From af2c752960f0c2adf52528a6317a10aa18980777 Mon Sep 17 00:00:00 2001 From: David Justice Date: Fri, 1 Mar 2024 14:10:34 -0500 Subject: [PATCH] wip --- .github/workflows/release.yml | 276 +++++++++++++++++----------------- scripts/parse_ref.sh | 1 + 2 files changed, 138 insertions(+), 139 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 89d226ec4..3efcdf498 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,150 +36,148 @@ jobs: if: ${{ env.DRY_RUN }} with: fetch-depth: 0 - - name: dry run parse + - name: parse id: parse - if: ${{ env.DRY_RUN }} shell: bash # match the first wasmtime tag for dry run run: | - ref=refs/tags/$(git describe --tags --abbrev=0 --match "containerd-shim-wasmtime/*") - ./scripts/parse_ref.sh "${ref}" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@v4 - with: - ref: ${{ env.REF }} - - id: parse - if: ${{ !env.DRY_RUN }} - name: Parse ref - shell: bash - run: ./scripts/parse_ref.sh ${{ env.REF }} >> ${GITHUB_OUTPUT} - - build-and-sign: - permissions: - # cosign uses the GitHub OIDC token - id-token: write - needs: - - parse - strategy: - matrix: - arch: ["x86_64", "aarch64"] - runs-on: "ubuntu-22.04" - steps: - - uses: actions/checkout@v3 - - - name: Setup build env - run: ./scripts/setup-linux.sh - - - name: Setup rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@v1 - env: - RUST_CACHE_KEY_OS: rust-release-cache-${{ needs.parse.outputs.crate }}-${{ matrix.arch }} - with: - rustflags: '' #Disable. By default this action sets environment variable is set to -D warnings. We manage this in the Makefile - - - name: Setup cross-rs - run: ./scripts/setup-cross.sh ${{ matrix.arch }}-unknown-linux-musl - - - name: Setup build profile - shell: bash - run: echo "OPT_PROFILE=release" >> ${GITHUB_ENV} - - - name: Setup cosign for signing - uses: sigstore/cosign-installer@v3.3.0 - with: - cosign-release: 'v2.2.2' - - - name: Build - timeout-minutes: 20 - run: make build-${{ needs.parse.outputs.runtime }} - - - name: Test - if: ${{ matrix.arch == 'x86_64' }} - timeout-minutes: 10 - run: make test-${{ needs.parse.outputs.runtime }} - - - name: Sign the binary - if: ${{ needs.parse.outputs.runtime != 'wasm' }} - run: | - make dist-${{ needs.parse.outputs.runtime }} - # Check if there's any files to archive as tar fails otherwise - if stat dist/bin/* >/dev/null 2>&1; then - cosign sign-blob --yes \ - --bundle containerd-shim-${{ needs.parse.outputs.runtime }}-v1.bundle \ - dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}-v1 - - cosign sign-blob --yes \ - --bundle containerd-shim-${{ needs.parse.outputs.runtime }}d-v1.bundle \ - dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}d-v1 - - cosign sign-blob --yes \ - --bundle containerd-${{ needs.parse.outputs.runtime }}d.bundle \ - dist/bin/containerd-${{ needs.parse.outputs.runtime }}d - - # Copy the certs to the dist/bin folder - cp *.sig dist/bin/ - cp *.pem dist/bin/ + if [[ DRY_RUN == 'true' ]] + then + ./scripts/parse_ref.sh containerd-shim-wasmtime >> ${GITHUB_OUTPUT} else - echo "No files to sign" + ./scripts/parse_ref.sh ${{ github.ref }} >> ${GITHUB_OUTPUT} fi - - - name: Package artifacts - if: ${{ needs.parse.outputs.runtime != 'wasm' }} - shell: bash - run: | - # Check if there's any files to archive as tar fails otherwise - if stat dist/bin/* >/dev/null 2>&1; then - tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -C dist/bin . - else - tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -T /dev/null - fi - - name: Upload artifacts - if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN}} - uses: actions/upload-artifact@master + - uses: actions/checkout@v4 with: - name: containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }} - path: dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz + ref: ${{ steps.parse.outputs.ref }} - release: - permissions: - contents: write - needs: - - build-and-sign - - parse - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Setup build env - run: ./scripts/setup-linux.sh - - name: Download artifacts - if: ${{ needs.parse.outputs.runtime != 'wasm' }} - uses: actions/download-artifact@master - with: - path: release - - name: Create release - if: ${{ !env.DRY_RUN }} - run: | - gh release create ${{ github.ref }} --generate-notes --prerelease - env: - GH_TOKEN: ${{ github.token }} - RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }} - - name: Upload release artifacts - if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN }} - run: | - for i in release/*/*; do - gh release upload ${RELEASE_NAME} $i - done - env: - GH_TOKEN: ${{ github.token }} - RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }} - - name: Cargo publish - if: ${{ !env.DRY_RUN }} - run: cargo publish --package ${{ needs.parse.outputs.crate }} --verbose --locked - env: - CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} - - name: Check crates.io ownership - if: ${{ !env.DRY_RUN }} - run: | - cargo owner --add github:containerd:runwasi-committers ${{ needs.parse.outputs.crate }} - cargo owner --list ${{ needs.parse.outputs.crate }} | grep github:containerd:runwasi-committers - env: - CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} +# build-and-sign: +# permissions: +# # cosign uses the GitHub OIDC token +# id-token: write +# needs: +# - parse +# strategy: +# matrix: +# arch: ["x86_64", "aarch64"] +# runs-on: "ubuntu-22.04" +# steps: +# - uses: actions/checkout@v3 +# +# - name: Setup build env +# run: ./scripts/setup-linux.sh +# +# - name: Setup rust toolchain +# uses: actions-rust-lang/setup-rust-toolchain@v1 +# env: +# RUST_CACHE_KEY_OS: rust-release-cache-${{ needs.parse.outputs.crate }}-${{ matrix.arch }} +# with: +# rustflags: '' #Disable. By default this action sets environment variable is set to -D warnings. We manage this in the Makefile +# +# - name: Setup cross-rs +# run: ./scripts/setup-cross.sh ${{ matrix.arch }}-unknown-linux-musl +# +# - name: Setup build profile +# shell: bash +# run: echo "OPT_PROFILE=release" >> ${GITHUB_ENV} +# +# - name: Setup cosign for signing +# uses: sigstore/cosign-installer@v3.3.0 +# with: +# cosign-release: 'v2.2.2' +# +# - name: Build +# timeout-minutes: 20 +# run: make build-${{ needs.parse.outputs.runtime }} +# +# - name: Test +# if: ${{ matrix.arch == 'x86_64' }} +# timeout-minutes: 10 +# run: make test-${{ needs.parse.outputs.runtime }} +# +# - name: Sign the binary +# if: ${{ needs.parse.outputs.runtime != 'wasm' }} +# run: | +# make dist-${{ needs.parse.outputs.runtime }} +# # Check if there's any files to archive as tar fails otherwise +# if stat dist/bin/* >/dev/null 2>&1; then +# cosign sign-blob --yes \ +# --bundle containerd-shim-${{ needs.parse.outputs.runtime }}-v1.bundle \ +# dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}-v1 +# +# cosign sign-blob --yes \ +# --bundle containerd-shim-${{ needs.parse.outputs.runtime }}d-v1.bundle \ +# dist/bin/containerd-shim-${{ needs.parse.outputs.runtime }}d-v1 +# +# cosign sign-blob --yes \ +# --bundle containerd-${{ needs.parse.outputs.runtime }}d.bundle \ +# dist/bin/containerd-${{ needs.parse.outputs.runtime }}d +# +# # Copy the certs to the dist/bin folder +# cp *.sig dist/bin/ +# cp *.pem dist/bin/ +# else +# echo "No files to sign" +# fi +# +# - name: Package artifacts +# if: ${{ needs.parse.outputs.runtime != 'wasm' }} +# shell: bash +# run: | +# # Check if there's any files to archive as tar fails otherwise +# if stat dist/bin/* >/dev/null 2>&1; then +# tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -C dist/bin . +# else +# tar -czf dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz -T /dev/null +# fi +# - name: Upload artifacts +# if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN}} +# uses: actions/upload-artifact@master +# with: +# name: containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }} +# path: dist/containerd-shim-${{ needs.parse.outputs.runtime }}-${{ matrix.arch }}.tar.gz +# +# release: +# permissions: +# contents: write +# needs: +# - build-and-sign +# - parse +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v3 +# - name: Setup build env +# run: ./scripts/setup-linux.sh +# - name: Download artifacts +# if: ${{ needs.parse.outputs.runtime != 'wasm' }} +# uses: actions/download-artifact@master +# with: +# path: release +# - name: Create release +# if: ${{ !env.DRY_RUN }} +# run: | +# gh release create ${{ github.ref }} --generate-notes --prerelease +# env: +# GH_TOKEN: ${{ github.token }} +# RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }} +# - name: Upload release artifacts +# if: ${{ needs.parse.outputs.runtime != 'wasm' && !env.DRY_RUN }} +# run: | +# for i in release/*/*; do +# gh release upload ${RELEASE_NAME} $i +# done +# env: +# GH_TOKEN: ${{ github.token }} +# RELEASE_NAME: ${{ needs.parse.outputs.crate }}/${{ needs.parse.outputs.version }} +# - name: Cargo publish +# if: ${{ !env.DRY_RUN }} +# run: cargo publish --package ${{ needs.parse.outputs.crate }} --verbose --locked +# env: +# CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} +# - name: Check crates.io ownership +# if: ${{ !env.DRY_RUN }} +# run: | +# cargo owner --add github:containerd:runwasi-committers ${{ needs.parse.outputs.crate }} +# cargo owner --list ${{ needs.parse.outputs.crate }} | grep github:containerd:runwasi-committers +# env: +# CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} diff --git a/scripts/parse_ref.sh b/scripts/parse_ref.sh index 561d27fac..cbc668ca8 100755 --- a/scripts/parse_ref.sh +++ b/scripts/parse_ref.sh @@ -35,6 +35,7 @@ TOMLVER="$(./scripts/version.sh "${CRATE}")" echo "CRATE=${CRATE}" echo "VERSION=${VERSION}" echo "RUNTIME=${RUNTIME}" +echo "REF=${REF}" if [ -z "${CRATE}" ]; then echo "::error::Could not determine crate name from ref '${REF}'" >&2