY_RUN }}
with:
fetch-depth: 0
- name: dry run parse
- name: parse
id: parse
if: ${{ env.DRY_RUN }}
shell: bash
# match the first wasmtime tag for dry run
run: |
ref=refs/tags/$(git describe --tags --abbrev=0 --match "containerd-shim-wasmtime/*")
./scripts/parse_ref.sh "${ref}" >> ${GITHUB_OUTPUT}
- uses: actions/checkout@v4
with:
ref: ${{ env.REF }}
- id: parse
if: ${{ !env.DRY_RUN }}
name: Parse ref
shell: bash
run: ./scripts/parse_ref.sh ${{ env.REF }} >> ${GITHUB_OUTPUT}

build-and-sign:
permissions:
# cosign uses the GitHub OIDC token
id-token: write
needs:
- parse
strategy:
matrix:
arch: ["x86_64", "aarch64"]
runs-on: "ubuntu-22.04"
steps:
- uses: actions/checkout@v3

- name: Setup build env
run: ./scripts/setup-linux.sh

- name: Setup rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1
env:
RUST_CACHE_KEY_OS: rust-release-cache-${{ needs.parse.outputs.crate }}-${{ matrix.arch }}
with:
rustflags: '' #Disable. By default this action sets environment variable is set to -D warnings. We manage this in the Makefile

- name: Setup cross-rs
run: ./scripts/setup-cross.sh ${{ matrix.arch }}-unknown-linux-musl

- name: Setup build profile
shell: bash
run: echo "OPT_PROFILE=release" >> ${GITHUB_ENV}

- name: Setup cosign for signing
uses: sigstore/[email protected]
with:
cosign-release: 'v2.2.2'

- name: Build
timeout-minutes: 20
run: make build-${{ needs.parse.outputs.runtime }}

- name: Test
if: ${{ matrix.arch == 'x86_64' }}
timeout-minutes: 10
run: make test-${{ needs.parse.outputs.runtime }}

- name: Sign the binary
if: ${{ needs.parse.outputs.runtime != 'wasm' }}
run: |
make dist-${{ needs.parse.outputs.runtime }}
# Check if there's any files to archive as tar fails otherwise
if stat dist/bin/* >/dev/null 2>&1; then
cosign sign-blob --yes \
--bundle containerd-shim-${{ needs.parse.outputs.runtime }}-v1.bundle \
dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}-v1
cosign sign-blob --yes \
--bundle containerd-shim-${{ needs.parse.outputs.runtime }}d-v1.bundle \
dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}d-v1
cosign sign-blob --yes \
--bundle containerd-${{ needs.parse.outputs.runtime }}d.bundle \
dist/bin/containerd-${{ needs.parse.outputs.runtime }}d
# Copy the certs to the dist/bin folder
cp *.sig dist/bin/
cp *.pem dist/bin/
if [[ DRY_RUN == 'true' ]]
then
./scripts/parse_ref.sh containerd-shim-wasmtime >> ${GITHUB_OUTPUT}
else
echo "No files to sign"
./scripts/parse_ref.sh ${{ github.ref }} >> ${GITHUB_OUTPUT}
fi
- name: Package artifacts
if: ${{ needs.parse.outputs.runtime != 'wasm' }}
shell: bash
run: |
# Check if there's any files to archive as tar fails otherwise
if stat dist/bin/* >/dev/null 2>&1; then
tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -C dist/bin .
else
tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -T /dev/null
fi
- name: Upload artifacts
if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN}}
uses: actions/upload-artifact@master
- uses: actions/checkout@v4
with:
name: containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}
path: dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz
ref: ${{ steps.parse.outputs.ref }}

release:
permissions:
contents: write
needs:
- build-and-sign
- parse
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup build env
run: ./scripts/setup-linux.sh
- name: Download artifacts
if: ${{ needs.parse.outputs.runtime != 'wasm' }}
uses: actions/download-artifact@master
with:
path: release
- name: Create release
if: ${{ !env.DRY_RUN }}
run: |
gh release create ${{ github.ref }} --generate-notes --prerelease
env:
GH_TOKEN: ${{ github.token }}
RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }}
- name: Upload release artifacts
if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN }}
run: |
for i in release/*/*; do
gh release upload ${RELEASE_NAME} $i
done
env:
GH_TOKEN: ${{ github.token }}
RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }}
- name: Cargo publish
if: ${{ !env.DRY_RUN }}
run: cargo publish --package ${{ needs.parse.outputs.crate }} --verbose --locked
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }}
- name: Check crates.io ownership
if: ${{ !env.DRY_RUN }}
run: |
cargo owner --add github:containerd:runwasi-committers ${{ needs.parse.outputs.crate }}
cargo owner --list ${{ needs.parse.outputs.crate }} | grep github:containerd:runwasi-committers
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }}
# build-and-sign:
# permissions:
# # cosign uses the GitHub OIDC token
# id-token: write
# needs:
# - parse
# strategy:
# matrix:
# arch: ["x86_64", "aarch64"]
# runs-on: "ubuntu-22.04"
# steps:
# - uses: actions/checkout@v3
#
# - name: Setup build env
# run: ./scripts/setup-linux.sh
#
# - name: Setup rust toolchain
# uses: actions-rust-lang/setup-rust-toolchain@v1
# env:
# RUST_CACHE_KEY_OS: rust-release-cache-${{ needs.parse.outputs.crate }}-${{ matrix.arch }}
# with:
# rustflags: '' #Disable. By default this action sets environment variable is set to -D warnings. We manage this in the Makefile
#
# - name: Setup cross-rs
# run: ./scripts/setup-cross.sh ${{ matrix.arch }}-unknown-linux-musl
#
# - name: Setup build profile
# shell: bash
# run: echo "OPT_PROFILE=release" >> ${GITHUB_ENV}
#
# - name: Setup cosign for signing
# uses: sigstore/[email protected]
# with:
# cosign-release: 'v2.2.2'
#
# - name: Build
# timeout-minutes: 20
# run: make build-${{ needs.parse.outputs.runtime }}
#
# - name: Test
# if: ${{ matrix.arch == 'x86_64' }}
# timeout-minutes: 10
# run: make test-${{ needs.parse.outputs.runtime }}
#
# - name: Sign the binary
# if: ${{ needs.parse.outputs.runtime != 'wasm' }}
# run: |
# make dist-${{ needs.parse.outputs.runtime }}
# # Check if there's any files to archive as tar fails otherwise
# if stat dist/bin/* >/dev/null 2>&1; then
# cosign sign-blob --yes \
# --bundle containerd-shim-${{ needs.parse.outputs.runtime }}-v1.bundle \
# dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}-v1
#
# cosign sign-blob --yes \
# --bundle containerd-shim-${{ needs.parse.outputs.runtime }}d-v1.bundle \
# dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}d-v1
#
# cosign sign-blob --yes \
# --bundle containerd-${{ needs.parse.outputs.runtime }}d.bundle \
# dist/bin/containerd-${{ needs.parse.outputs.runtime }}d
#
# # Copy the certs to the dist/bin folder
# cp *.sig dist/bin/
# cp *.pem dist/bin/
# else
# echo "No files to sign"
# fi
#
# - name: Package artifacts
# if: ${{ needs.parse.outputs.runtime != 'wasm' }}
# shell: bash
# run: |
# # Check if there's any files to archive as tar fails otherwise
# if stat dist/bin/* >/dev/null 2>&1; then
# tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -C dist/bin .
# else
# tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -T /dev/null
# fi
# - name: Upload artifacts
# if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN}}
# uses: actions/upload-artifact@master
# with:
# name: containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}
# path: dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz
#
# release:
# permissions:
# contents: write
# needs:
# - build-and-sign
# - parse
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: Setup build env
# run: ./scripts/setup-linux.sh
# - name: Download artifacts
# if: ${{ needs.parse.outputs.runtime != 'wasm' }}
# uses: actions/download-artifact@master
# with:
# path: release
# - name: Create release
# if: ${{ !env.DRY_RUN }}
# run: |
# gh release create ${{ github.ref }} --generate-notes --prerelease
# env:
# GH_TOKEN: ${{ github.token }}
# RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }}
# - name: Upload release artifacts
# if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN }}
# run: |
# for i in release/*/*; do
# gh release upload ${RELEASE_NAME} $i
# done
# env:
# GH_TOKEN: ${{ github.token }}
# RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }}
# - name: Cargo publish
# if: ${{ !env.DRY_RUN }}
# run: cargo publish --package ${{ needs.parse.outputs.crate }} --verbose --locked
# env:
# CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }}
# - name: Check crates.io ownership
# if: ${{ !env.DRY_RUN }}
# run: |
# cargo owner --add github:containerd:runwasi-committers ${{ needs.parse.outputs.crate }}
# cargo owner --list ${{ needs.parse.outputs.crate }} | grep github:containerd:runwasi-committers
# env:
# CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }}
1 change: 1 addition & 0 deletions scripts/parse_ref.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ TOMLVER="$(./scripts/version.sh "${CRATE}")"
echo "CRATE=${CRATE}"
echo "VERSION=${VERSION}"
echo "RUNTIME=${RUNTIME}"
echo "REF=${REF}"

if [ -z "${CRATE}" ]; then
echo "::error::Could not determine crate name from ref '${REF}'" >&2
Expand Down

0 comments on commit af2c752

Please sign in to comment.